Warning: Permanently added '[localhost]:33351' (ED25519) to the list of known hosts.
2025/08/27 14:00:42 parsed 1 programs
syzkaller login: [ 88.321901][ T5345] cgroup: Unknown subsys name 'net'
[ 88.408499][ T5345] cgroup: Unknown subsys name 'cpuset'
[ 88.415439][ T5345] cgroup: Unknown subsys name 'rlimit'
[ 90.156007][ T5345] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.904511][ T10] cfg80211: failed to load regulatory.db
[ 94.008096][ T5361] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 96.817336][ T5407] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.821478][ T5407] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.825834][ T5407] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.829469][ T5407] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.833077][ T5407] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 97.981522][ T5423] chnl_net:caif_netlink_parms(): no params data found
[ 98.052328][ T5423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.056497][ T5423] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.059672][ T5423] bridge_slave_0: entered allmulticast mode
[ 98.063473][ T5423] bridge_slave_0: entered promiscuous mode
[ 98.070583][ T5423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.073753][ T5423] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.077404][ T5423] bridge_slave_1: entered allmulticast mode
[ 98.080954][ T5423] bridge_slave_1: entered promiscuous mode
[ 98.106585][ T5423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 98.111755][ T5423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 98.135511][ T5423] team0: Port device team_slave_0 added
[ 98.140067][ T5423] team0: Port device team_slave_1 added
[ 98.165172][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 98.168228][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.179245][ T5423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.187534][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.190751][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.202180][ T5423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.239705][ T5423] hsr_slave_0: entered promiscuous mode
[ 98.242886][ T5423] hsr_slave_1: entered promiscuous mode
[ 98.398592][ T5423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 98.408737][ T5423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 98.415705][ T5423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 98.426512][ T5423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.462229][ T5423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.465597][ T5423] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.469639][ T5423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.472837][ T5423] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.533337][ T5423] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.549423][ T31] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.553424][ T31] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.567962][ T5423] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.577621][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.580828][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.597895][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.601295][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.792246][ T5423] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.833031][ T5423] veth0_vlan: entered promiscuous mode
[ 98.844456][ T5423] veth1_vlan: entered promiscuous mode
[ 98.873585][ T5423] veth0_macvtap: entered promiscuous mode
[ 98.882044][ T5423] veth1_macvtap: entered promiscuous mode
[ 98.901468][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.912185][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.923030][ T54] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.927895][ T54] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.931806][ T54] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.952629][ T54] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.113522][ T31] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.163796][ T31] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.217362][ T31] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.276650][ T31] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.317503][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.321260][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.361261][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.366516][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/08/27 14:00:56 executed programs: 0
[ 100.280895][ T5407] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 100.286308][ T5407] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 100.289847][ T5407] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 100.293889][ T5407] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 100.303437][ T5407] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.496158][ T5456] chnl_net:caif_netlink_parms(): no params data found
[ 100.565808][ T5456] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.568973][ T5456] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.572439][ T5456] bridge_slave_0: entered allmulticast mode
[ 100.577738][ T5456] bridge_slave_0: entered promiscuous mode
[ 100.582221][ T5456] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.587633][ T5456] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.590833][ T5456] bridge_slave_1: entered allmulticast mode
[ 100.596692][ T5456] bridge_slave_1: entered promiscuous mode
[ 100.627096][ T5456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.633677][ T5456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.663478][ T5456] team0: Port device team_slave_0 added
[ 100.669464][ T5456] team0: Port device team_slave_1 added
[ 100.698832][ T5456] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.701830][ T5456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.715582][ T5456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.727035][ T5456] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.730166][ T5456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.742490][ T5456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.778261][ T5456] hsr_slave_0: entered promiscuous mode
[ 100.781580][ T5456] hsr_slave_1: entered promiscuous mode
[ 100.785193][ T5456] debugfs: 'hsr0' already exists in 'hsr'
[ 100.787874][ T5456] Cannot create hsr debugfs directory
[ 101.917763][ T31] bridge_slave_1: left allmulticast mode
[ 101.920413][ T31] bridge_slave_1: left promiscuous mode
[ 101.923321][ T31] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.951703][ T31] bridge_slave_0: left allmulticast mode
[ 101.966931][ T31] bridge_slave_0: left promiscuous mode
[ 101.969272][ T31] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.377783][ T5407] Bluetooth: hci0: command tx timeout
[ 102.399535][ T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 102.406127][ T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 102.411159][ T31] bond0 (unregistering): Released all slaves
[ 102.533018][ T31] hsr_slave_0: left promiscuous mode
[ 102.546646][ T31] hsr_slave_1: left promiscuous mode
[ 102.549861][ T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 102.553307][ T31] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 102.566418][ T31] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 102.569719][ T31] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 102.597298][ T31] veth1_macvtap: left promiscuous mode
[ 102.599897][ T31] veth0_macvtap: left promiscuous mode
[ 102.602361][ T31] veth1_vlan: left promiscuous mode
[ 102.625324][ T31] veth0_vlan: left promiscuous mode
[ 103.107412][ T31] team0 (unregistering): Port device team_slave_1 removed
[ 103.125794][ T31] team0 (unregistering): Port device team_slave_0 removed
[ 103.697086][ T5456] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 103.710943][ T5456] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 103.737191][ T5456] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 103.957270][ T5456] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 104.391238][ T5456] 8021q: adding VLAN 0 to HW filter on device bond0
[ 104.455056][ T5407] Bluetooth: hci0: command tx timeout
[ 104.462436][ T5456] 8021q: adding VLAN 0 to HW filter on device team0
[ 104.481747][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 104.485155][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 104.513135][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 104.517608][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 104.750782][ T5456] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 104.787769][ T5456] veth0_vlan: entered promiscuous mode
[ 104.797115][ T5456] veth1_vlan: entered promiscuous mode
[ 104.827705][ T5456] veth0_macvtap: entered promiscuous mode
[ 104.833500][ T5456] veth1_macvtap: entered promiscuous mode
[ 104.851866][ T5456] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 104.872118][ T5456] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 104.883284][ T1049] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.892947][ T1049] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.905804][ T1049] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.910372][ T1049] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.971888][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.985604][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.008648][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.011983][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.082643][ T5500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 105.117948][ T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 105.123060][ T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 105.138524][ T43] wlan1: authenticated
[ 105.140723][ T5500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 105.148178][ T1049] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[ 105.151822][ T1049] wlan1: associated
[ 105.155790][ T5500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 105.163314][ T5500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 105.376175][ T5500] loop0: detected capacity change from 0 to 32768
[ 105.383272][ T5500] XFS: ikeep mount option is deprecated.
[ 105.410474][ T5500] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 105.445679][ T5500] XFS (loop0): Ending clean mount
[ 105.465112][ T5500] XFS (loop0): Quotacheck needed: Please wait.
[ 105.512000][ T5500] XFS (loop0): Quotacheck: Done.
[ 105.518821][ T5500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 106.032792][ T5456] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
2025/08/27 14:01:02 executed programs: 3
[ 106.210636][ T5509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 106.270831][ T5509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 106.276231][ T5509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 106.281304][ T54] wlan1: AP 08:02:11:00:00:00 tries to chanswitch to same channel, ignore
[ 106.285509][ T5509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 106.477582][ T5509] loop0: detected capacity change from 0 to 32768
[ 106.489941][ T5509] XFS: ikeep mount option is deprecated.
[ 106.535560][ T5407] Bluetooth: hci0: command tx timeout
[ 106.574816][ T5509] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 106.611293][ T5509] XFS (loop0): Ending clean mount
[ 106.627314][ T5509] XFS (loop0): Quotacheck needed: Please wait.
[ 106.657135][ T5509] XFS (loop0): Quotacheck: Done.
[ 106.665247][ T5509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 107.182440][ T5456] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 107.348301][ T54] ==================================================================
[ 107.352156][ T54] BUG: KASAN: slab-use-after-free in cmp_bss+0xd4d/0xe80
[ 107.356715][ T54] Read of size 4 at addr ffff88803f7f7398 by task kworker/u4:4/54
[ 107.361005][ T54]
[ 107.362156][ T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full)
[ 107.362172][ T54] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.362181][ T54] Workqueue: events_unbound cfg80211_wiphy_work
[ 107.362204][ T54] Call Trace:
[ 107.362212][ T54]
[ 107.362218][ T54] dump_stack_lvl+0x189/0x250
[ 107.362234][ T54] ? __kasan_check_byte+0x12/0x40
[ 107.362315][ T54] ? __pfx_dump_stack_lvl+0x10/0x10
[ 107.362327][ T54] ? lock_release+0x4b/0x3e0
[ 107.362345][ T54] ? __virt_addr_valid+0x4a5/0x5c0
[ 107.362360][ T54] print_report+0xca/0x240
[ 107.362371][ T54] ? cmp_bss+0xd4d/0xe80
[ 107.362382][ T54] kasan_report+0x118/0x150
[ 107.362393][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.362408][ T54] ? cmp_bss+0xd4d/0xe80
[ 107.362420][ T54] cmp_bss+0xd4d/0xe80
[ 107.362432][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.362445][ T54] __cfg80211_bss_update+0xdb/0x2120
[ 107.362457][ T54] ? do_raw_spin_lock+0x121/0x290
[ 107.362469][ T54] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.362481][ T54] ? trace_kmalloc+0x1f/0xd0
[ 107.362496][ T54] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0
[ 107.362509][ T54] cfg80211_inform_single_bss_data+0xba9/0x1ac0
[ 107.362523][ T54] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[ 107.362539][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.362553][ T54] ? cfg80211_inform_bss_data+0x1e8/0x3b30
[ 107.362565][ T54] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 107.362577][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.362589][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.362601][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.362611][ T54] ? unwind_next_frame+0x19ae/0x2390
[ 107.362623][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.362634][ T54] ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[ 107.362674][ T54] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 107.362688][ T54] ? arch_stack_walk+0x11c/0x150
[ 107.362703][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.362717][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.362732][ T54] ? __update_page_owner_handle+0x5a/0x570
[ 107.362750][ T54] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 107.362764][ T54] ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 107.362810][ T54] ieee80211_bss_info_update+0x746/0x9e0
[ 107.362826][ T54] ? __pfx_ieee80211_bss_info_update+0x10/0x10
[ 107.362841][ T54] ? ieee80211_get_channel_khz+0x15b/0x8a0
[ 107.362852][ T54] ieee80211_rx_bss_info+0x176/0x280
[ 107.362867][ T54] ieee80211_sta_rx_queued_mgmt+0x1294/0x4470
[ 107.362888][ T54] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[ 107.362904][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.362921][ T54] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 107.362943][ T54] ? arch_stack_walk+0x11c/0x150
[ 107.362958][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.362973][ T54] ? stack_trace_save+0x9c/0xe0
[ 107.362993][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.363010][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.363025][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.363043][ T54] ? kcov_remote_start+0x18e/0x7f0
[ 107.363061][ T54] ieee80211_iface_work+0x652/0x12d0
[ 107.363077][ T54] cfg80211_wiphy_work+0x2bb/0x470
[ 107.363091][ T54] ? process_scheduled_works+0x9ef/0x17b0
[ 107.363102][ T54] process_scheduled_works+0xae1/0x17b0
[ 107.363119][ T54] ? __pfx_process_scheduled_works+0x10/0x10
[ 107.363131][ T54] worker_thread+0x8a0/0xda0
[ 107.363141][ T54] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 107.363155][ T54] ? __kthread_parkme+0x7b/0x200
[ 107.363166][ T54] kthread+0x70e/0x8a0
[ 107.363179][ T54] ? __pfx_worker_thread+0x10/0x10
[ 107.363189][ T54] ? __pfx_kthread+0x10/0x10
[ 107.363203][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 107.363214][ T54] ? lockdep_hardirqs_on+0x9c/0x150
[ 107.363225][ T54] ? __pfx_kthread+0x10/0x10
[ 107.363235][ T54] ret_from_fork+0x3f9/0x770
[ 107.363250][ T54] ? __pfx_ret_from_fork+0x10/0x10
[ 107.363262][ T54] ? __pfx_kthread+0x10/0x10
[ 107.363272][ T54] ret_from_fork_asm+0x1a/0x30
[ 107.363287][ T54]
[ 107.363291][ T54]
[ 107.539516][ T54] Allocated by task 54:
[ 107.541308][ T54] kasan_save_track+0x3e/0x80
[ 107.543364][ T54] __kasan_kmalloc+0x93/0xb0
[ 107.545407][ T54] __kmalloc_noprof+0x27a/0x4f0
[ 107.547489][ T54] cfg80211_inform_single_bss_data+0x905/0x1ac0
[ 107.550272][ T54] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 107.553457][ T54] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 107.556402][ T54] ieee80211_bss_info_update+0x746/0x9e0
[ 107.558880][ T54] ieee80211_rx_bss_info+0x176/0x280
[ 107.561090][ T54] ieee80211_rx_mgmt_beacon+0x197d/0x2cd0
[ 107.563484][ T54] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 107.565978][ T54] ieee80211_iface_work+0x652/0x12d0
[ 107.568451][ T54] cfg80211_wiphy_work+0x2bb/0x470
[ 107.570869][ T54] process_scheduled_works+0xae1/0x17b0
[ 107.573458][ T54] worker_thread+0x8a0/0xda0
[ 107.575506][ T54] kthread+0x70e/0x8a0
[ 107.577413][ T54] ret_from_fork+0x3f9/0x770
[ 107.579449][ T54] ret_from_fork_asm+0x1a/0x30
[ 107.581515][ T54]
[ 107.582521][ T54] Freed by task 1049:
[ 107.584386][ T54] kasan_save_track+0x3e/0x80
[ 107.586502][ T54] kasan_save_free_info+0x46/0x50
[ 107.588882][ T54] __kasan_slab_free+0x5b/0x80
[ 107.590939][ T54] kmem_cache_free_bulk+0x2d1/0x520
[ 107.593049][ T54] kvfree_rcu_bulk+0xe5/0x1f0
[ 107.595066][ T54] kfree_rcu_monitor+0x211/0x2a0
[ 107.597151][ T54] process_scheduled_works+0xae1/0x17b0
[ 107.599729][ T54] worker_thread+0x8a0/0xda0
[ 107.601777][ T54] kthread+0x70e/0x8a0
[ 107.603588][ T54] ret_from_fork+0x3f9/0x770
[ 107.605543][ T54] ret_from_fork_asm+0x1a/0x30
[ 107.607545][ T54]
[ 107.608650][ T54] Last potentially related work creation:
[ 107.611271][ T54] kasan_save_stack+0x3e/0x60
[ 107.613303][ T54] kasan_record_aux_stack+0xbd/0xd0
[ 107.615528][ T54] kvfree_call_rcu+0xbb/0x410
[ 107.617528][ T54] cfg80211_update_known_bss+0x454/0x1330
[ 107.619980][ T54] cfg80211_update_assoc_bss_entry+0x4ba/0x6a0
[ 107.622638][ T54] cfg80211_ch_switch_notify+0x3c1/0x780
[ 107.624869][ T54] ieee80211_sta_process_chanswitch+0xad4/0x2870
[ 107.627552][ T54] ieee80211_rx_mgmt_beacon+0x19c7/0x2cd0
[ 107.629954][ T54] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 107.632393][ T54] ieee80211_iface_work+0x652/0x12d0
[ 107.635203][ T54] cfg80211_wiphy_work+0x2bb/0x470
[ 107.637440][ T54] process_scheduled_works+0xae1/0x17b0
[ 107.639600][ T54] worker_thread+0x8a0/0xda0
[ 107.641578][ T54] kthread+0x70e/0x8a0
[ 107.643305][ T54] ret_from_fork+0x3f9/0x770
[ 107.645095][ T54] ret_from_fork_asm+0x1a/0x30
[ 107.647045][ T54]
[ 107.648034][ T54] The buggy address belongs to the object at ffff88803f7f7380
[ 107.648034][ T54] which belongs to the cache kmalloc-96 of size 96
[ 107.653374][ T54] The buggy address is located 24 bytes inside of
[ 107.653374][ T54] freed 96-byte region [ffff88803f7f7380, ffff88803f7f73e0)
[ 107.659086][ T54]
[ 107.660191][ T54] The buggy address belongs to the physical page:
[ 107.662828][ T54] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803f7f7100 pfn:0x3f7f7
[ 107.666813][ T54] flags: 0x4fff00000000200(workingset|node=1|zone=1|lastcpupid=0x7ff)
[ 107.670182][ T54] page_type: f5(slab)
[ 107.671905][ T54] raw: 04fff00000000200 ffff88801a441280 ffff8880304001c8 ffffea00015d4990
[ 107.675552][ T54] raw: ffff88803f7f7100 0000000000200015 00000000f5000000 0000000000000000
[ 107.678831][ T54] page dumped because: kasan: bad access detected
[ 107.681274][ T54] page_owner tracks the page as allocated
[ 107.683797][ T54] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5449, tgid 5449 (syz-executor), ts 99475727859, free_ts 99465337049
[ 107.692514][ T54] post_alloc_hook+0x240/0x2a0
[ 107.694716][ T54] get_page_from_freelist+0x21e4/0x22c0
[ 107.697271][ T54] __alloc_frozen_pages_noprof+0x181/0x370
[ 107.699952][ T54] allocate_slab+0x65/0x370
[ 107.702067][ T54] ___slab_alloc+0xbeb/0x1410
[ 107.704231][ T54] __kmalloc_node_noprof+0x2fd/0x4e0
[ 107.706632][ T54] allocate_slab+0x16a/0x370
[ 107.709180][ T54] ___slab_alloc+0xbeb/0x1410
[ 107.711298][ T54] kmem_cache_alloc_lru_noprof+0x288/0x3d0
[ 107.713822][ T54] alloc_inode+0x6a/0x1b0
[ 107.715954][ T54] new_inode+0x22/0x170
[ 107.718068][ T54] __debugfs_create_file+0x14d/0x4f0
[ 107.720495][ T54] debugfs_create_file_full+0x3f/0x60
[ 107.722667][ T54] ref_tracker_dir_debugfs+0x14e/0x270
[ 107.724866][ T54] alloc_netdev_mqs+0x26f/0x11b0
[ 107.727050][ T54] __ip_tunnel_create+0x349/0x560
[ 107.729079][ T54] page last free pid 50 tgid 50 stack trace:
[ 107.731614][ T54] __free_frozen_pages+0xbc4/0xd30
[ 107.733730][ T54] vfree+0x25a/0x400
[ 107.735580][ T54] delayed_vfree_work+0x55/0x80
[ 107.738107][ T54] process_scheduled_works+0xae1/0x17b0
[ 107.740912][ T54] worker_thread+0x8a0/0xda0
[ 107.743413][ T54] kthread+0x70e/0x8a0
[ 107.745291][ T54] ret_from_fork+0x3f9/0x770
[ 107.747446][ T54] ret_from_fork_asm+0x1a/0x30
[ 107.749502][ T54]
[ 107.750581][ T54] Memory state around the buggy address:
[ 107.752918][ T54] ffff88803f7f7280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 107.756330][ T54] ffff88803f7f7300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 107.759666][ T54] >ffff88803f7f7380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 107.763006][ T54] ^
[ 107.765086][ T54] ffff88803f7f7400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 107.768511][ T54] ffff88803f7f7480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 107.771984][ T54] ==================================================================
[ 107.775514][ T54] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 107.778353][ T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full)
[ 107.782053][ T54] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.786231][ T54] Workqueue: events_unbound cfg80211_wiphy_work
[ 107.788895][ T54] Call Trace:
[ 107.790613][ T54]
[ 107.791979][ T54] dump_stack_lvl+0x99/0x250
[ 107.793930][ T54] ? __asan_memcpy+0x40/0x70
[ 107.796070][ T54] ? __pfx_dump_stack_lvl+0x10/0x10
[ 107.798441][ T54] ? __pfx__printk+0x10/0x10
[ 107.800581][ T54] vpanic+0x281/0x750
[ 107.802249][ T54] ? __pfx_vpanic+0x10/0x10
[ 107.804323][ T54] ? irqentry_exit+0x74/0x90
[ 107.806383][ T54] panic+0xb9/0xc0
[ 107.807971][ T54] ? __pfx_panic+0x10/0x10
[ 107.809916][ T54] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 107.812491][ T54] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 107.815156][ T54] ? cmp_bss+0xd4d/0xe80
[ 107.817074][ T54] check_panic_on_warn+0x89/0xb0
[ 107.819302][ T54] ? cmp_bss+0xd4d/0xe80
[ 107.821281][ T54] end_report+0x78/0x160
[ 107.823274][ T54] kasan_report+0x129/0x150
[ 107.825255][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.827405][ T54] ? cmp_bss+0xd4d/0xe80
[ 107.829192][ T54] cmp_bss+0xd4d/0xe80
[ 107.831053][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.833085][ T54] __cfg80211_bss_update+0xdb/0x2120
[ 107.835431][ T54] ? do_raw_spin_lock+0x121/0x290
[ 107.837515][ T54] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 107.840107][ T54] ? trace_kmalloc+0x1f/0xd0
[ 107.842263][ T54] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0
[ 107.844944][ T54] cfg80211_inform_single_bss_data+0xba9/0x1ac0
[ 107.847615][ T54] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[ 107.850272][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.852338][ T54] ? cfg80211_inform_bss_data+0x1e8/0x3b30
[ 107.854926][ T54] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 107.857151][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.859223][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.861375][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.863388][ T54] ? unwind_next_frame+0x19ae/0x2390
[ 107.865661][ T54] ? unwind_next_frame+0xa5/0x2390
[ 107.867841][ T54] ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[ 107.870319][ T54] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 107.872816][ T54] ? arch_stack_walk+0x11c/0x150
[ 107.874933][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.877063][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.879145][ T54] ? __update_page_owner_handle+0x5a/0x570
[ 107.881718][ T54] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 107.884152][ T54] ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 107.886539][ T54] ieee80211_bss_info_update+0x746/0x9e0
[ 107.888831][ T54] ? __pfx_ieee80211_bss_info_update+0x10/0x10
[ 107.891388][ T54] ? ieee80211_get_channel_khz+0x15b/0x8a0
[ 107.893741][ T54] ieee80211_rx_bss_info+0x176/0x280
[ 107.895919][ T54] ieee80211_sta_rx_queued_mgmt+0x1294/0x4470
[ 107.898513][ T54] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[ 107.900920][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.903031][ T54] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 107.905714][ T54] ? arch_stack_walk+0x11c/0x150
[ 107.908004][ T54] ? ret_from_fork_asm+0x1a/0x30
[ 107.910254][ T54] ? stack_trace_save+0x9c/0xe0
[ 107.912450][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.914626][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.916686][ T54] ? __lock_acquire+0xab9/0xd20
[ 107.918822][ T54] ? kcov_remote_start+0x18e/0x7f0
[ 107.921267][ T54] ieee80211_iface_work+0x652/0x12d0
[ 107.923584][ T54] cfg80211_wiphy_work+0x2bb/0x470
[ 107.925810][ T54] ? process_scheduled_works+0x9ef/0x17b0
[ 107.928326][ T54] process_scheduled_works+0xae1/0x17b0
[ 107.930915][ T54] ? __pfx_process_scheduled_works+0x10/0x10
[ 107.933722][ T54] worker_thread+0x8a0/0xda0
[ 107.936060][ T54] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 107.939196][ T54] ? __kthread_parkme+0x7b/0x200
[ 107.941564][ T54] kthread+0x70e/0x8a0
[ 107.943265][ T54] ? __pfx_worker_thread+0x10/0x10
[ 107.945435][ T54] ? __pfx_kthread+0x10/0x10
[ 107.947420][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 107.949643][ T54] ? lockdep_hardirqs_on+0x9c/0x150
[ 107.952034][ T54] ? __pfx_kthread+0x10/0x10
[ 107.954127][ T54] ret_from_fork+0x3f9/0x770
[ 107.956225][ T54] ? __pfx_ret_from_fork+0x10/0x10
[ 107.958506][ T54] ? __pfx_kthread+0x10/0x10
[ 107.960640][ T54] ret_from_fork_asm+0x1a/0x30
[ 107.963078][ T54]
[ 107.964971][ T54] Kernel Offset: disabled
[ 107.967128][ T54] Rebooting in 86400 seconds..
VM DIAGNOSIS:
14:01:03 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000007a RBX=000000000000007a RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000101e450
R8 =ffff888033e30237 R9 =1ffff110067c6046 R10=dffffc0000000000 R11=ffffffff8550c280
R12=dffffc0000000000 R13=ffffffff99b058e2 R14=ffffffff99dfa820 R15=0000000000000000
RIP=ffffffff8550c2fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d210000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=0000000050001000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000004000 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000316e616c77
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc94c94b6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc94c94b6 00007ffdc94c94bc
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1643212e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1643212e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1643212e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1643212e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1643212ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1643212fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000110208 0000001102080100 0011020800000050
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8201010202020202 0206000001006400 0000000000000000 0000000011020800
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c667265766f20 6772612061746164 000a747261745374 6f68000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49435740534a05 4257440544514441 000a515744515351 4a4d5655444b5300
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000