[ 86.495069][ T77] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:47710' (ED25519) to the list of known hosts.
2025/05/23 00:25:52 ignoring optional flag "sandboxArg"="0"
2025/05/23 00:25:53 parsed 1 programs
[ 92.035601][ T40] kauditd_printk_skb: 28 callbacks suppressed
[ 92.035618][ T40] audit: type=1400 audit(1747959955.363:122): avc: denied { unlink } for pid=6217 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 93.159870][ T6217] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 95.189230][ T40] audit: type=1401 audit(1747959958.513:123): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 95.650768][ T6031] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.656122][ T6031] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.662077][ T6031] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.666751][ T6031] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.670078][ T6031] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 96.421143][ T6302] chnl_net:caif_netlink_parms(): no params data found
[ 96.545832][ T6302] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.548964][ T6302] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.552004][ T6302] bridge_slave_0: entered allmulticast mode
[ 96.556210][ T6302] bridge_slave_0: entered promiscuous mode
[ 96.560208][ T6302] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.562912][ T6302] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.566295][ T6302] bridge_slave_1: entered allmulticast mode
[ 96.570175][ T6302] bridge_slave_1: entered promiscuous mode
[ 96.625079][ T6302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.629755][ T6302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.667336][ T6302] team0: Port device team_slave_0 added
[ 96.672798][ T6302] team0: Port device team_slave_1 added
[ 96.712413][ T6302] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.715033][ T6302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.724149][ T6302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.728985][ T6302] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.731506][ T6302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.741167][ T6302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.836749][ T6302] hsr_slave_0: entered promiscuous mode
[ 96.839005][ T6302] hsr_slave_1: entered promiscuous mode
[ 97.418756][ T6302] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.424054][ T6302] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.429023][ T6302] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.440824][ T6302] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.488108][ T6302] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.502645][ T6302] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.510922][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.513307][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.520687][ T1234] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.523502][ T1234] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.692891][ T6302] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 97.728075][ T6302] veth0_vlan: entered promiscuous mode
[ 97.733404][ T6302] veth1_vlan: entered promiscuous mode
[ 97.748447][ T6302] veth0_macvtap: entered promiscuous mode
[ 97.752196][ T6302] veth1_macvtap: entered promiscuous mode
[ 97.762489][ T6302] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 97.769715][ T6302] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 97.776131][ T6302] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.778937][ T6302] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.781661][ T6302] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.785022][ T6302] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.882404][ T1141] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.947587][ T1234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.950895][ T1234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.969502][ T1141] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.000445][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.003481][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.050889][ T1141] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.157804][ T1141] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/05/23 00:26:01 executed programs: 0
[ 98.378556][ T6031] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.381687][ T6031] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.386491][ T6031] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.389813][ T6031] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.392857][ T6031] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 98.545087][ T6378] chnl_net:caif_netlink_parms(): no params data found
[ 98.676156][ T6378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.679133][ T6378] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.682049][ T6378] bridge_slave_0: entered allmulticast mode
[ 98.686466][ T6378] bridge_slave_0: entered promiscuous mode
[ 98.690856][ T6378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.693823][ T6378] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.696917][ T6378] bridge_slave_1: entered allmulticast mode
[ 98.700839][ T6378] bridge_slave_1: entered promiscuous mode
[ 98.748585][ T6378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 98.755472][ T6378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 98.817235][ T6378] team0: Port device team_slave_0 added
[ 98.823431][ T6378] team0: Port device team_slave_1 added
[ 98.880463][ T6378] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 98.883527][ T6378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.894197][ T6378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.900159][ T6378] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.905664][ T6378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.918280][ T6378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.975211][ T6378] hsr_slave_0: entered promiscuous mode
[ 98.978018][ T6378] hsr_slave_1: entered promiscuous mode
[ 98.980212][ T6378] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 98.982619][ T6378] Cannot create hsr debugfs directory
[ 100.413170][ T5287] Bluetooth: hci0: command tx timeout
[ 101.328463][ T1141] bridge_slave_1: left allmulticast mode
[ 101.330845][ T1141] bridge_slave_1: left promiscuous mode
[ 101.333692][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.338878][ T1141] bridge_slave_0: left allmulticast mode
[ 101.341267][ T1141] bridge_slave_0: left promiscuous mode
[ 101.344138][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.539344][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.545735][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.550452][ T1141] bond0 (unregistering): Released all slaves
[ 101.720494][ T1141] hsr_slave_0: left promiscuous mode
[ 101.723766][ T1141] hsr_slave_1: left promiscuous mode
[ 101.726533][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.729615][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.733598][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.736717][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.758235][ T1141] veth1_macvtap: left promiscuous mode
[ 101.760632][ T1141] veth0_macvtap: left promiscuous mode
[ 101.762854][ T1141] veth1_vlan: left promiscuous mode
[ 101.765714][ T1141] veth0_vlan: left promiscuous mode
[ 102.208184][ T1141] team0 (unregistering): Port device team_slave_1 removed
[ 102.250255][ T1141] team0 (unregistering): Port device team_slave_0 removed
[ 102.494959][ T5287] Bluetooth: hci0: command tx timeout
[ 102.987020][ T6378] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.992707][ T6378] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.997586][ T6378] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 103.002728][ T6378] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.048212][ T6378] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.056990][ T6378] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.065296][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.068306][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.075750][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.078404][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.236541][ T6378] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.273216][ T6378] veth0_vlan: entered promiscuous mode
[ 103.279732][ T6378] veth1_vlan: entered promiscuous mode
[ 103.307662][ T6378] veth0_macvtap: entered promiscuous mode
[ 103.330456][ T6378] veth1_macvtap: entered promiscuous mode
[ 103.342155][ T6378] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.350485][ T6378] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.355986][ T6378] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.359579][ T6378] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.363303][ T6378] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.366259][ T6378] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.429255][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.432399][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.446880][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.449391][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/05/23 00:26:06 executed programs: 2
[ 103.471893][ T40] audit: type=1400 audit(1747959966.793:124): avc: denied { create } for pid=6509 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 103.534563][ T6510] FAULT_INJECTION: forcing a failure.
[ 103.534563][ T6510] name failslab, interval 1, probability 0, space 0, times 1
[ 103.538565][ T6510] CPU: 0 UID: 0 PID: 6510 Comm: syz.0.16 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full)
[ 103.538580][ T6510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 103.538587][ T6510] Call Trace:
[ 103.538591][ T6510]
[ 103.538596][ T6510] dump_stack_lvl+0x16c/0x1f0
[ 103.538617][ T6510] should_fail_ex+0x512/0x640
[ 103.538633][ T6510] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[ 103.538646][ T6510] should_failslab+0xc2/0x120
[ 103.538658][ T6510] kmem_cache_alloc_lru_noprof+0x72/0x3b0
[ 103.538670][ T6510] ? alloc_inode+0x64/0x240
[ 103.538685][ T6510] ? __pfx_debugfs_alloc_inode+0x10/0x10
[ 103.538701][ T6510] alloc_inode+0x64/0x240
[ 103.538714][ T6510] new_inode+0x22/0x1c0
[ 103.538726][ T6510] ? start_creating.part.0+0x25d/0x3a0
[ 103.538744][ T6510] __debugfs_create_file+0x11c/0x6b0
[ 103.538763][ T6510] debugfs_create_file_unsafe+0x3c/0x50
[ 103.538782][ T6510] debugfs_create_u32+0x70/0xa0
[ 103.538798][ T6510] nbd_start_device+0x415/0xcd0
[ 103.538811][ T6510] ? __nla_parse+0x40/0x60
[ 103.538824][ T6510] nbd_genl_connect+0x120e/0x1c20
[ 103.538838][ T6510] ? __pfx_nbd_genl_connect+0x10/0x10
[ 103.538853][ T6510] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 103.538871][ T6510] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 103.538891][ T6510] genl_family_rcv_msg_doit+0x209/0x2f0
[ 103.538908][ T6510] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 103.538924][ T6510] ? genl_get_cmd+0x194/0x580
[ 103.538942][ T6510] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 103.538952][ T6510] ? kmalloc_reserve+0x18b/0x2c0
[ 103.538967][ T6510] ? __radix_tree_lookup+0x21f/0x2c0
[ 103.538984][ T6510] genl_rcv_msg+0x55c/0x800
[ 103.539001][ T6510] ? __pfx_genl_rcv_msg+0x10/0x10
[ 103.539017][ T6510] ? __pfx_nbd_genl_connect+0x10/0x10
[ 103.539030][ T6510] ? __lock_acquire+0xaa4/0x1ba0
[ 103.539051][ T6510] netlink_rcv_skb+0x16a/0x440
[ 103.539064][ T6510] ? __pfx_genl_rcv_msg+0x10/0x10
[ 103.539105][ T6510] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 103.539126][ T6510] ? __pfx_down_read+0x10/0x10
[ 103.539137][ T6510] ? netlink_deliver_tap+0x1ae/0xd30
[ 103.539152][ T6510] genl_rcv+0x28/0x40
[ 103.539166][ T6510] netlink_unicast+0x53d/0x7f0
[ 103.539182][ T6510] ? __pfx_netlink_unicast+0x10/0x10
[ 103.539200][ T6510] netlink_sendmsg+0x8d1/0xdd0
[ 103.539216][ T6510] ? __pfx_netlink_sendmsg+0x10/0x10
[ 103.539235][ T6510] ____sys_sendmsg+0xa95/0xc70
[ 103.539252][ T6510] ? copy_msghdr_from_user+0x10a/0x160
[ 103.539264][ T6510] ? __pfx_____sys_sendmsg+0x10/0x10
[ 103.539286][ T6510] ___sys_sendmsg+0x134/0x1d0
[ 103.539298][ T6510] ? __pfx____sys_sendmsg+0x10/0x10
[ 103.539328][ T6510] __sys_sendmsg+0x16d/0x220
[ 103.539340][ T6510] ? __pfx___sys_sendmsg+0x10/0x10
[ 103.539360][ T6510] ? rcu_is_watching+0x12/0xc0
[ 103.539378][ T6510] do_syscall_64+0xcd/0x260
[ 103.539394][ T6510] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.539406][ T6510] RIP: 0033:0x7f587558e969
[ 103.539415][ T6510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 103.539425][ T6510] RSP: 002b:00007f5876453038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 103.539435][ T6510] RAX: ffffffffffffffda RBX: 00007f58757b5fa0 RCX: 00007f587558e969
[ 103.539442][ T6510] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000006
[ 103.539448][ T6510] RBP: 00007f5876453090 R08: 0000000000000000 R09: 0000000000000000
[ 103.539454][ T6510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 103.539460][ T6510] R13: 0000000000000000 R14: 00007f58757b5fa0 R15: 00007ffcc308e278
[ 103.539473][ T6510]
[ 103.539477][ T6510] debugfs: out of free dentries, can not create file 'blocksize_bits'
[ 103.716047][ T5287] block nbd0: Receive control failed (result -104)
[ 103.833743][ T6512] FAULT_INJECTION: forcing a failure.
[ 103.833743][ T6512] name failslab, interval 1, probability 0, space 0, times 0
[ 103.839116][ T6512] CPU: 0 UID: 0 PID: 6512 Comm: syz.0.17 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full)
[ 103.839140][ T6512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 103.839151][ T6512] Call Trace:
[ 103.839157][ T6512]
[ 103.839165][ T6512] dump_stack_lvl+0x16c/0x1f0
[ 103.839193][ T6512] should_fail_ex+0x512/0x640
[ 103.839217][ T6512] ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 103.839237][ T6512] should_failslab+0xc2/0x120
[ 103.839257][ T6512] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 103.839282][ T6512] ? __kernfs_new_node+0xd2/0x8a0
[ 103.839304][ T6512] __kernfs_new_node+0xd2/0x8a0
[ 103.839325][ T6512] ? __pfx___kernfs_new_node+0x10/0x10
[ 103.839350][ T6512] ? find_held_lock+0x2b/0x80
[ 103.839372][ T6512] ? kernfs_root+0xee/0x2a0
[ 103.839396][ T6512] kernfs_new_node+0x13c/0x1e0
[ 103.839422][ T6512] __kernfs_create_file+0x53/0x350
[ 103.839449][ T6512] sysfs_add_file_mode_ns+0x207/0x3c0
[ 103.839484][ T6512] sysfs_create_file_ns+0x13d/0x1d0
[ 103.839512][ T6512] ? __pfx_sysfs_create_file_ns+0x10/0x10
[ 103.839537][ T6512] ? lockdep_hardirqs_on+0x7c/0x110
[ 103.839564][ T6512] ? nbd_start_device+0x8d8/0xcd0
[ 103.839587][ T6512] device_create_file+0xf2/0x1e0
[ 103.839614][ T6512] nbd_genl_connect+0x1373/0x1c20
[ 103.839638][ T6512] ? __pfx_nbd_genl_connect+0x10/0x10
[ 103.839662][ T6512] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 103.839690][ T6512] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 103.839722][ T6512] genl_family_rcv_msg_doit+0x209/0x2f0
[ 103.839750][ T6512] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 103.839775][ T6512] ? genl_get_cmd+0x194/0x580
[ 103.839806][ T6512] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 103.839822][ T6512] ? kmalloc_reserve+0x18b/0x2c0
[ 103.839845][ T6512] ? __radix_tree_lookup+0x21f/0x2c0
[ 103.839872][ T6512] genl_rcv_msg+0x55c/0x800
[ 103.839900][ T6512] ? __pfx_genl_rcv_msg+0x10/0x10
[ 103.839924][ T6512] ? __pfx_nbd_genl_connect+0x10/0x10
[ 103.839944][ T6512] ? __lock_acquire+0xaa4/0x1ba0
[ 103.839975][ T6512] netlink_rcv_skb+0x16a/0x440
[ 103.839997][ T6512] ? __pfx_genl_rcv_msg+0x10/0x10
[ 103.840023][ T6512] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 103.840059][ T6512] ? __pfx_down_read+0x10/0x10
[ 103.840076][ T6512] ? netlink_deliver_tap+0x1ae/0xd30
[ 103.840101][ T6512] genl_rcv+0x28/0x40
[ 103.840122][ T6512] netlink_unicast+0x53d/0x7f0
[ 103.840163][ T6512] ? __pfx_netlink_unicast+0x10/0x10
[ 103.840194][ T6512] netlink_sendmsg+0x8d1/0xdd0
[ 103.840221][ T6512] ? __pfx_netlink_sendmsg+0x10/0x10
[ 103.840255][ T6512] ____sys_sendmsg+0xa95/0xc70
[ 103.840286][ T6512] ? copy_msghdr_from_user+0x10a/0x160
[ 103.840305][ T6512] ? __pfx_____sys_sendmsg+0x10/0x10
[ 103.840343][ T6512] ___sys_sendmsg+0x134/0x1d0
[ 103.840365][ T6512] ? __pfx____sys_sendmsg+0x10/0x10
[ 103.840420][ T6512] __sys_sendmsg+0x16d/0x220
[ 103.840441][ T6512] ? __pfx___sys_sendmsg+0x10/0x10
[ 103.840470][ T6512] ? rcu_is_watching+0x12/0xc0
[ 103.840499][ T6512] do_syscall_64+0xcd/0x260
[ 103.840527][ T6512] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.840545][ T6512] RIP: 0033:0x7f587558e969
[ 103.840560][ T6512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 103.840576][ T6512] RSP: 002b:00007f5876453038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 103.840593][ T6512] RAX: ffffffffffffffda RBX: 00007f58757b5fa0 RCX: 00007f587558e969
[ 103.840604][ T6512] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000006
[ 103.840614][ T6512] RBP: 00007f5876453090 R08: 0000000000000000 R09: 0000000000000000
[ 103.840625][ T6512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 103.840634][ T6512] R13: 0000000000000000 R14: 00007f58757b5fa0 R15: 00007ffcc308e278
[ 103.840658][ T6512]
[ 103.841150][ T6512] block nbd1: device_create_file failed for backend!
[ 104.001754][ T5287] block nbd1: Receive control failed (result -104)
[ 104.006867][ T5287] block nbd1: shutting down sockets
[ 104.010526][ T5287] ==================================================================
[ 104.013884][ T5287] BUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80
[ 104.016873][ T5287] Write of size 4 at addr ffff8880287bd678 by task kworker/u33:1/5287
[ 104.021727][ T5287]
[ 104.022780][ T5287] CPU: 3 UID: 0 PID: 5287 Comm: kworker/u33:1 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full)
[ 104.022803][ T5287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.022817][ T5287] Workqueue: nbd1-recv recv_work
[ 104.022840][ T5287] Call Trace:
[ 104.022847][ T5287]
[ 104.022854][ T5287] dump_stack_lvl+0x116/0x1f0
[ 104.022882][ T5287] print_report+0xc3/0x670
[ 104.022903][ T5287] ? __virt_addr_valid+0x5e/0x590
[ 104.022933][ T5287] ? __phys_addr+0xc6/0x150
[ 104.022958][ T5287] ? recv_work+0x694/0xa80
[ 104.022975][ T5287] kasan_report+0xe0/0x110
[ 104.022992][ T5287] ? recv_work+0x694/0xa80
[ 104.023013][ T5287] kasan_check_range+0xef/0x1a0
[ 104.023036][ T5287] recv_work+0x694/0xa80
[ 104.023057][ T5287] ? __pfx_recv_work+0x10/0x10
[ 104.023094][ T5287] ? debug_object_deactivate+0x1ec/0x3a0
[ 104.023119][ T5287] ? rcu_is_watching+0x12/0xc0
[ 104.023141][ T5287] process_one_work+0x9cf/0x1b70
[ 104.023162][ T5287] ? __pfx_process_one_work+0x10/0x10
[ 104.023185][ T5287] ? assign_work+0x1a0/0x250
[ 104.023204][ T5287] worker_thread+0x6c8/0xf10
[ 104.023227][ T5287] ? __kthread_parkme+0x19e/0x250
[ 104.023259][ T5287] ? __pfx_worker_thread+0x10/0x10
[ 104.023279][ T5287] kthread+0x3c2/0x780
[ 104.023297][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.023314][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.023327][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.023340][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.023357][ T5287] ? rcu_is_watching+0x12/0xc0
[ 104.023378][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.023392][ T5287] ret_from_fork+0x45/0x80
[ 104.023407][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.023420][ T5287] ret_from_fork_asm+0x1a/0x30
[ 104.023450][ T5287]
[ 104.023457][ T5287]
[ 104.094436][ T5287] Allocated by task 6512:
[ 104.096295][ T5287] kasan_save_stack+0x33/0x60
[ 104.098036][ T5287] kasan_save_track+0x14/0x30
[ 104.099844][ T5287] __kasan_kmalloc+0xaa/0xb0
[ 104.101784][ T5287] nbd_alloc_and_init_config+0x97/0x2a0
[ 104.104089][ T5287] nbd_genl_connect+0x490/0x1c20
[ 104.106196][ T5287] genl_family_rcv_msg_doit+0x209/0x2f0
[ 104.108500][ T5287] genl_rcv_msg+0x55c/0x800
[ 104.110441][ T5287] netlink_rcv_skb+0x16a/0x440
[ 104.112508][ T5287] genl_rcv+0x28/0x40
[ 104.114224][ T5287] netlink_unicast+0x53d/0x7f0
[ 104.116264][ T5287] netlink_sendmsg+0x8d1/0xdd0
[ 104.118330][ T5287] ____sys_sendmsg+0xa95/0xc70
[ 104.120386][ T5287] ___sys_sendmsg+0x134/0x1d0
[ 104.122362][ T5287] __sys_sendmsg+0x16d/0x220
[ 104.124339][ T5287] do_syscall_64+0xcd/0x260
[ 104.126278][ T5287] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.128781][ T5287]
[ 104.129838][ T5287] Freed by task 5287:
[ 104.131537][ T5287] kasan_save_stack+0x33/0x60
[ 104.133547][ T5287] kasan_save_track+0x14/0x30
[ 104.135563][ T5287] kasan_save_free_info+0x3b/0x60
[ 104.137650][ T5287] __kasan_slab_free+0x51/0x70
[ 104.139673][ T5287] kfree+0x2b6/0x4d0
[ 104.141317][ T5287] nbd_config_put+0x3c1/0x750
[ 104.143339][ T5287] recv_work+0x681/0xa80
[ 104.145129][ T5287] process_one_work+0x9cf/0x1b70
[ 104.147177][ T5287] worker_thread+0x6c8/0xf10
[ 104.149070][ T5287] kthread+0x3c2/0x780
[ 104.150735][ T5287] ret_from_fork+0x45/0x80
[ 104.152660][ T5287] ret_from_fork_asm+0x1a/0x30
[ 104.154694][ T5287]
[ 104.155768][ T5287] The buggy address belongs to the object at ffff8880287bd600
[ 104.155768][ T5287] which belongs to the cache kmalloc-256 of size 256
[ 104.161597][ T5287] The buggy address is located 120 bytes inside of
[ 104.161597][ T5287] freed 256-byte region [ffff8880287bd600, ffff8880287bd700)
[ 104.167153][ T5287]
[ 104.168066][ T5287] The buggy address belongs to the physical page:
[ 104.170574][ T5287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x287bc
[ 104.174079][ T5287] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 104.177590][ T5287] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 104.180732][ T5287] page_type: f5(slab)
[ 104.182428][ T5287] raw: 00fff00000000040 ffff88801b442b40 dead000000000122 0000000000000000
[ 104.186080][ T5287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 104.189658][ T5287] head: 00fff00000000040 ffff88801b442b40 dead000000000122 0000000000000000
[ 104.193219][ T5287] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 104.196868][ T5287] head: 00fff00000000001 ffffea0000a1ef01 00000000ffffffff 00000000ffffffff
[ 104.200430][ T5287] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 104.203898][ T5287] page dumped because: kasan: bad access detected
[ 104.206421][ T5287] page_owner tracks the page as allocated
[ 104.208729][ T5287] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 6378, tgid 6378 (syz-executor), ts 103461067503, free_ts 103446356795
[ 104.216483][ T5287] post_alloc_hook+0x181/0x1b0
[ 104.218074][ T5287] get_page_from_freelist+0x135c/0x3920
[ 104.220331][ T5287] __alloc_frozen_pages_noprof+0x263/0x23a0
[ 104.222809][ T5287] new_slab+0x94/0x340
[ 104.224541][ T5287] ___slab_alloc+0xd9c/0x1940
[ 104.226491][ T5287] __slab_alloc.constprop.0+0x56/0xb0
[ 104.228514][ T5287] __kmalloc_node_noprof+0x2ed/0x500
[ 104.230740][ T5287] alloc_slab_obj_exts+0x41/0xa0
[ 104.232410][ T5287] __memcg_slab_post_alloc_hook+0x27b/0x940
[ 104.234214][ T5287] kmem_cache_alloc_noprof+0x307/0x3b0
[ 104.236318][ T5287] seq_open+0x55/0x170
[ 104.238085][ T5287] kernfs_fop_open+0x59f/0xda0
[ 104.240135][ T5287] do_dentry_open+0x744/0x1c10
[ 104.242189][ T5287] vfs_open+0x82/0x3f0
[ 104.243977][ T5287] path_openat+0x1e5e/0x2d40
[ 104.245869][ T5287] do_filp_open+0x20b/0x470
[ 104.247778][ T5287] page last free pid 6378 tgid 6378 stack trace:
[ 104.250216][ T5287] __free_frozen_pages+0x69d/0xff0
[ 104.252275][ T5287] __put_partials+0x16d/0x1c0
[ 104.254099][ T5287] qlist_free_all+0x4e/0x120
[ 104.255641][ T5287] kasan_quarantine_reduce+0x195/0x1e0
[ 104.257929][ T5287] __kasan_slab_alloc+0x69/0x90
[ 104.259719][ T5287] __kmalloc_cache_noprof+0x1f1/0x3e0
[ 104.261906][ T5287] netdevice_event+0x365/0x9d0
[ 104.263832][ T5287] notifier_call_chain+0xbc/0x410
[ 104.266004][ T5287] call_netdevice_notifiers_info+0xbe/0x140
[ 104.268375][ T5287] __dev_notify_flags+0x12c/0x2e0
[ 104.270464][ T5287] netif_change_flags+0x108/0x160
[ 104.272573][ T5287] dev_change_flags+0xba/0x250
[ 104.274602][ T5287] devinet_ioctl+0x11d5/0x1f50
[ 104.276671][ T5287] inet_ioctl+0x3a7/0x3f0
[ 104.278548][ T5287] sock_do_ioctl+0x115/0x280
[ 104.280513][ T5287] sock_ioctl+0x227/0x6b0
[ 104.282381][ T5287]
[ 104.283445][ T5287] Memory state around the buggy address:
[ 104.285776][ T5287] ffff8880287bd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.288560][ T5287] ffff8880287bd580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.291016][ T5287] >ffff8880287bd600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.293529][ T5287] ^
[ 104.295936][ T5287] ffff8880287bd680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.298354][ T5287] ffff8880287bd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.300771][ T5287] ==================================================================
[ 104.304214][ T5287] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 104.306462][ T5287] CPU: 2 UID: 0 PID: 5287 Comm: kworker/u33:1 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full)
[ 104.310050][ T5287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.313283][ T5287] Workqueue: nbd1-recv recv_work
[ 104.314799][ T5287] Call Trace:
[ 104.315852][ T5287]
[ 104.316785][ T5287] dump_stack_lvl+0x3d/0x1f0
[ 104.318203][ T5287] panic+0x71c/0x800
[ 104.319433][ T5287] ? __pfx_panic+0x10/0x10
[ 104.320837][ T5287] ? irqentry_exit+0x3b/0x90
[ 104.322244][ T5287] ? lockdep_hardirqs_on+0x7c/0x110
[ 104.323879][ T5287] ? preempt_schedule_thunk+0x16/0x30
[ 104.325506][ T5287] ? recv_work+0x694/0xa80
[ 104.326880][ T5287] ? preempt_schedule_common+0x44/0xc0
[ 104.328564][ T5287] ? check_panic_on_warn+0x1f/0xb0
[ 104.330131][ T5287] ? recv_work+0x694/0xa80
[ 104.331498][ T5287] check_panic_on_warn+0xab/0xb0
[ 104.333014][ T5287] end_report+0x107/0x170
[ 104.334362][ T5287] kasan_report+0xee/0x110
[ 104.335763][ T5287] ? recv_work+0x694/0xa80
[ 104.337149][ T5287] kasan_check_range+0xef/0x1a0
[ 104.338643][ T5287] recv_work+0x694/0xa80
[ 104.340046][ T5287] ? __pfx_recv_work+0x10/0x10
[ 104.341509][ T5287] ? debug_object_deactivate+0x1ec/0x3a0
[ 104.343208][ T5287] ? rcu_is_watching+0x12/0xc0
[ 104.344689][ T5287] process_one_work+0x9cf/0x1b70
[ 104.346219][ T5287] ? __pfx_process_one_work+0x10/0x10
[ 104.347851][ T5287] ? assign_work+0x1a0/0x250
[ 104.349253][ T5287] worker_thread+0x6c8/0xf10
[ 104.350653][ T5287] ? __kthread_parkme+0x19e/0x250
[ 104.352276][ T5287] ? __pfx_worker_thread+0x10/0x10
[ 104.353848][ T5287] kthread+0x3c2/0x780
[ 104.355144][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.356619][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.358023][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.359526][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.360937][ T5287] ? rcu_is_watching+0x12/0xc0
[ 104.362538][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.363988][ T5287] ret_from_fork+0x45/0x80
[ 104.365375][ T5287] ? __pfx_kthread+0x10/0x10
[ 104.366828][ T5287] ret_from_fork_asm+0x1a/0x30
[ 104.368305][ T5287]
[ 104.369899][ T5287] Kernel Offset: disabled
[ 104.371216][ T5287] Rebooting in 86400 seconds..