[   76.207649][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[   76.210301][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '[localhost]:42238' (ED25519) to the list of known hosts.
2025/07/25 07:59:15 ignoring optional flag "sandboxArg"="0"
2025/07/25 07:59:16 parsed 1 programs
[   81.315289][  T838] cfg80211: failed to load regulatory.db
[   81.426340][   T40] audit: type=1400 audit(1753430359.088:117): avc:  denied  { unlink } for  pid=6261 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   82.424512][ T6261] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.740363][   T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.743473][   T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.746192][   T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.749822][   T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.753240][   T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.004522][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.007686][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.031219][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.035290][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.656683][   T40] audit: type=1401 audit(1753430363.318:118): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   86.598965][ T6345] chnl_net:caif_netlink_parms(): no params data found
[   86.680942][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.684074][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.687162][ T6345] bridge_slave_0: entered allmulticast mode
[   86.690146][ T6345] bridge_slave_0: entered promiscuous mode
[   86.733566][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.736061][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.739021][ T6345] bridge_slave_1: entered allmulticast mode
[   86.742618][ T6345] bridge_slave_1: entered promiscuous mode
[   86.788554][ T6345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.792962][ T6345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.829523][ T6345] team0: Port device team_slave_0 added
[   86.833316][ T6345] team0: Port device team_slave_1 added
[   86.863625][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.866074][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.874015][ T6345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.886920][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.889193][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.898859][ T6345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.941165][ T6345] hsr_slave_0: entered promiscuous mode
[   86.944156][ T6345] hsr_slave_1: entered promiscuous mode
[   87.582042][ T6345] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.590266][ T6345] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.595601][ T6345] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.601855][ T6345] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.651125][ T6345] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.667310][ T6345] 8021q: adding VLAN 0 to HW filter on device team0
[   87.676329][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.679414][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.686743][ T1180] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.689540][ T1180] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.822473][ T6345] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.849827][ T6345] veth0_vlan: entered promiscuous mode
[   87.854813][ T6345] veth1_vlan: entered promiscuous mode
[   87.869203][ T6345] veth0_macvtap: entered promiscuous mode
[   87.873656][ T6345] veth1_macvtap: entered promiscuous mode
[   87.884628][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.890590][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.897376][ T6345] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.900297][ T6345] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.903172][ T6345] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.906076][ T6345] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.002519][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.055057][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.157905][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.209760][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/25 07:59:25 executed programs: 0
[   88.347598][   T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.350608][   T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.355224][   T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.359301][   T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.362744][   T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.458917][ T6423] chnl_net:caif_netlink_parms(): no params data found
[   88.549771][ T6423] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.552830][ T6423] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.556314][ T6423] bridge_slave_0: entered allmulticast mode
[   88.559491][ T6423] bridge_slave_0: entered promiscuous mode
[   88.562824][ T6423] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.565831][ T6423] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.568780][ T6423] bridge_slave_1: entered allmulticast mode
[   88.572046][ T6423] bridge_slave_1: entered promiscuous mode
[   88.608570][ T6423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.613058][ T6423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.649072][ T6423] team0: Port device team_slave_0 added
[   88.652994][ T6423] team0: Port device team_slave_1 added
[   88.686969][ T6423] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.689103][ T6423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.698609][ T6423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.703292][ T6423] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.705524][ T6423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.713312][ T6423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.753355][ T6423] hsr_slave_0: entered promiscuous mode
[   88.755920][ T6423] hsr_slave_1: entered promiscuous mode
[   88.758291][ T6423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.761190][ T6423] Cannot create hsr debugfs directory
[   90.445332][   T63] Bluetooth: hci0: command tx timeout
[   91.492237][   T13] bridge_slave_1: left allmulticast mode
[   91.494368][   T13] bridge_slave_1: left promiscuous mode
[   91.496558][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.501361][   T13] bridge_slave_0: left allmulticast mode
[   91.503168][   T13] bridge_slave_0: left promiscuous mode
[   91.505553][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.699827][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   91.704349][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   91.708195][   T13] bond0 (unregistering): Released all slaves
[   91.841222][   T13] hsr_slave_0: left promiscuous mode
[   91.844529][   T13] hsr_slave_1: left promiscuous mode
[   91.847378][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.850524][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   91.855152][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   91.858164][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   91.879893][   T13] veth1_macvtap: left promiscuous mode
[   91.882288][   T13] veth0_macvtap: left promiscuous mode
[   91.885570][   T13] veth1_vlan: left promiscuous mode
[   91.887811][   T13] veth0_vlan: left promiscuous mode
[   92.258623][   T13] team0 (unregistering): Port device team_slave_1 removed
[   92.295017][   T13] team0 (unregistering): Port device team_slave_0 removed
[   92.515938][   T63] Bluetooth: hci0: command tx timeout
[   93.064837][ T6423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.069146][ T6423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.073314][ T6423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.080679][ T6423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.124114][ T6423] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.136049][ T6423] 8021q: adding VLAN 0 to HW filter on device team0
[   93.143049][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.145409][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.153003][   T98] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.156096][   T98] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.273981][ T6423] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.295061][ T6423] veth0_vlan: entered promiscuous mode
[   93.301734][ T6423] veth1_vlan: entered promiscuous mode
[   93.316372][ T6423] veth0_macvtap: entered promiscuous mode
[   93.320184][ T6423] veth1_macvtap: entered promiscuous mode
[   93.328364][ T6423] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.333986][ T6423] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.341077][ T6423] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.344942][ T6423] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.347713][ T6423] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.350417][ T6423] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.382260][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.385999][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.400982][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.403739][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/25 07:59:31 executed programs: 2
[   93.434082][   T40] audit: type=1400 audit(1753430371.088:119): avc:  denied  { create } for  pid=6553 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   93.440264][   T40] audit: type=1400 audit(1753430371.098:120): avc:  denied  { write } for  pid=6553 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   93.486235][   T40] audit: type=1400 audit(1753430371.148:121): avc:  denied  { read write } for  pid=6553 comm="syz.0.16" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   93.494120][   T40] audit: type=1400 audit(1753430371.148:122): avc:  denied  { open } for  pid=6553 comm="syz.0.16" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   93.517426][ T6554] infiniband syz1: set active
[   93.519648][ T6554] infiniband syz1: added syz_tun
[   93.546809][ T6554] RDS/IB: syz1: added
[   93.548888][ T6554] smc: adding ib device syz1 with port count 1
[   93.551646][ T6554] smc:    ib device syz1 port 1 has pnetid 
[   93.683985][ T6558] syz1: rxe_newlink: already configured on syz_tun
[   93.704563][ T6561] syz1: rxe_newlink: already configured on syz_tun
[   93.729643][ T6564] syz1: rxe_newlink: already configured on syz_tun
[   93.743235][ T6567] syz1: rxe_newlink: already configured on syz_tun
[   93.758714][ T6570] syz1: rxe_newlink: already configured on syz_tun
[   93.799896][ T6573] syz1: rxe_newlink: already configured on syz_tun
[   93.820965][ T6576] syz1: rxe_newlink: already configured on syz_tun
[   93.835775][ T6579] syz1: rxe_newlink: already configured on syz_tun
[   93.838935][ T6580] ==================================================================
[   93.839011][ T6579] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000083: 0000 [#1] SMP KASAN NOPTI
[   93.842378][ T6580] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x151/0x190
[   93.846266][ T6579] KASAN: null-ptr-deref in range [0x0000000000000418-0x000000000000041f]
[   93.846280][ T6579] CPU: 1 UID: 0 PID: 6579 Comm: syz.0.24 Not tainted 6.16.0-rc7-syzkaller-g2942242dde89-dirty #0 PREEMPT(full) 
[   93.849885][ T6580] Read of size 8 at addr ffff888029e42b20 by task syz.0.24/6580
[   93.852820][ T6579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.852829][ T6579] RIP: 0010:__mutex_lock+0x14f/0xb90
[   93.857606][ T6580] 
[   93.859731][ T6579] Code: d0 7c 08 84 d2 0f 85 ab 07 00 00 8b 35 1a 59 56 0f 85 f6 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 60 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 93 07 00 00 48 3b 5b 60 0f 85 e0 01 00 00 bf 01
[   93.865777][ T6580] CPU: 2 UID: 0 PID: 6580 Comm: syz.0.24 Not tainted 6.16.0-rc7-syzkaller-g2942242dde89-dirty #0 PREEMPT(full) 
[   93.865801][ T6580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.865811][ T6580] Call Trace:
[   93.865819][ T6580]  <TASK>
[   93.865826][ T6580]  dump_stack_lvl+0x116/0x1f0
[   93.865856][ T6580]  print_report+0xcd/0x630
[   93.865881][ T6580]  ? __virt_addr_valid+0x81/0x610
[   93.865900][ T6580]  ? __phys_addr+0xe8/0x180
[   93.865920][ T6580]  ? __list_add_valid_or_report+0x151/0x190
[   93.865948][ T6580]  kasan_report+0xe0/0x110
[   93.865973][ T6580]  ? __list_add_valid_or_report+0x151/0x190
[   93.865999][ T6580]  __list_add_valid_or_report+0x151/0x190
[   93.866027][ T6580]  ucma_process_join+0x4f4/0xad0
[   93.866055][ T6580]  ? __pfx_ucma_process_join+0x10/0x10
[   93.866089][ T6580]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   93.866111][ T6580]  ucma_join_multicast+0xe8/0x160
[   93.866136][ T6580]  ? __pfx_ucma_join_multicast+0x10/0x10
[   93.866169][ T6580]  ? __pfx_ucma_join_multicast+0x10/0x10
[   93.866196][ T6580]  ucma_write+0x1fb/0x330
[   93.866221][ T6580]  ? __pfx_ucma_write+0x10/0x10
[   93.866246][ T6580]  ? bpf_lsm_file_permission+0x9/0x10
[   93.866274][ T6580]  ? security_file_permission+0x71/0x210
[   93.866299][ T6580]  ? rw_verify_area+0xcf/0x680
[   93.866320][ T6580]  ? __pfx_ucma_write+0x10/0x10
[   93.866343][ T6580]  vfs_write+0x29d/0x1150
[   93.866365][ T6580]  ? __pfx_vfs_write+0x10/0x10
[   93.866386][ T6580]  ? find_held_lock+0x2b/0x80
[   93.866405][ T6580]  ? __fget_files+0x204/0x3c0
[   93.866430][ T6580]  ? __fget_files+0x20e/0x3c0
[   93.866456][ T6580]  ksys_write+0x1f8/0x250
[   93.866477][ T6580]  ? __pfx_ksys_write+0x10/0x10
[   93.866500][ T6580]  do_syscall_64+0xcd/0x4c0
[   93.866527][ T6580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.866547][ T6580] RIP: 0033:0x7f6bbd98e929
[   93.866560][ T6580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.866576][ T6580] RSP: 002b:00007f6bbe7fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   93.866593][ T6580] RAX: ffffffffffffffda RBX: 00007f6bbdbb6080 RCX: 00007f6bbd98e929
[   93.866604][ T6580] RDX: 00000000000000a0 RSI: 0000200000000900 RDI: 0000000000000004
[   93.866613][ T6580] RBP: 00007f6bbda10b39 R08: 0000000000000000 R09: 0000000000000000
[   93.866624][ T6580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.866634][ T6580] R13: 0000000000000001 R14: 00007f6bbdbb6080 R15: 00007fff295a4748
[   93.866649][ T6580]  </TASK>
[   93.866656][ T6580] 
[   93.867972][ T6579] RSP: 0018:ffffc900016df8b0 EFLAGS: 00010202
[   93.868994][ T6580] Allocated by task 6579:
[   93.876830][ T6579] 
[   93.876839][ T6579] RAX: dffffc0000000000 RBX: 00000000000003b8 RCX: 1ffffffff35c0a00
[   93.881693][ T6580]  kasan_save_stack+0x33/0x60
[   93.885020][ T6579] RDX: 0000000000000083 RSI: 0000000000000000 RDI: 0000000000000418
[   93.886455][ T6580]  kasan_save_track+0x14/0x30
[   93.887390][ T6579] RBP: ffffc900016df9f0 R08: ffffffff889fb8fd R09: fffff520002dbf35
[   93.887399][ T6579] R10: ffffc900016dfa10 R11: 0000000000000001 R12: dffffc0000000000
[   93.889385][ T6580]  __kasan_kmalloc+0xaa/0xb0
[   93.890780][ T6579] R13: ffffc900016df930 R14: 0000000000000000 R15: 1ffff920002dbf20
[   93.892875][ T6580]  ucma_process_join+0x233/0xad0
[   93.894371][ T6579] FS:  00007f6bbe81d6c0(0000) GS:ffff8880d6812000(0000) knlGS:0000000000000000
[   93.896881][ T6580]  ucma_join_multicast+0xe8/0x160
[   93.898810][ T6579] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   93.901322][ T6580]  ucma_write+0x1fb/0x330
[   93.903533][ T6579] CR2: 0000000000000000 CR3: 000000002a054000 CR4: 0000000000352ef0
[   93.905619][ T6580]  vfs_write+0x29d/0x1150
[   93.907315][ T6579] Call Trace:
[   93.909399][ T6580]  ksys_write+0x1f8/0x250
[   93.911232][ T6579]  <TASK>
[   93.911239][ T6579]  ? ucma_cleanup_mc_events+0x5d/0x490
[   93.913512][ T6580]  do_syscall_64+0xcd/0x4c0
[   93.915276][ T6579]  ? __pfx___mutex_lock+0x10/0x10
[   93.916728][ T6580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.918296][ T6579]  ? ucma_cleanup_mc_events+0x5d/0x490
[   93.919983][ T6580] 
[   93.919987][ T6580] Freed by task 13:
[   93.921766][ T6579]  ucma_cleanup_mc_events+0x5d/0x490
[   93.923268][ T6580]  kasan_save_stack+0x33/0x60
[   93.924747][ T6579]  ? rdma_leave_multicast+0x27f/0x350
[   93.925925][ T6580]  kasan_save_track+0x14/0x30
[   93.927448][ T6579]  ucma_process_join+0x966/0xad0
[   93.928917][ T6580]  kasan_save_free_info+0x3b/0x60
[   93.930725][ T6579]  ? __pfx_ucma_process_join+0x10/0x10
[   93.932472][ T6580]  __kasan_slab_free+0x51/0x70
[   93.933821][ T6579]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   93.935728][ T6580]  kfree+0x2b4/0x4d0
[   93.937185][ T6579]  ucma_join_multicast+0xe8/0x160
[   93.939163][ T6580]  ucma_create_uevent+0x9c1/0xc10
[   93.940573][ T6579]  ? __pfx_ucma_join_multicast+0x10/0x10
[   93.946385][ T6580]  ucma_event_handler+0x102/0x940
[   93.948998][ T6579]  ? __pfx_ucma_join_multicast+0x10/0x10
[   93.951485][ T6580]  cma_cm_event_handler+0x97/0x300
[   93.954410][ T6579]  ucma_write+0x1fb/0x330
[   93.956856][ T6580]  cma_iboe_join_work_handler+0xca/0x170
[   93.959199][ T6579]  ? __pfx_ucma_write+0x10/0x10
[   93.961676][ T6580]  process_one_work+0x9cc/0x1b70
[   93.962654][ T6579]  ? bpf_lsm_file_permission+0x9/0x10
[   93.963431][ T6580]  worker_thread+0x6c8/0xf10
[   93.965314][ T6579]  ? security_file_permission+0x71/0x210
[   93.966600][ T6580]  kthread+0x3c2/0x780
[   93.967291][ T6579]  ? rw_verify_area+0xcf/0x680
[   93.969535][ T6580]  ret_from_fork+0x5d4/0x6f0
[   93.971505][ T6579]  ? __pfx_ucma_write+0x10/0x10
[   93.974116][ T6580]  ret_from_fork_asm+0x1a/0x30
[   93.976092][ T6579]  vfs_write+0x29d/0x1150
[   93.978659][ T6580] 
[   93.978664][ T6580] The buggy address belongs to the object at ffff888029e42b00
[   93.978664][ T6580]  which belongs to the cache kmalloc-192 of size 192
[   93.981462][ T6579]  ? __pfx_vfs_write+0x10/0x10
[   93.982896][ T6580] The buggy address is located 32 bytes inside of
[   93.982896][ T6580]  freed 192-byte region [ffff888029e42b00, ffff888029e42bc0)
[   93.986222][ T6579]  ? find_held_lock+0x2b/0x80
[   93.987752][ T6580] 
[   93.987757][ T6580] The buggy address belongs to the physical page:
[   93.987761][ T6580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29e42
[   93.991378][ T6579]  ? __fget_files+0x204/0x3c0
[   93.992947][ T6580] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   93.995630][ T6579]  ? __fget_files+0x20e/0x3c0
[   93.996995][ T6580] page_type: f5(slab)
[   93.997006][ T6580] raw: 00fff00000000000 ffff88801b8423c0 dead000000000100 dead000000000122
[   94.000265][ T6579]  ksys_write+0x1f8/0x250
[   94.001623][ T6580] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   94.003008][ T6579]  ? __pfx_ksys_write+0x10/0x10
[   94.004371][ T6580] page dumped because: kasan: bad access detected
[   94.004378][ T6580] page_owner tracks the page as allocated
[   94.005609][ T6579]  do_syscall_64+0xcd/0x4c0
[   94.007284][ T6580] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 13843434128, free_ts 12707404543
[   94.009164][ T6579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.010723][ T6580]  post_alloc_hook+0x1c0/0x230
[   94.013124][ T6579] RIP: 0033:0x7f6bbd98e929
[   94.014814][ T6580]  get_page_from_freelist+0x1321/0x3890
[   94.015831][ T6579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.017246][ T6580]  __alloc_frozen_pages_noprof+0x261/0x23f0
[   94.019438][ T6579] RSP: 002b:00007f6bbe81d038 EFLAGS: 00000246
[   94.021213][ T6580]  alloc_pages_mpol+0x1fb/0x550
[   94.023439][ T6579]  ORIG_RAX: 0000000000000001
[   94.024917][ T6580]  new_slab+0x23b/0x330
[   94.026944][ T6579] RAX: ffffffffffffffda RBX: 00007f6bbdbb5fa0 RCX: 00007f6bbd98e929
[   94.028559][ T6580]  ___slab_alloc+0xd9c/0x1940
[   94.030807][ T6579] RDX: 00000000000000a0 RSI: 0000200000000900 RDI: 0000000000000004
[   94.032303][ T6580]  __slab_alloc.constprop.0+0x56/0xb0
[   94.034715][ T6579] RBP: 00007f6bbda10b39 R08: 0000000000000000 R09: 0000000000000000
[   94.035841][ T6580]  __kmalloc_cache_noprof+0xfb/0x3e0
[   94.037917][ T6579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.039493][ T6580]  call_usermodehelper_setup+0xaf/0x360
[   94.041806][ T6579] R13: 0000000000000000 R14: 00007f6bbdbb5fa0 R15: 00007fff295a4748
[   94.043533][ T6580]  kobject_uevent_env+0x1690/0x1870
[   94.045805][ T6579]  </TASK>
[   94.047798][ T6580]  device_add+0x10dd/0x1a70
[   94.049589][ T6579] Modules linked in:
[   94.051251][ T6580]  usb_new_device+0xd07/0x1a20
[   94.053268][ T6579] 
[   94.054757][ T6580]  register_root_hub+0x299/0x730
[   94.057302][ T6579] ---[ end trace 0000000000000000 ]---
[   94.058348][ T6580]  usb_add_hcd+0xaf2/0x1730
[   94.060998][ T6579] RIP: 0010:__mutex_lock+0x14f/0xb90
[   94.061866][ T6580]  dummy_hcd_probe+0x15c/0x380
[   94.063952][ T6579] Code: d0 7c 08 84 d2 0f 85 ab 07 00 00 8b 35 1a 59 56 0f 85 f6 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 60 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 93 07 00 00 48 3b 5b 60 0f 85 e0 01 00 00 bf 01
[   94.065334][ T6580]  platform_probe+0x102/0x1f0
[   94.065349][ T6580] page last free pid 839 tgid 839 stack trace:
[   94.065355][ T6580]  __free_frozen_pages+0x7fe/0x1180
[   94.065366][ T6580]  vfree+0x1fd/0xb50
[   94.065375][ T6580]  delayed_vfree_work+0x56/0x70
[   94.066953][ T6579] RSP: 0018:ffffc900016df8b0 EFLAGS: 00010202
[   94.068815][ T6580]  process_one_work+0x9cc/0x1b70
[   94.068830][ T6580]  worker_thread+0x6c8/0xf10
[   94.068839][ T6580]  kthread+0x3c2/0x780
[   94.068848][ T6580]  ret_from_fork+0x5d4/0x6f0
[   94.068863][ T6580]  ret_from_fork_asm+0x1a/0x30
[   94.068874][ T6580] 
[   94.068876][ T6580] Memory state around the buggy address:
[   94.068882][ T6580]  ffff888029e42a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.068890][ T6580]  ffff888029e42a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   94.068897][ T6580] >ffff888029e42b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.068902][ T6580]                                ^
[   94.070605][ T6579] 
[   94.071198][ T6580]  ffff888029e42b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   94.076176][ T6579] RAX: dffffc0000000000 RBX: 00000000000003b8 RCX: 1ffffffff35c0a00
[   94.077499][ T6580]  ffff888029e42c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.077507][ T6580] ==================================================================
[   94.077677][ T6580] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   94.082337][ T6580] Kernel Offset: disabled