[   76.379070][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[   76.381579][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '[localhost]:46766' (ED25519) to the list of known hosts.
2025/07/26 01:48:42 ignoring optional flag "sandboxArg"="0"
2025/07/26 01:48:43 parsed 1 programs
[   82.636745][   T40] audit: type=1400 audit(1753494525.985:117): avc:  denied  { unlink } for  pid=6242 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   83.599364][ T6242] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   85.591369][   T40] audit: type=1401 audit(1753494528.935:118): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   86.264789][ T6298] chnl_net:caif_netlink_parms(): no params data found
[   86.327498][ T6298] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.329861][ T6298] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.332155][ T6298] bridge_slave_0: entered allmulticast mode
[   86.334952][ T6298] bridge_slave_0: entered promiscuous mode
[   86.338033][ T6298] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.340289][ T6298] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.342514][ T6298] bridge_slave_1: entered allmulticast mode
[   86.345232][ T6298] bridge_slave_1: entered promiscuous mode
[   86.381596][ T6298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.386016][ T6298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.415849][ T6298] team0: Port device team_slave_0 added
[   86.419579][ T6298] team0: Port device team_slave_1 added
[   86.450663][ T6298] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.452879][ T6298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.461295][ T6298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.466037][ T6298] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.468294][ T6298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.476440][ T6298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.516103][ T6298] hsr_slave_0: entered promiscuous mode
[   86.518269][ T6298] hsr_slave_1: entered promiscuous mode
[   86.607841][  T836] cfg80211: failed to load regulatory.db
[   87.085470][ T6298] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.090672][ T6298] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.097060][ T6298] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.103856][ T6298] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.127766][ T6298] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.130874][ T6298] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.134414][ T6298] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.137549][ T6298] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.170974][ T6298] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.175493][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.178842][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.198038][ T6298] 8021q: adding VLAN 0 to HW filter on device team0
[   87.203895][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.206172][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.211928][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.214385][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.336572][ T6298] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.361966][ T6298] veth0_vlan: entered promiscuous mode
[   87.371430][ T6298] veth1_vlan: entered promiscuous mode
[   87.395346][ T6298] veth0_macvtap: entered promiscuous mode
[   87.401066][ T6298] veth1_macvtap: entered promiscuous mode
[   87.414426][ T6298] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.425111][ T6298] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.431713][ T6298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.435387][ T6298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.438717][ T6298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.442254][ T6298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.569072][ T1140] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.644881][ T1140] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.809150][ T1140] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.885770][ T1140] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.982471][ T5311] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.985651][ T5311] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.988358][ T5311] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.991752][ T5311] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.996338][ T5311] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.426574][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.430944][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.448543][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.451520][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/26 01:48:52 executed programs: 0
[   88.845103][ T5311] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.848267][ T5311] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.851595][ T5311] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.855933][ T5311] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.859477][ T5311] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.950927][ T6445] chnl_net:caif_netlink_parms(): no params data found
[   89.044907][ T6445] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.048018][ T6445] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.051595][ T6445] bridge_slave_0: entered allmulticast mode
[   89.060829][ T6445] bridge_slave_0: entered promiscuous mode
[   89.070624][ T6445] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.073703][ T6445] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.078949][ T6445] bridge_slave_1: entered allmulticast mode
[   89.083145][ T6445] bridge_slave_1: entered promiscuous mode
[   89.122187][ T6445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.128875][ T6445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.172249][ T6445] team0: Port device team_slave_0 added
[   89.177791][ T6445] team0: Port device team_slave_1 added
[   89.231389][ T6445] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.234341][ T6445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.243184][ T6445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.247910][ T6445] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.250541][ T6445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.259928][ T6445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.301205][ T6445] hsr_slave_0: entered promiscuous mode
[   89.303424][ T6445] hsr_slave_1: entered promiscuous mode
[   89.305548][ T6445] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.307904][ T6445] Cannot create hsr debugfs directory
[   90.293835][ T1140] bridge_slave_1: left allmulticast mode
[   90.296898][ T1140] bridge_slave_1: left promiscuous mode
[   90.298765][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.302420][ T1140] bridge_slave_0: left allmulticast mode
[   90.304302][ T1140] bridge_slave_0: left promiscuous mode
[   90.306536][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.508743][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   90.513135][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   90.517340][ T1140] bond0 (unregistering): Released all slaves
[   90.680369][ T1140] hsr_slave_0: left promiscuous mode
[   90.683805][ T1140] hsr_slave_1: left promiscuous mode
[   90.689034][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.691315][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0
[   90.693899][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.696392][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1
[   90.717098][ T1140] veth1_macvtap: left promiscuous mode
[   90.719515][ T1140] veth0_macvtap: left promiscuous mode
[   90.721903][ T1140] veth1_vlan: left promiscuous mode
[   90.724172][ T1140] veth0_vlan: left promiscuous mode
[   90.925060][ T5311] Bluetooth: hci0: command tx timeout
[   91.098527][ T1140] team0 (unregistering): Port device team_slave_1 removed
[   91.136734][ T1140] team0 (unregistering): Port device team_slave_0 removed
[   91.855590][ T6445] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.863849][ T6445] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.868444][ T6445] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.872518][ T6445] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.926523][ T6445] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.936375][ T6445] 8021q: adding VLAN 0 to HW filter on device team0
[   91.949583][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.952671][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.958168][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.961227][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.242941][ T6445] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.269961][ T6445] veth0_vlan: entered promiscuous mode
[   92.279191][ T6445] veth1_vlan: entered promiscuous mode
[   92.294478][ T6445] veth0_macvtap: entered promiscuous mode
[   92.301121][ T6445] veth1_macvtap: entered promiscuous mode
[   92.322432][ T6445] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.329533][ T6445] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.334232][ T6445] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.337179][ T6445] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.339655][ T6445] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.342138][ T6445] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.387505][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.389938][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.403457][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.407322][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.433048][   T40] audit: type=1400 audit(1753494535.775:119): avc:  denied  { create } for  pid=6539 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   92.439459][   T40] audit: type=1400 audit(1753494535.775:120): avc:  denied  { write } for  pid=6539 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   92.484319][   T40] audit: type=1400 audit(1753494535.825:121): avc:  denied  { read write } for  pid=6539 comm="syz.0.16" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   92.492339][   T40] audit: type=1400 audit(1753494535.825:122): avc:  denied  { open } for  pid=6539 comm="syz.0.16" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   92.529062][ T6540] infiniband syz1: set active
[   92.531138][ T6540] infiniband syz1: added syz_tun
[   92.555235][ T6540] RDS/IB: syz1: added
[   92.556953][ T6540] smc: adding ib device syz1 with port count 1
[   92.558987][ T6540] smc:    ib device syz1 port 1 has pnetid 
[   92.654224][ T6545] syz1: rxe_newlink: already configured on syz_tun
[   92.668616][ T6548] syz1: rxe_newlink: already configured on syz_tun
[   92.672199][ T1140] ==================================================================
[   92.674984][ T1140] BUG: KASAN: slab-use-after-free in ucma_create_uevent+0x8d1/0xd70
[   92.677451][ T1140] Write of size 4 at addr ffff88802a9566b0 by task kworker/u32:5/1140
[   92.681306][ T1140] 
[   92.682081][ T1140] CPU: 2 UID: 0 PID: 1140 Comm: kworker/u32:5 Not tainted 6.16.0-rc7-syzkaller-g5f33ebd2018c-dirty #0 PREEMPT(full) 
[   92.682095][ T1140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   92.682102][ T1140] Workqueue: rdma_cm cma_iboe_join_work_handler
[   92.682118][ T1140] Call Trace:
[   92.682122][ T1140]  <TASK>
[   92.682126][ T1140]  dump_stack_lvl+0x116/0x1f0
[   92.682143][ T1140]  print_report+0xcd/0x630
[   92.682159][ T1140]  ? __virt_addr_valid+0x81/0x610
[   92.682172][ T1140]  ? __phys_addr+0xe8/0x180
[   92.682184][ T1140]  ? ucma_create_uevent+0x8d1/0xd70
[   92.682193][ T1140]  kasan_report+0xe0/0x110
[   92.682208][ T1140]  ? ucma_create_uevent+0x8d1/0xd70
[   92.682219][ T1140]  kasan_check_range+0x100/0x1b0
[   92.682229][ T1140]  ucma_create_uevent+0x8d1/0xd70
[   92.682238][ T1140]  ? debug_object_deactivate+0x1ec/0x3a0
[   92.682251][ T1140]  ucma_event_handler+0x102/0x940
[   92.682261][ T1140]  ? rcu_is_watching+0x12/0xc0
[   92.682275][ T1140]  cma_cm_event_handler+0x97/0x300
[   92.682287][ T1140]  cma_iboe_join_work_handler+0xca/0x170
[   92.682299][ T1140]  process_one_work+0x9cc/0x1b70
[   92.682313][ T1140]  ? __pfx_process_one_work+0x10/0x10
[   92.682326][ T1140]  ? assign_work+0x1a0/0x250
[   92.682336][ T1140]  worker_thread+0x6c8/0xf10
[   92.682349][ T1140]  ? __pfx_worker_thread+0x10/0x10
[   92.682360][ T1140]  kthread+0x3c2/0x780
[   92.682370][ T1140]  ? __pfx_kthread+0x10/0x10
[   92.682380][ T1140]  ? rcu_is_watching+0x12/0xc0
[   92.682393][ T1140]  ? __pfx_kthread+0x10/0x10
[   92.682403][ T1140]  ret_from_fork+0x5d4/0x6f0
[   92.682418][ T1140]  ? __pfx_kthread+0x10/0x10
[   92.682428][ T1140]  ret_from_fork_asm+0x1a/0x30
[   92.682442][ T1140]  </TASK>
[   92.682446][ T1140] 
[   92.743351][ T1140] Allocated by task 6548:
[   92.744715][ T1140]  kasan_save_stack+0x33/0x60
[   92.746200][ T1140]  kasan_save_track+0x14/0x30
[   92.747694][ T1140]  __kasan_kmalloc+0xaa/0xb0
[   92.749169][ T1140]  ucma_process_join+0x233/0xb90
[   92.750735][ T1140]  ucma_join_multicast+0xe8/0x160
[   92.752314][ T1140]  ucma_write+0x1fb/0x330
[   92.753681][ T1140]  vfs_write+0x29d/0x1150
[   92.755039][ T1140]  ksys_write+0x1f8/0x250
[   92.756419][ T1140]  do_syscall_64+0xcd/0x4c0
[   92.757870][ T1140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.759722][ T1140] 
[   92.760509][ T1140] Freed by task 6548:
[   92.761766][ T1140]  kasan_save_stack+0x33/0x60
[   92.763265][ T1140]  kasan_save_track+0x14/0x30
[   92.764742][ T1140]  kasan_save_free_info+0x3b/0x60
[   92.766317][ T1140]  __kasan_slab_free+0x51/0x70
[   92.767830][ T1140]  kfree+0x2b4/0x4d0
[   92.769076][ T1140]  ucma_process_join+0x763/0xb90
[   92.770640][ T1140]  ucma_join_multicast+0xe8/0x160
[   92.772220][ T1140]  ucma_write+0x1fb/0x330
[   92.773583][ T1140]  vfs_write+0x29d/0x1150
[   92.774947][ T1140]  ksys_write+0x1f8/0x250
[   92.776353][ T1140]  do_syscall_64+0xcd/0x4c0
[   92.777973][ T1140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.779845][ T1140] 
[   92.780648][ T1140] The buggy address belongs to the object at ffff88802a956600
[   92.780648][ T1140]  which belongs to the cache kmalloc-192 of size 192
[   92.784886][ T1140] The buggy address is located 176 bytes inside of
[   92.784886][ T1140]  freed 192-byte region [ffff88802a956600, ffff88802a9566c0)
[   92.789114][ T1140] 
[   92.789890][ T1140] The buggy address belongs to the physical page:
[   92.791913][ T1140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a956
[   92.794618][ T1140] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   92.796828][ T1140] page_type: f5(slab)
[   92.798101][ T1140] raw: 00fff00000000000 ffff88801b8423c0 dead000000000122 0000000000000000
[   92.800716][ T1140] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   92.803362][ T1140] page dumped because: kasan: bad access detected
[   92.805351][ T1140] page_owner tracks the page as allocated
[   92.807114][ T1140] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 6445, tgid 6445 (syz-executor), ts 92358145050, free_ts 92277395639
[   92.813061][ T1140]  post_alloc_hook+0x1c0/0x230
[   92.814572][ T1140]  get_page_from_freelist+0x1321/0x3890
[   92.816307][ T1140]  __alloc_frozen_pages_noprof+0x261/0x23f0
[   92.818157][ T1140]  new_slab+0x94/0x330
[   92.819460][ T1140]  ___slab_alloc+0xd9c/0x1940
[   92.820958][ T1140]  __slab_alloc.constprop.0+0x56/0xb0
[   92.822635][ T1140]  __kmalloc_node_noprof+0x2ed/0x500
[   92.824186][ T1140]  alloc_slab_obj_exts+0x41/0xa0
[   92.825669][ T1140]  new_slab+0x283/0x330
[   92.826981][ T1140]  ___slab_alloc+0xd9c/0x1940
[   92.828480][ T1140]  __slab_alloc.constprop.0+0x56/0xb0
[   92.830188][ T1140]  kmem_cache_alloc_lru_noprof+0xf4/0x3b0
[   92.831976][ T1140]  sock_alloc_inode+0x25/0x1c0
[   92.833511][ T1140]  alloc_inode+0x61/0x240
[   92.834874][ T1140]  sock_alloc+0x40/0x280
[   92.836225][ T1140]  __sock_create+0xc1/0x8d0
[   92.837654][ T1140] page last free pid 23 tgid 23 stack trace:
[   92.839527][ T1140]  __free_frozen_pages+0x7fe/0x1180
[   92.841185][ T1140]  tlb_remove_table_rcu+0x116/0x1a0
[   92.842815][ T1140]  rcu_core+0x79c/0x14e0
[   92.844186][ T1140]  handle_softirqs+0x219/0x8e0
[   92.845706][ T1140]  run_ksoftirqd+0x3a/0x60
[   92.847123][ T1140]  smpboot_thread_fn+0x3f4/0xae0
[   92.848698][ T1140]  kthread+0x3c2/0x780
[   92.849983][ T1140]  ret_from_fork+0x5d4/0x6f0
[   92.851481][ T1140]  ret_from_fork_asm+0x1a/0x30
[   92.852989][ T1140] 
[   92.853759][ T1140] Memory state around the buggy address:
[   92.855517][ T1140]  ffff88802a956580: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   92.857989][ T1140]  ffff88802a956600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.860496][ T1140] >ffff88802a956680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   92.862964][ T1140]                                      ^
[   92.864714][ T1140]  ffff88802a956700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.867200][ T1140]  ffff88802a956780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.869672][ T1140] ==================================================================
[   92.873359][ T1140] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   92.875680][ T1140] CPU: 0 UID: 0 PID: 1140 Comm: kworker/u32:5 Not tainted 6.16.0-rc7-syzkaller-g5f33ebd2018c-dirty #0 PREEMPT(full) 
[   92.879404][ T1140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   92.883386][ T1140] Workqueue: rdma_cm cma_iboe_join_work_handler
[   92.885375][ T1140] Call Trace:
[   92.886485][ T1140]  <TASK>
[   92.887448][ T1140]  dump_stack_lvl+0x3d/0x1f0
[   92.888927][ T1140]  panic+0x71c/0x800
[   92.890232][ T1140]  ? __pfx_panic+0x10/0x10
[   92.892173][ T1140]  ? irqentry_exit+0x3b/0x90
[   92.894129][ T1140]  ? lockdep_hardirqs_on+0x7c/0x110
[   92.896238][ T1140]  ? preempt_schedule_thunk+0x16/0x30
[   92.897932][ T1140]  ? ucma_create_uevent+0x8d1/0xd70
[   92.899622][ T1140]  ? preempt_schedule_common+0x44/0xc0
[   92.901554][ T1140]  ? check_panic_on_warn+0x1f/0xb0
[   92.903168][ T1140]  ? ucma_create_uevent+0x8d1/0xd70
[   92.904787][ T1140]  check_panic_on_warn+0xab/0xb0
[   92.906517][ T1140]  end_report+0x107/0x170
[   92.908048][ T1140]  kasan_report+0xee/0x110
[   92.909906][ T1140]  ? ucma_create_uevent+0x8d1/0xd70
[   92.912070][ T1140]  kasan_check_range+0x100/0x1b0
[   92.913945][ T1140]  ucma_create_uevent+0x8d1/0xd70
[   92.915908][ T1140]  ? debug_object_deactivate+0x1ec/0x3a0
[   92.918141][ T1140]  ucma_event_handler+0x102/0x940
[   92.920228][ T1140]  ? rcu_is_watching+0x12/0xc0
[   92.921885][ T1140]  cma_cm_event_handler+0x97/0x300
[   92.923508][ T1140]  cma_iboe_join_work_handler+0xca/0x170
[   92.925261][ T1140]  process_one_work+0x9cc/0x1b70
[   92.926822][ T1140]  ? __pfx_process_one_work+0x10/0x10
[   92.928613][ T1140]  ? assign_work+0x1a0/0x250
[   92.930112][ T1140]  worker_thread+0x6c8/0xf10
[   92.932049][ T1140]  ? __pfx_worker_thread+0x10/0x10
[   92.934181][ T1140]  kthread+0x3c2/0x780
[   92.935883][ T1140]  ? __pfx_kthread+0x10/0x10
[   92.937829][ T1140]  ? rcu_is_watching+0x12/0xc0
[   92.939752][ T1140]  ? __pfx_kthread+0x10/0x10
[   92.941399][ T1140]  ret_from_fork+0x5d4/0x6f0
[   92.943075][ T1140]  ? __pfx_kthread+0x10/0x10
[   92.944877][ T1140]  ret_from_fork_asm+0x1a/0x30
[   92.946879][ T1140]  </TASK>
[   92.948951][ T1140] Kernel Offset: disabled
[   92.950393][ T1140] Rebooting in 86400 seconds..