[ 82.600357][ T40] audit: type=1400 audit(1765550947.268:116): avc: denied { transition } for pid=6116 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 82.607532][ T40] audit: type=1400 audit(1765550947.268:117): avc: denied { noatsecure } for pid=6116 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 82.613657][ T40] audit: type=1400 audit(1765550947.278:118): avc: denied { rlimitinh } for pid=6116 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 82.619641][ T40] audit: type=1400 audit(1765550947.278:119): avc: denied { siginh } for pid=6116 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 86.674957][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:2565' (ED25519) to the list of known hosts.
2025/12/12 14:49:14 parsed 1 programs
[ 90.220417][ T40] audit: type=1400 audit(1765550954.888:120): avc: denied { node_bind } for pid=6151 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 92.268336][ T40] audit: type=1400 audit(1765550956.938:121): avc: denied { read write } for pid=6169 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 92.278793][ T40] audit: type=1400 audit(1765550956.938:122): avc: denied { open } for pid=6169 comm="syz-executor" path="/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 92.315869][ T40] audit: type=1400 audit(1765550956.988:123): avc: denied { unlink } for pid=6169 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 92.632575][ T40] audit: type=1400 audit(1765550957.298:124): avc: denied { relabelto } for pid=6171 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 93.251416][ T6169] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 94.827357][ T40] audit: type=1401 audit(1765550959.498:125): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 95.394426][ T6191] chnl_net:caif_netlink_parms(): no params data found
[ 95.487552][ T6191] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.489841][ T6191] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.492107][ T6191] bridge_slave_0: entered allmulticast mode
[ 95.494976][ T6191] bridge_slave_0: entered promiscuous mode
[ 95.498327][ T6191] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.500678][ T6191] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.502949][ T6191] bridge_slave_1: entered allmulticast mode
[ 95.506021][ T6191] bridge_slave_1: entered promiscuous mode
[ 95.535489][ T6191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.539928][ T6191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.571442][ T6191] team0: Port device team_slave_0 added
[ 95.574954][ T6191] team0: Port device team_slave_1 added
[ 95.604674][ T6191] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.606988][ T6191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.615109][ T6191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.619339][ T6191] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.621531][ T6191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.629714][ T6191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.674838][ T6191] hsr_slave_0: entered promiscuous mode
[ 95.677012][ T6191] hsr_slave_1: entered promiscuous mode
[ 96.298685][ T6191] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 96.305169][ T6191] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 96.309987][ T6191] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 96.315483][ T6191] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 96.337132][ T6191] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.339455][ T6191] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.341947][ T6191] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.344281][ T6191] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.368620][ T1220] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.372763][ T1220] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.400523][ T6191] 8021q: adding VLAN 0 to HW filter on device bond0
[ 96.414974][ T6191] 8021q: adding VLAN 0 to HW filter on device team0
[ 96.420284][ T1220] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.423253][ T1220] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.429726][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.432017][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.479833][ T40] audit: type=1400 audit(1765550961.148:126): avc: denied { sys_module } for pid=6191 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 96.549695][ T6191] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.572081][ T6191] veth0_vlan: entered promiscuous mode
[ 96.580178][ T6191] veth1_vlan: entered promiscuous mode
[ 96.595118][ T6191] veth0_macvtap: entered promiscuous mode
[ 96.598812][ T6191] veth1_macvtap: entered promiscuous mode
[ 96.607705][ T6191] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.614564][ T6191] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.620365][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.625457][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.629667][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.633316][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.700901][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.779997][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.872527][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.967582][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.215205][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.217795][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.237300][ T5025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.240663][ T5025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.397904][ T5291] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 97.401648][ T5291] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 97.405123][ T5291] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 97.408076][ T5291] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 97.411554][ T5291] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/12/12 14:49:22 executed programs: 0
[ 98.113434][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.116486][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.119450][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.123054][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.126580][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 98.281692][ T6330] chnl_net:caif_netlink_parms(): no params data found
[ 98.360831][ T6330] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.363657][ T6330] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.367048][ T6330] bridge_slave_0: entered allmulticast mode
[ 98.370835][ T6330] bridge_slave_0: entered promiscuous mode
[ 98.376158][ T6330] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.379208][ T6330] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.382406][ T6330] bridge_slave_1: entered allmulticast mode
[ 98.387924][ T6330] bridge_slave_1: entered promiscuous mode
[ 98.431337][ T6330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 98.436001][ T6330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 98.473021][ T6330] team0: Port device team_slave_0 added
[ 98.478070][ T6330] team0: Port device team_slave_1 added
[ 98.514954][ T6330] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 98.517595][ T6330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 98.527034][ T6330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.532973][ T6330] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.536582][ T6330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 98.547271][ T6330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.596920][ T6330] hsr_slave_0: entered promiscuous mode
[ 98.599126][ T6330] hsr_slave_1: entered promiscuous mode
[ 98.601100][ T6330] debugfs: 'hsr0' already exists in 'hsr'
[ 98.602897][ T6330] Cannot create hsr debugfs directory
[ 100.194042][ T5291] Bluetooth: hci0: command tx timeout
[ 100.221564][ T12] bridge_slave_1: left allmulticast mode
[ 100.223865][ T12] bridge_slave_1: left promiscuous mode
[ 100.226482][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.231630][ T12] bridge_slave_0: left allmulticast mode
[ 100.234421][ T12] bridge_slave_0: left promiscuous mode
[ 100.236945][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.416732][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 100.420701][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 100.424243][ T12] bond0 (unregistering): Released all slaves
[ 100.577149][ T12] hsr_slave_0: left promiscuous mode
[ 100.580365][ T12] hsr_slave_1: left promiscuous mode
[ 100.583204][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 100.591409][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 100.594834][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 100.597265][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 100.615416][ T12] veth1_macvtap: left promiscuous mode
[ 100.617689][ T12] veth0_macvtap: left promiscuous mode
[ 100.619504][ T12] veth1_vlan: left promiscuous mode
[ 100.622006][ T12] veth0_vlan: left promiscuous mode
[ 100.983673][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 101.019222][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 101.794691][ T6330] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.800561][ T6330] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.812453][ T6330] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.819114][ T6330] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.876629][ T6330] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.888528][ T6330] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.893591][ T1225] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.896529][ T1225] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.908359][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.911300][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.179069][ T6330] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.207896][ T6330] veth0_vlan: entered promiscuous mode
[ 102.213113][ T6330] veth1_vlan: entered promiscuous mode
[ 102.230451][ T6330] veth0_macvtap: entered promiscuous mode
[ 102.238313][ T6330] veth1_macvtap: entered promiscuous mode
[ 102.251658][ T6330] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.261468][ T6330] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.274836][ T1225] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.274902][ T5291] Bluetooth: hci0: command tx timeout
[ 102.287138][ T1225] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.304608][ T1225] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.308368][ T1225] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.346463][ T1220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.349547][ T1220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.377554][ T1225] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.380593][ T1225] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.403813][ T40] audit: type=1400 audit(1765550967.068:127): avc: denied { create } for pid=6381 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 102.412370][ T40] audit: type=1400 audit(1765550967.078:128): avc: denied { write } for pid=6381 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 102.463629][ T40] audit: type=1400 audit(1765550967.128:129): avc: denied { read write } for pid=6381 comm="syz.0.16" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 102.474100][ T40] audit: type=1400 audit(1765550967.128:130): avc: denied { read write open } for pid=6381 comm="syz.0.16" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 102.523271][ T6382] infiniband syz1: set active
[ 102.526882][ T6382] infiniband syz1: added syz_tun
[ 102.565004][ T6382] RDS/IB: syz1: added
[ 102.569505][ T6382] smc: adding ib device syz1 with port count 1
[ 102.571601][ T6382] smc: ib device syz1 port 1 has no pnetid
[ 102.681327][ T6387] syz1: rxe_newlink: already configured on syz_tun
[ 102.704020][ T6390] syz1: rxe_newlink: already configured on syz_tun
[ 102.720645][ T6393] syz1: rxe_newlink: already configured on syz_tun
[ 102.725180][ T1225] ==================================================================
[ 102.727765][ T1225] BUG: KASAN: slab-use-after-free in ucma_create_uevent+0xb1a/0xbe0
[ 102.730498][ T1225] Read of size 8 at addr ffff88803956ec10 by task kworker/u32:10/1225
[ 102.735150][ T1225]
[ 102.736179][ T1225] CPU: 2 UID: 0 PID: 1225 Comm: kworker/u32:10 Not tainted syzkaller #0 PREEMPT(full)
[ 102.736269][ T1225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 102.736277][ T1225] Workqueue: rdma_cm cma_iboe_join_work_handler
[ 102.736297][ T1225] Call Trace:
[ 102.736301][ T1225]
[ 102.736305][ T1225] dump_stack_lvl+0x116/0x1f0
[ 102.736317][ T1225] print_report+0xcd/0x630
[ 102.736331][ T1225] ? __virt_addr_valid+0x81/0x610
[ 102.736341][ T1225] ? __phys_addr+0xe8/0x180
[ 102.736349][ T1225] ? ucma_create_uevent+0xb1a/0xbe0
[ 102.736361][ T1225] kasan_report+0xe0/0x110
[ 102.736374][ T1225] ? ucma_create_uevent+0xb1a/0xbe0
[ 102.736387][ T1225] ucma_create_uevent+0xb1a/0xbe0
[ 102.736399][ T1225] ucma_event_handler+0x102/0x940
[ 102.736413][ T1225] ? rcu_is_watching+0x12/0xc0
[ 102.736423][ T1225] cma_cm_event_handler+0x97/0x2d0
[ 102.736437][ T1225] cma_iboe_join_work_handler+0xca/0x170
[ 102.736453][ T1225] process_one_work+0x9ba/0x1b20
[ 102.736468][ T1225] ? __pfx_process_one_work+0x10/0x10
[ 102.736482][ T1225] ? assign_work+0x1a0/0x250
[ 102.736493][ T1225] worker_thread+0x6c8/0xf10
[ 102.736507][ T1225] ? __kthread_parkme+0x19e/0x250
[ 102.736517][ T1225] ? __pfx_worker_thread+0x10/0x10
[ 102.736529][ T1225] kthread+0x3c5/0x780
[ 102.736541][ T1225] ? __pfx_kthread+0x10/0x10
[ 102.736552][ T1225] ? rcu_is_watching+0x12/0xc0
[ 102.736561][ T1225] ? __pfx_kthread+0x10/0x10
[ 102.736572][ T1225] ret_from_fork+0x983/0xb10
[ 102.736584][ T1225] ? __pfx_ret_from_fork+0x10/0x10
[ 102.736595][ T1225] ? __switch_to+0x7af/0x10d0
[ 102.736607][ T1225] ? __pfx_kthread+0x10/0x10
[ 102.736619][ T1225] ret_from_fork_asm+0x1a/0x30
[ 102.736636][ T1225]
[ 102.736640][ T1225]
[ 102.810930][ T1225] Allocated by task 6393:
[ 102.812941][ T1225] kasan_save_stack+0x33/0x60
[ 102.815031][ T1225] kasan_save_track+0x14/0x30
[ 102.817195][ T1225] __kasan_kmalloc+0xaa/0xb0
[ 102.819267][ T1225] ucma_process_join+0x237/0xa30
[ 102.821471][ T1225] ucma_join_multicast+0xe8/0x160
[ 102.823645][ T1225] ucma_write+0x1fb/0x330
[ 102.825629][ T1225] vfs_write+0x2a0/0x11d0
[ 102.827510][ T1225] ksys_write+0x1f8/0x250
[ 102.829557][ T1225] do_syscall_64+0xcd/0xf80
[ 102.831606][ T1225] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.834308][ T1225]
[ 102.835423][ T1225] Freed by task 6393:
[ 102.836976][ T1225] kasan_save_stack+0x33/0x60
[ 102.838842][ T1225] kasan_save_track+0x14/0x30
[ 102.841025][ T1225] kasan_save_free_info+0x3b/0x60
[ 102.843289][ T1225] __kasan_slab_free+0x5f/0x80
[ 102.845413][ T1225] kfree+0x2f8/0x6e0
[ 102.847189][ T1225] ucma_process_join+0x3b9/0xa30
[ 102.849454][ T1225] ucma_join_multicast+0xe8/0x160
[ 102.851731][ T1225] ucma_write+0x1fb/0x330
[ 102.853604][ T1225] vfs_write+0x2a0/0x11d0
[ 102.855489][ T1225] ksys_write+0x1f8/0x250
[ 102.857474][ T1225] do_syscall_64+0xcd/0xf80
[ 102.859454][ T1225] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.861455][ T1225]
[ 102.862253][ T1225] The buggy address belongs to the object at ffff88803956ec00
[ 102.862253][ T1225] which belongs to the cache kmalloc-192 of size 192
[ 102.866690][ T1225] The buggy address is located 16 bytes inside of
[ 102.866690][ T1225] freed 192-byte region [ffff88803956ec00, ffff88803956ecc0)
[ 102.871079][ T1225]
[ 102.871857][ T1225] The buggy address belongs to the physical page:
[ 102.874002][ T1225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3956e
[ 102.876866][ T1225] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 102.879303][ T1225] page_type: f5(slab)
[ 102.880988][ T1225] raw: 00fff00000000000 ffff88801b4423c0 dead000000000122 0000000000000000
[ 102.884666][ T1225] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 102.887547][ T1225] page dumped because: kasan: bad access detected
[ 102.889691][ T1225] page_owner tracks the page as allocated
[ 102.891520][ T1225] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 6381, tgid 6381 (syz-executor), ts 102402164656, free_ts 102274601065
[ 102.897849][ T1225] post_alloc_hook+0x1af/0x220
[ 102.899469][ T1225] get_page_from_freelist+0xd0b/0x31a0
[ 102.901249][ T1225] __alloc_frozen_pages_noprof+0x25f/0x2430
[ 102.903250][ T1225] new_slab+0xaf/0x430
[ 102.904794][ T1225] ___slab_alloc+0xe18/0x1c90
[ 102.906411][ T1225] __slab_alloc.constprop.0+0x63/0x110
[ 102.908194][ T1225] __kmalloc_node_noprof+0x4d8/0x930
[ 102.909988][ T1225] alloc_slab_obj_exts+0x43/0xf0
[ 102.911616][ T1225] __memcg_slab_post_alloc_hook+0x24b/0x880
[ 102.913535][ T1225] kmem_cache_alloc_noprof+0x589/0x770
[ 102.915436][ T1225] alloc_empty_file+0x55/0x1e0
[ 102.916999][ T1225] path_openat+0xde/0x3140
[ 102.918806][ T1225] do_filp_open+0x20b/0x470
[ 102.920804][ T1225] do_sys_openat2+0x11f/0x280
[ 102.922708][ T1225] __x64_sys_openat+0x174/0x210
[ 102.924297][ T1225] do_syscall_64+0xcd/0xf80
[ 102.925776][ T1225] page last free pid 9 tgid 9 stack trace:
[ 102.927714][ T1225] __free_frozen_pages+0x7df/0x1170
[ 102.930039][ T1225] vfree+0x1fd/0xb50
[ 102.931360][ T1225] delayed_vfree_work+0x56/0x70
[ 102.932959][ T1225] process_one_work+0x9ba/0x1b20
[ 102.934607][ T1225] worker_thread+0x6c8/0xf10
[ 102.936143][ T1225] kthread+0x3c5/0x780
[ 102.937501][ T1225] ret_from_fork+0x983/0xb10
[ 102.939174][ T1225] ret_from_fork_asm+0x1a/0x30
[ 102.940754][ T1225]
[ 102.941520][ T1225] Memory state around the buggy address:
[ 102.943412][ T1225] ffff88803956eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 102.946482][ T1225] ffff88803956eb80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.949227][ T1225] >ffff88803956ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 102.951822][ T1225] ^
[ 102.953342][ T1225] ffff88803956ec80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 102.955956][ T1225] ffff88803956ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.958619][ T1225] ==================================================================
[ 102.967156][ T1225] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 102.969658][ T1225] CPU: 2 UID: 0 PID: 1225 Comm: kworker/u32:10 Not tainted syzkaller #0 PREEMPT(full)
[ 102.972786][ T1225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 102.976254][ T1225] Workqueue: rdma_cm cma_iboe_join_work_handler
[ 102.978388][ T1225] Call Trace:
[ 102.979510][ T1225]
[ 102.980455][ T1225] dump_stack_lvl+0x3d/0x1f0
[ 102.981992][ T1225] vpanic+0x640/0x6f0
[ 102.983336][ T1225] panic+0xca/0xd0
[ 102.984594][ T1225] ? __pfx_panic+0x10/0x10
[ 102.986113][ T1225] ? ucma_create_uevent+0xb1a/0xbe0
[ 102.988154][ T1225] ? preempt_schedule_common+0x44/0xc0
[ 102.989995][ T1225] ? preempt_schedule_thunk+0x16/0x30
[ 102.991810][ T1225] ? check_panic_on_warn+0x1f/0xb0
[ 102.993503][ T1225] check_panic_on_warn+0xab/0xb0
[ 102.995146][ T1225] end_report+0x107/0x160
[ 102.996595][ T1225] kasan_report+0xee/0x110
[ 102.998127][ T1225] ? ucma_create_uevent+0xb1a/0xbe0
[ 102.999831][ T1225] ucma_create_uevent+0xb1a/0xbe0
[ 103.001544][ T1225] ucma_event_handler+0x102/0x940
[ 103.003206][ T1225] ? rcu_is_watching+0x12/0xc0
[ 103.004771][ T1225] cma_cm_event_handler+0x97/0x2d0
[ 103.006498][ T1225] cma_iboe_join_work_handler+0xca/0x170
[ 103.008482][ T1225] process_one_work+0x9ba/0x1b20
[ 103.010105][ T1225] ? __pfx_process_one_work+0x10/0x10
[ 103.011839][ T1225] ? assign_work+0x1a0/0x250
[ 103.013358][ T1225] worker_thread+0x6c8/0xf10
[ 103.014889][ T1225] ? __kthread_parkme+0x19e/0x250
[ 103.016546][ T1225] ? __pfx_worker_thread+0x10/0x10
[ 103.018396][ T1225] kthread+0x3c5/0x780
[ 103.019745][ T1225] ? __pfx_kthread+0x10/0x10
[ 103.021263][ T1225] ? rcu_is_watching+0x12/0xc0
[ 103.022846][ T1225] ? __pfx_kthread+0x10/0x10
[ 103.024369][ T1225] ret_from_fork+0x983/0xb10
[ 103.025929][ T1225] ? __pfx_ret_from_fork+0x10/0x10
[ 103.027597][ T1225] ? __switch_to+0x7af/0x10d0
[ 103.029768][ T1225] ? __pfx_kthread+0x10/0x10
[ 103.031866][ T1225] ret_from_fork_asm+0x1a/0x30
[ 103.033724][ T1225]
[ 103.035408][ T1225] Kernel Offset: disabled
[ 103.036857][ T1225] Rebooting in 86400 seconds..