Warning: Permanently added '[localhost]:37504' (ED25519) to the list of known hosts.
2025/09/01 13:15:37 parsed 1 programs
syzkaller login: [ 84.393736][ T5346] cgroup: Unknown subsys name 'net'
[ 84.461627][ T5346] cgroup: Unknown subsys name 'cpuset'
[ 84.469247][ T5346] cgroup: Unknown subsys name 'rlimit'
[ 86.099877][ T5346] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 90.359003][ T5361] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 90.661767][ T5366] chnl_net:caif_netlink_parms(): no params data found
[ 90.746008][ T5366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.749975][ T5366] bridge0: port 1(bridge_slave_0) entered disabled state
[ 90.753340][ T5366] bridge_slave_0: entered allmulticast mode
[ 90.762831][ T5366] bridge_slave_0: entered promiscuous mode
[ 90.769497][ T5366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.772664][ T5366] bridge0: port 2(bridge_slave_1) entered disabled state
[ 90.776689][ T5366] bridge_slave_1: entered allmulticast mode
[ 90.780506][ T5366] bridge_slave_1: entered promiscuous mode
[ 90.807584][ T5366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 90.813985][ T5366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 90.842410][ T5366] team0: Port device team_slave_0 added
[ 90.847484][ T5366] team0: Port device team_slave_1 added
[ 90.868768][ T5366] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 90.871849][ T5366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.883632][ T5366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 90.890371][ T5366] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.893411][ T5366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.905992][ T5366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.939899][ T5366] hsr_slave_0: entered promiscuous mode
[ 90.944471][ T5366] hsr_slave_1: entered promiscuous mode
[ 91.133888][ T5366] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 91.144696][ T5366] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 91.153882][ T5366] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 91.161339][ T5366] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 91.200273][ T5366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.203458][ T5366] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.207258][ T5366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.210417][ T5366] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.265122][ T5366] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.280340][ T183] bridge0: port 1(bridge_slave_0) entered disabled state
[ 91.285200][ T183] bridge0: port 2(bridge_slave_1) entered disabled state
[ 91.299583][ T5366] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.311727][ T183] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.314986][ T183] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.328028][ T183] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.331134][ T183] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.539262][ T5366] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.577671][ T5366] veth0_vlan: entered promiscuous mode
[ 91.589067][ T5366] veth1_vlan: entered promiscuous mode
[ 91.620396][ T5366] veth0_macvtap: entered promiscuous mode
[ 91.629752][ T5366] veth1_macvtap: entered promiscuous mode
[ 91.648143][ T5366] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 91.659015][ T5366] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 91.670431][ T1037] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.681209][ T1037] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.694718][ T1037] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.714663][ T1037] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.841999][ T1037] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 91.892008][ T1037] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 91.937274][ T1037] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 91.957837][ T10] cfg80211: failed to load regulatory.db
[ 92.009341][ T1037] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.637085][ T183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.640497][ T183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.686587][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.690191][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.194080][ T5438] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 94.199949][ T5438] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 94.204390][ T5438] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 94.209585][ T5438] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 94.212871][ T5438] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 94.258049][ T1037] bridge_slave_1: left allmulticast mode
[ 94.260661][ T1037] bridge_slave_1: left promiscuous mode
[ 94.263985][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.317578][ T1037] bridge_slave_0: left allmulticast mode
[ 94.320259][ T1037] bridge_slave_0: left promiscuous mode
[ 94.322851][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.937804][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 94.958435][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 94.966646][ T1037] bond0 (unregistering): Released all slaves
[ 95.079835][ T1037] hsr_slave_0: left promiscuous mode
[ 95.090726][ T1037] hsr_slave_1: left promiscuous mode
[ 95.106107][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 95.109495][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 95.127822][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 95.136244][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 95.168069][ T1037] veth1_macvtap: left promiscuous mode
[ 95.170628][ T1037] veth0_macvtap: left promiscuous mode
[ 95.173031][ T1037] veth1_vlan: left promiscuous mode
[ 95.175293][ T1037] veth0_vlan: left promiscuous mode
[ 95.833190][ T1037] team0 (unregistering): Port device team_slave_1 removed
[ 95.853504][ T1037] team0 (unregistering): Port device team_slave_0 removed
[ 96.268174][ T5438] Bluetooth: hci0: command tx timeout
2025/09/01 13:15:54 executed programs: 0
[ 99.131139][ T4703] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.135355][ T4703] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.141460][ T4703] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.147415][ T4703] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.150907][ T4703] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.348268][ T5488] chnl_net:caif_netlink_parms(): no params data found
[ 99.423329][ T5488] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.426578][ T5488] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.429847][ T5488] bridge_slave_0: entered allmulticast mode
[ 99.433615][ T5488] bridge_slave_0: entered promiscuous mode
[ 99.439727][ T5488] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.442787][ T5488] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.446475][ T5488] bridge_slave_1: entered allmulticast mode
[ 99.450434][ T5488] bridge_slave_1: entered promiscuous mode
[ 99.477877][ T5488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 99.484227][ T5488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 99.508565][ T5488] team0: Port device team_slave_0 added
[ 99.513358][ T5488] team0: Port device team_slave_1 added
[ 99.536744][ T5488] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 99.539701][ T5488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 99.551596][ T5488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 99.558466][ T5488] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 99.561500][ T5488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 99.572982][ T5488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 99.608485][ T5488] hsr_slave_0: entered promiscuous mode
[ 99.611681][ T5488] hsr_slave_1: entered promiscuous mode
[ 100.071556][ T5488] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 100.087442][ T5488] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 100.099258][ T5488] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 100.121819][ T5488] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 100.174439][ T5488] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.177773][ T5488] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 100.181038][ T5488] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.184722][ T5488] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.315995][ T5488] 8021q: adding VLAN 0 to HW filter on device bond0
[ 100.344059][ T27] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.349275][ T27] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.376837][ T5488] 8021q: adding VLAN 0 to HW filter on device team0
[ 100.400221][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.403396][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.419804][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.422983][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 100.823248][ T5488] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 100.899698][ T5488] veth0_vlan: entered promiscuous mode
[ 100.917465][ T5488] veth1_vlan: entered promiscuous mode
[ 100.967604][ T5488] veth0_macvtap: entered promiscuous mode
[ 100.989716][ T5488] veth1_macvtap: entered promiscuous mode
[ 101.020468][ T5488] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 101.040536][ T5488] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 101.060027][ T1049] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.063674][ T1049] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.076469][ T1049] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.080254][ T1049] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.198223][ T183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.201429][ T183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 101.226829][ T4703] Bluetooth: hci0: command tx timeout
[ 101.269096][ T183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.273201][ T183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 101.399289][ T5530] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 101.415896][ T5530] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 101.423073][ T5530] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 101.431243][ T5387] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 101.444296][ T5387] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 101.458707][ T5530] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.005145][ T5547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.015112][ T27] wlan1: authenticated
[ 102.028217][ T5547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.039822][ T5547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.046487][ T1049] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[ 102.057667][ T5547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.602843][ T5550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.611889][ T5550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.619040][ T183] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[ 102.624016][ T183] wlan1: associated
[ 102.628016][ T5550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 102.633798][ T5550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.167673][ T5551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.172736][ T5551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.179974][ T5551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.185110][ T1049] wlan1: AP 08:02:11:00:00:00 tries to chanswitch to same channel, ignore
[ 103.191786][ T5551] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.305555][ T4703] Bluetooth: hci0: command tx timeout
[ 103.724692][ T5552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.733428][ T5552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.740462][ T5552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 103.748341][ T5552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 104.281610][ T5553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 104.288742][ T5553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 104.294160][ T5553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
2025/09/01 13:16:00 executed programs: 7
[ 104.302819][ T5553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 104.837446][ T1049] ==================================================================
[ 104.840658][ T1049] BUG: KASAN: slab-use-after-free in cmp_bss+0xd4d/0xe80
[ 104.843637][ T1049] Read of size 4 at addr ffff88804f100c98 by task kworker/u4:9/1049
[ 104.846901][ T1049]
[ 104.847899][ T1049] CPU: 0 UID: 0 PID: 1049 Comm: kworker/u4:9 Not tainted syzkaller #0 PREEMPT(full)
[ 104.847913][ T1049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.847921][ T1049] Workqueue: events_unbound cfg80211_wiphy_work
[ 104.847942][ T1049] Call Trace:
[ 104.847949][ T1049]
[ 104.847955][ T1049] dump_stack_lvl+0x189/0x250
[ 104.847969][ T1049] ? __kasan_check_byte+0x12/0x40
[ 104.848027][ T1049] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.848040][ T1049] ? lock_release+0x4b/0x3e0
[ 104.848056][ T1049] ? __virt_addr_valid+0x4a5/0x5c0
[ 104.848070][ T1049] print_report+0xca/0x240
[ 104.848080][ T1049] ? cmp_bss+0xd4d/0xe80
[ 104.848091][ T1049] kasan_report+0x118/0x150
[ 104.848103][ T1049] ? ret_from_fork_asm+0x1a/0x30
[ 104.848117][ T1049] ? cmp_bss+0xd4d/0xe80
[ 104.848130][ T1049] cmp_bss+0xd4d/0xe80
[ 104.848143][ T1049] ? __lock_acquire+0xab9/0xd20
[ 104.848158][ T1049] __cfg80211_bss_update+0xdb/0x2120
[ 104.848171][ T1049] ? do_raw_spin_lock+0x121/0x290
[ 104.848184][ T1049] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 104.848195][ T1049] ? trace_kmalloc+0x1f/0xd0
[ 104.848207][ T1049] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0
[ 104.848220][ T1049] cfg80211_inform_single_bss_data+0xba9/0x1ac0
[ 104.848235][ T1049] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[ 104.848250][ T1049] ? arch_stack_walk+0x11c/0x150
[ 104.848263][ T1049] ? cfg80211_inform_bss_data+0x1e8/0x3b30
[ 104.848276][ T1049] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 104.848287][ T1049] ? __pfx_stack_trace_save+0x10/0x10
[ 104.848301][ T1049] ? stack_depot_save_flags+0x40/0x860
[ 104.848315][ T1049] ? kasan_save_track+0x4f/0x80
[ 104.848324][ T1049] ? kasan_save_track+0x3e/0x80
[ 104.848333][ T1049] ? kasan_save_free_info+0x46/0x50
[ 104.848347][ T1049] ? __kasan_slab_free+0x5b/0x80
[ 104.848358][ T1049] ? kfree+0x18e/0x440
[ 104.848367][ T1049] ? ieee80211_rx_mgmt_beacon+0x20f7/0x2cd0
[ 104.848416][ T1049] ? ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 104.848426][ T1049] ? ieee80211_iface_work+0x652/0x12d0
[ 104.848441][ T1049] ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[ 104.848454][ T1049] ? __lock_acquire+0xab9/0xd20
[ 104.848474][ T1049] ? rcu_read_lock_sched_held+0x89/0x100
[ 104.848486][ T1049] ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[ 104.848501][ T1049] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 104.848515][ T1049] ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 104.848528][ T1049] ieee80211_bss_info_update+0x746/0x9e0
[ 104.848542][ T1049] ? __pfx_ieee80211_bss_info_update+0x10/0x10
[ 104.848558][ T1049] ? ieee80211_get_channel_khz+0x15b/0x8a0
[ 104.848571][ T1049] ieee80211_rx_bss_info+0x176/0x280
[ 104.848585][ T1049] ieee80211_sta_rx_queued_mgmt+0x1294/0x4470
[ 104.848599][ T1049] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[ 104.848615][ T1049] ? unwind_next_frame+0xa5/0x2390
[ 104.848628][ T1049] ? unwind_next_frame+0xa5/0x2390
[ 104.848638][ T1049] ? unwind_next_frame+0x19ae/0x2390
[ 104.848651][ T1049] ? unwind_next_frame+0xa5/0x2390
[ 104.848670][ T1049] ? ret_from_fork_asm+0x1a/0x30
[ 104.848689][ T1049] ? __lock_acquire+0xab9/0xd20
[ 104.848705][ T1049] ? __lock_acquire+0xab9/0xd20
[ 104.848721][ T1049] ? __lock_acquire+0xab9/0xd20
[ 104.848739][ T1049] ? kcov_remote_start+0x18e/0x7f0
[ 104.848756][ T1049] ieee80211_iface_work+0x652/0x12d0
[ 104.848771][ T1049] cfg80211_wiphy_work+0x2bb/0x470
[ 104.848786][ T1049] ? process_scheduled_works+0x9ef/0x17b0
[ 104.848797][ T1049] process_scheduled_works+0xae1/0x17b0
[ 104.848814][ T1049] ? __pfx_process_scheduled_works+0x10/0x10
[ 104.848827][ T1049] worker_thread+0x8a0/0xda0
[ 104.848843][ T1049] kthread+0x70e/0x8a0
[ 104.848857][ T1049] ? __pfx_worker_thread+0x10/0x10
[ 104.848867][ T1049] ? __pfx_kthread+0x10/0x10
[ 104.848880][ T1049] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.848893][ T1049] ? lockdep_hardirqs_on+0x9c/0x150
[ 104.848907][ T1049] ? __pfx_kthread+0x10/0x10
[ 104.848919][ T1049] ret_from_fork+0x3fc/0x770
[ 104.848931][ T1049] ? __pfx_ret_from_fork+0x10/0x10
[ 104.848942][ T1049] ? __pfx_kthread+0x10/0x10
[ 104.848954][ T1049] ret_from_fork_asm+0x1a/0x30
[ 104.848970][ T1049]
[ 104.848974][ T1049]
[ 105.020514][ T1049] Allocated by task 1049:
[ 105.022452][ T1049] kasan_save_track+0x3e/0x80
[ 105.024496][ T1049] __kasan_kmalloc+0x93/0xb0
[ 105.026489][ T1049] __kmalloc_noprof+0x27a/0x4f0
[ 105.028535][ T1049] cfg80211_inform_single_bss_data+0x905/0x1ac0
[ 105.031202][ T1049] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 105.033694][ T1049] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 105.036322][ T1049] ieee80211_bss_info_update+0x746/0x9e0
[ 105.038740][ T1049] ieee80211_rx_bss_info+0x176/0x280
[ 105.041026][ T1049] ieee80211_rx_mgmt_beacon+0x197d/0x2cd0
[ 105.043463][ T1049] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 105.046019][ T1049] ieee80211_iface_work+0x652/0x12d0
[ 105.048371][ T1049] cfg80211_wiphy_work+0x2bb/0x470
[ 105.050602][ T1049] process_scheduled_works+0xae1/0x17b0
[ 105.053065][ T1049] worker_thread+0x8a0/0xda0
[ 105.055140][ T1049] kthread+0x70e/0x8a0
[ 105.056979][ T1049] ret_from_fork+0x3fc/0x770
[ 105.059040][ T1049] ret_from_fork_asm+0x1a/0x30
[ 105.061154][ T1049]
[ 105.062170][ T1049] Freed by task 1049:
[ 105.063861][ T1049] kasan_save_track+0x3e/0x80
[ 105.065781][ T1049] kasan_save_free_info+0x46/0x50
[ 105.068037][ T1049] __kasan_slab_free+0x5b/0x80
[ 105.070148][ T1049] kmem_cache_free_bulk+0x2d1/0x520
[ 105.072370][ T1049] kvfree_rcu_bulk+0xe5/0x1f0
[ 105.074409][ T1049] kfree_rcu_monitor+0x211/0x2a0
[ 105.076500][ T1049] process_scheduled_works+0xae1/0x17b0
[ 105.078878][ T1049] worker_thread+0x8a0/0xda0
[ 105.080915][ T1049] kthread+0x70e/0x8a0
[ 105.082790][ T1049] ret_from_fork+0x3fc/0x770
[ 105.084836][ T1049] ret_from_fork_asm+0x1a/0x30
[ 105.086942][ T1049]
[ 105.088047][ T1049] Last potentially related work creation:
[ 105.090544][ T1049] kasan_save_stack+0x3e/0x60
[ 105.092630][ T1049] kasan_record_aux_stack+0xbd/0xd0
[ 105.095004][ T1049] kvfree_call_rcu+0xbb/0x410
[ 105.097131][ T1049] cfg80211_update_known_bss+0x454/0x1330
[ 105.099683][ T1049] cfg80211_update_assoc_bss_entry+0x4ba/0x6a0
[ 105.102359][ T1049] cfg80211_ch_switch_notify+0x3c1/0x780
[ 105.104792][ T1049] ieee80211_sta_process_chanswitch+0xad4/0x2870
[ 105.107638][ T1049] ieee80211_rx_mgmt_beacon+0x19c7/0x2cd0
[ 105.110227][ T1049] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 105.112909][ T1049] ieee80211_iface_work+0x652/0x12d0
[ 105.115172][ T1049] cfg80211_wiphy_work+0x2bb/0x470
[ 105.117422][ T1049] process_scheduled_works+0xae1/0x17b0
[ 105.119772][ T1049] worker_thread+0x8a0/0xda0
[ 105.121667][ T1049] kthread+0x70e/0x8a0
[ 105.123338][ T1049] ret_from_fork+0x3fc/0x770
[ 105.125327][ T1049] ret_from_fork_asm+0x1a/0x30
[ 105.127422][ T1049]
[ 105.128467][ T1049] The buggy address belongs to the object at ffff88804f100c80
[ 105.128467][ T1049] which belongs to the cache kmalloc-96 of size 96
[ 105.133872][ T1049] The buggy address is located 24 bytes inside of
[ 105.133872][ T1049] freed 96-byte region [ffff88804f100c80, ffff88804f100ce0)
[ 105.139638][ T1049]
[ 105.140786][ T1049] The buggy address belongs to the physical page:
[ 105.143776][ T1049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f100
[ 105.147610][ T1049] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 105.151405][ T1049] page_type: f5(slab)
[ 105.153313][ T1049] raw: 04fff00000000000 ffff88801a441280 dead000000000122 0000000000000000
[ 105.157319][ T1049] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000
[ 105.160986][ T1049] page dumped because: kasan: bad access detected
[ 105.163809][ T1049] page_owner tracks the page as allocated
[ 105.166290][ T1049] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 10, tgid 10 (kworker/0:1), ts 102955520044, free_ts 102646075395
[ 105.174253][ T1049] post_alloc_hook+0x240/0x2a0
[ 105.176386][ T1049] get_page_from_freelist+0x21e4/0x22c0
[ 105.178852][ T1049] __alloc_frozen_pages_noprof+0x181/0x370
[ 105.181103][ T1049] alloc_pages_mpol+0x232/0x4a0
[ 105.183132][ T1049] allocate_slab+0x8a/0x370
[ 105.185021][ T1049] ___slab_alloc+0xbeb/0x1410
[ 105.187084][ T1049] __kmalloc_cache_noprof+0x296/0x3d0
[ 105.189460][ T1049] nsim_fib_event_work+0x1174/0x3180
[ 105.191663][ T1049] process_scheduled_works+0xae1/0x17b0
[ 105.194029][ T1049] worker_thread+0x8a0/0xda0
[ 105.196023][ T1049] kthread+0x70e/0x8a0
[ 105.197925][ T1049] ret_from_fork+0x3fc/0x770
[ 105.199905][ T1049] ret_from_fork_asm+0x1a/0x30
[ 105.201925][ T1049] page last free pid 15 tgid 15 stack trace:
[ 105.204466][ T1049] __free_frozen_pages+0xbc4/0xd30
[ 105.206729][ T1049] rcu_core+0xcab/0x1770
[ 105.208463][ T1049] handle_softirqs+0x283/0x870
[ 105.210516][ T1049] run_ksoftirqd+0x9b/0x100
[ 105.212541][ T1049] smpboot_thread_fn+0x53f/0xa60
[ 105.214767][ T1049] kthread+0x70e/0x8a0
[ 105.216582][ T1049] ret_from_fork+0x3fc/0x770
[ 105.218623][ T1049] ret_from_fork_asm+0x1a/0x30
[ 105.220591][ T1049]
[ 105.221652][ T1049] Memory state around the buggy address:
[ 105.224071][ T1049] ffff88804f100b80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 105.227591][ T1049] ffff88804f100c00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 105.230900][ T1049] >ffff88804f100c80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 105.234370][ T1049] ^
[ 105.236351][ T1049] ffff88804f100d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 105.239701][ T1049] ffff88804f100d80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 105.243404][ T1049] ==================================================================
[ 105.246949][ T1049] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 105.249997][ T1049] CPU: 0 UID: 0 PID: 1049 Comm: kworker/u4:9 Not tainted syzkaller #0 PREEMPT(full)
[ 105.253933][ T1049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 105.258277][ T1049] Workqueue: events_unbound cfg80211_wiphy_work
[ 105.260900][ T1049] Call Trace:
[ 105.262351][ T1049]
[ 105.263514][ T1049] dump_stack_lvl+0x99/0x250
[ 105.265202][ T1049] ? __asan_memcpy+0x40/0x70
[ 105.267314][ T1049] ? __pfx_dump_stack_lvl+0x10/0x10
[ 105.269551][ T1049] ? __pfx__printk+0x10/0x10
[ 105.271771][ T1049] vpanic+0x281/0x750
[ 105.273955][ T1049] ? __pfx_vpanic+0x10/0x10
[ 105.276318][ T1049] ? irqentry_exit+0x74/0x90
[ 105.278868][ T1049] panic+0xb9/0xc0
[ 105.280915][ T1049] ? __pfx_panic+0x10/0x10
[ 105.283300][ T1049] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 105.286031][ T1049] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 105.288600][ T1049] ? cmp_bss+0xd4d/0xe80
[ 105.290483][ T1049] check_panic_on_warn+0x89/0xb0
[ 105.292645][ T1049] ? cmp_bss+0xd4d/0xe80
[ 105.294475][ T1049] end_report+0x78/0x160
[ 105.296265][ T1049] kasan_report+0x129/0x150
[ 105.298303][ T1049] ? ret_from_fork_asm+0x1a/0x30
[ 105.300459][ T1049] ? cmp_bss+0xd4d/0xe80
[ 105.302296][ T1049] cmp_bss+0xd4d/0xe80
[ 105.304076][ T1049] ? __lock_acquire+0xab9/0xd20
[ 105.306188][ T1049] __cfg80211_bss_update+0xdb/0x2120
[ 105.308692][ T1049] ? do_raw_spin_lock+0x121/0x290
[ 105.310728][ T1049] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 105.312659][ T1049] ? trace_kmalloc+0x1f/0xd0
[ 105.314606][ T1049] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0
[ 105.317373][ T1049] cfg80211_inform_single_bss_data+0xba9/0x1ac0
[ 105.320085][ T1049] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[ 105.322963][ T1049] ? arch_stack_walk+0x11c/0x150
[ 105.325060][ T1049] ? cfg80211_inform_bss_data+0x1e8/0x3b30
[ 105.327614][ T1049] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 105.330084][ T1049] ? __pfx_stack_trace_save+0x10/0x10
[ 105.332300][ T1049] ? stack_depot_save_flags+0x40/0x860
[ 105.334712][ T1049] ? kasan_save_track+0x4f/0x80
[ 105.336819][ T1049] ? kasan_save_track+0x3e/0x80
[ 105.339705][ T1049] ? kasan_save_free_info+0x46/0x50
[ 105.342657][ T1049] ? __kasan_slab_free+0x5b/0x80
[ 105.345417][ T1049] ? kfree+0x18e/0x440
[ 105.347322][ T1049] ? ieee80211_rx_mgmt_beacon+0x20f7/0x2cd0
[ 105.350245][ T1049] ? ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 105.353043][ T1049] ? ieee80211_iface_work+0x652/0x12d0
[ 105.355392][ T1049] ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[ 105.358293][ T1049] ? __lock_acquire+0xab9/0xd20
[ 105.360917][ T1049] ? rcu_read_lock_sched_held+0x89/0x100
[ 105.364183][ T1049] ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[ 105.367689][ T1049] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 105.370309][ T1049] ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 105.372806][ T1049] ieee80211_bss_info_update+0x746/0x9e0
[ 105.375305][ T1049] ? __pfx_ieee80211_bss_info_update+0x10/0x10
[ 105.377994][ T1049] ? ieee80211_get_channel_khz+0x15b/0x8a0
[ 105.380457][ T1049] ieee80211_rx_bss_info+0x176/0x280
[ 105.382812][ T1049] ieee80211_sta_rx_queued_mgmt+0x1294/0x4470
[ 105.385607][ T1049] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[ 105.388632][ T1049] ? unwind_next_frame+0xa5/0x2390
[ 105.390678][ T1049] ? unwind_next_frame+0xa5/0x2390
[ 105.392742][ T1049] ? unwind_next_frame+0x19ae/0x2390
[ 105.395246][ T1049] ? unwind_next_frame+0xa5/0x2390
[ 105.397577][ T1049] ? ret_from_fork_asm+0x1a/0x30
[ 105.399746][ T1049] ? __lock_acquire+0xab9/0xd20
[ 105.401875][ T1049] ? __lock_acquire+0xab9/0xd20
[ 105.404028][ T1049] ? __lock_acquire+0xab9/0xd20
[ 105.406185][ T1049] ? kcov_remote_start+0x18e/0x7f0
[ 105.408485][ T1049] ieee80211_iface_work+0x652/0x12d0
[ 105.410806][ T1049] cfg80211_wiphy_work+0x2bb/0x470
[ 105.413023][ T1049] ? process_scheduled_works+0x9ef/0x17b0
[ 105.415510][ T1049] process_scheduled_works+0xae1/0x17b0
[ 105.417917][ T1049] ? __pfx_process_scheduled_works+0x10/0x10
[ 105.420446][ T1049] worker_thread+0x8a0/0xda0
[ 105.422623][ T1049] kthread+0x70e/0x8a0
[ 105.424482][ T1049] ? __pfx_worker_thread+0x10/0x10
[ 105.426825][ T1049] ? __pfx_kthread+0x10/0x10
[ 105.428866][ T1049] ? _raw_spin_unlock_irq+0x23/0x50
[ 105.431096][ T1049] ? lockdep_hardirqs_on+0x9c/0x150
[ 105.433247][ T1049] ? __pfx_kthread+0x10/0x10
[ 105.435385][ T1049] ret_from_fork+0x3fc/0x770
[ 105.437548][ T1049] ? __pfx_ret_from_fork+0x10/0x10
[ 105.439931][ T1049] ? __pfx_kthread+0x10/0x10
[ 105.442110][ T1049] ret_from_fork_asm+0x1a/0x30
[ 105.444275][ T1049]
[ 105.445957][ T1049] Kernel Offset: disabled
[ 105.447804][ T1049] Rebooting in 86400 seconds..
VM DIAGNOSIS:
13:16:00 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000002b RBX=000000000000002b RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900025be450
R8 =ffff888033c40237 R9 =1ffff11006788046 R10=dffffc0000000000 R11=ffffffff8550ca40
R12=dffffc0000000000 R13=ffffffff99b088fd R14=ffffffff99dfd820 R15=0000000000000000
RIP=ffffffff8550cabc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d20d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005555726d0808 CR3=000000004f505000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000004000 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000316e616c77
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd064e6e16
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd064e6e16 00007ffd064e6e1c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335c212e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335c212e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335c212e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335c212e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335c212ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f335c212fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000110208 0000001102080100 0011020800000050
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8201010202020202 0206000001006400 0000000000000000 0000000011020800
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c667265766f20 6772612061746164 000a747261745374 6f68000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49435740534a05 4257440544514441 000a515744515351 4a4d5655444b5300
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000