bisecting cause commit starting from b75dba7f472ca6c2dd0b8ee41f5a4b5a45539306
building syzkaller on 2ce644fcea660c78bc6a3ce7e05079a730743671
testing commit b75dba7f472ca6c2dd0b8ee41f5a4b5a45539306 with gcc (GCC) 10.2.1 20210217
kernel signature: 0dc3c119667d5eec6cd4a7c0b9ad42262f36c8fa27dabeb1180ae1758dc5f553
run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #1: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #5: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #8: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #10: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #11: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #12: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #13: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #14: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #15: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #16: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #17: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #18: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #19: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217
kernel signature: 99aea08f7f55abe0ff84689e15588a63e02f1aabb04446264e40f6f74496ca79
run #0: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #9: crashed: WARNING in __cfg80211_ibss_joined
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217
kernel signature: 40cb6ad3c0398a0d565d1df60099b0254dc8112f0ea305a679af8da6b15b5393
run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #2: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #4: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #9: crashed: KASAN: invalid-free in ieee80211_ibss_leave
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217
kernel signature: 6c93be889043ab7ecf5bc0cd4ee325c082a085d62d9b97866cd4d1c4a919e5cb
run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #4: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #5: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217
kernel signature: 668a1d0889fdd4b82821e15369005f49a497d5b1893ff27dd9a1cf4a16b4c871
run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #1: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #4: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217
kernel signature: 3d756c8dcc2e262e48b6988655e5fd59d7b93f878d99eb0f728a1c277a3a8be9
run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #2: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #3: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.4.1 20210217
kernel signature: 99f006834bfdf0a87fa0da7d384be706cbce39496a187acc22084f28724273e2
all runs: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.4.1 20210217
kernel signature: 4daf1fbb5ba7a32f21a0df16c364a983a78fb29c7803b510e4e6ea67602e534b
run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #4: crashed: KASAN: invalid-free in ieee80211_ibss_leave
run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.4.1 20210217
kernel signature: 9a28f406fbc6d9c198be19b746b0dfc86d75f95dfc0561807d92f3c6c9e49c96
all runs: boot failed: BUG: spinlock bad magic in nf_connlabels_get
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.4.1 20210217
kernel signature: 78a9bf2a123342c9eec1cd2036067bad8874650f9d4aeff8dbbab7fa3b904b98
all runs: boot failed: can't ssh into the instance
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.4.1 20210217
kernel signature: 912f96a4e434dfb370e31e1715dba8040994323b6ad707e466621a1eb0b528e1
all runs: boot failed: can't ssh into the instance
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.4.1 20210217
kernel signature: 855846872d970fc218c3efc7415272cf8f5e22adb904bf05659c5d4c63a23211
all runs: boot failed: can't ssh into the instance
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.4.1 20210217
kernel signature: 696bae2865efdcb5ec2ee47be75ded0065a5d784300bc7bc615915e0c097e1ad
all runs: boot failed: can't ssh into the instance
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.4.1 20210217
kernel signature: f86accd2a920cde2015b877a65c4a75a34cc386e7465bc64f78053b769336438
all runs: boot failed: can't ssh into the instance
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.4.1 20210217
kernel signature: 22325cc8e8f184f6d850754bebabcf9c68302f532cc445d43d6cf6799fd70f76
all runs: boot failed: can't ssh into the instance
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.4.1 20210217
./security/selinux/include/classmap.h:247:2: error: #error New address family defined, please update secclass_map.
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.4.1 20210217
./security/selinux/include/classmap.h:247:2: error: #error New address family defined, please update secclass_map.
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.4.1 20210217
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
./security/selinux/include/classmap.h:247:2: error: #error New address family defined, please update secclass_map.
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.4.1 20210217
orc_dump.c:105:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:110:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:139:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
./security/selinux/include/classmap.h:245:2: error: #error New address family defined, please update secclass_map.
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.4.1 20210217
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:144:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:149:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
./security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map.
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.4.1 20210217
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
./security/selinux/include/classmap.h:238:2: error: #error New address family defined, please update secclass_map.
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.5.0
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:122:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:127:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
revisions tested: 15, total time: 3h34m14.160963411s (build: 1h36m13.266766134s, test: 1h54m0.867789361s)
the crash already happened on the oldest tested release
commit msg: Linux 5.4
crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
==================================================================
BUG: KASAN: use-after-free in memcpy include/linux/string.h:378 [inline]
BUG: KASAN: use-after-free in ieee80211_ibss_build_presp+0xcfb/0x1a30 net/mac80211/ibss.c:171
Read of size 135 at addr ffff8880a9c06d00 by task kworker/u4:4/236

CPU: 1 PID: 236 Comm: kworker/u4:4 Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy77 ieee80211_iface_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x96/0xe0 lib/dump_stack.c:118
 print_address_description.constprop.4.cold.6+0x9/0x341 mm/kasan/report.c:374
 __kasan_report.cold.7+0x7a/0x97 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:634
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x144/0x1c0 mm/kasan/generic.c:192
 memcpy+0x1f/0x50 mm/kasan/common.c:122
 memcpy include/linux/string.h:378 [inline]
 ieee80211_ibss_build_presp+0xcfb/0x1a30 net/mac80211/ibss.c:171
 __ieee80211_sta_join_ibss+0x5c7/0x1b20 net/mac80211/ibss.c:317
 ieee80211_sta_create_ibss.cold.19+0x118/0x1de net/mac80211/ibss.c:1353
 ieee80211_sta_find_ibss net/mac80211/ibss.c:1483 [inline]
 ieee80211_ibss_work.cold.27+0x10f/0x4f2 net/mac80211/ibss.c:1707
 process_one_work+0x8ca/0x16c0 kernel/workqueue.c:2269
 worker_thread+0x82/0xb50 kernel/workqueue.c:2415
 kthread+0x31d/0x3e0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Allocated by task 20027:
 save_stack+0x19/0x80 mm/kasan/common.c:69
 set_track mm/kasan/common.c:77 [inline]
 __kasan_kmalloc mm/kasan/common.c:510 [inline]
 __kasan_kmalloc.constprop.12+0xc1/0xd0 mm/kasan/common.c:483
 __do_kmalloc mm/slab.c:3655 [inline]
 __kmalloc_track_caller+0x11c/0x470 mm/slab.c:3670
 kmemdup+0x17/0x40 mm/util.c:127
 kmemdup include/linux/string.h:451 [inline]
 ieee80211_ibss_join+0x918/0x10d0 net/mac80211/ibss.c:1818
 rdev_join_ibss net/wireless/rdev-ops.h:522 [inline]
 __cfg80211_join_ibss+0x6b5/0xfc0 net/wireless/ibss.c:144
 nl80211_join_ibss+0xa49/0x10e0 net/wireless/nl80211.c:9571
 genl_family_rcv_msg+0x5ff/0xf40 net/netlink/genetlink.c:629
 genl_rcv_msg+0xb3/0x160 net/netlink/genetlink.c:654
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2477
 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x3fc/0x5c0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x71e/0xb70 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:657
 ___sys_sendmsg+0x653/0x950 net/socket.c:2311
 __sys_sendmsg+0xce/0x170 net/socket.c:2356
 do_syscall_64+0x8e/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 20026:
 save_stack+0x19/0x80 mm/kasan/common.c:69
 set_track mm/kasan/common.c:77 [inline]
 kasan_set_free_info mm/kasan/common.c:332 [inline]
 __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:471
 __cache_free mm/slab.c:3425 [inline]
 kfree+0xdd/0x270 mm/slab.c:3756
 ieee80211_ibss_leave+0x7b/0xd0 net/mac80211/ibss.c:1870
 rdev_leave_ibss net/wireless/rdev-ops.h:532 [inline]
 __cfg80211_leave_ibss+0x14c/0x630 net/wireless/ibss.c:212
 cfg80211_leave+0x23/0x30 net/wireless/core.c:1200
 cfg80211_netdev_notifier_call+0x99d/0x15b1 net/wireless/core.c:1309
 notifier_call_chain+0x86/0x150 kernel/notifier.c:95
 call_netdevice_notifiers_extack net/core/dev.c:1680 [inline]
 call_netdevice_notifiers net/core/dev.c:1694 [inline]
 __dev_close_many+0xd4/0x2c0 net/core/dev.c:1382
 __dev_close net/core/dev.c:1420 [inline]
 __dev_change_flags+0x1f8/0x520 net/core/dev.c:7880
 dev_change_flags+0x75/0x160 net/core/dev.c:7953
 dev_ifsioc+0x551/0x750 net/core/dev_ioctl.c:237
 dev_ioctl+0x14b/0xaf8 drivers/usb/gadget/legacy/inode.c:1259
 sock_do_ioctl+0x16f/0x240 net/socket.c:1061
 sock_ioctl+0x484/0x610 net/socket.c:1189
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0x18b/0x1040 fs/ioctl.c:696
 ksys_ioctl+0x5b/0x90 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x6a/0xb0 fs/ioctl.c:718
 do_syscall_64+0x8e/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

The buggy address belongs to the object at ffff8880a9c06d00
 which belongs to the cache kmalloc-192 of size 192
The buggy address is located 0 bytes inside of
 192-byte region [ffff8880a9c06d00, ffff8880a9c06dc0)
The buggy address belongs to the page:
page:ffffea0002a70180 refcount:1 mapcount:0 mapping:ffff8880b5800000 index:0x0
raw: 00fff00000000200 ffffea00020b2a48 ffffea00028b7b48 ffff8880b5800000
raw: 0000000000000000 ffff8880a9c06000 0000000100000010 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8880a9c06c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880a9c06c80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
>ffff8880a9c06d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff8880a9c06d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff8880a9c06e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================