Warning: Permanently added '10.128.1.47' (ED25519) to the list of known hosts.
2025/09/03 10:03:30 parsed 1 programs
[   77.893942][ T5867] cgroup: Unknown subsys name 'net'
[   78.048913][ T5867] cgroup: Unknown subsys name 'cpuset'
[   78.057656][ T5867] cgroup: Unknown subsys name 'rlimit'
[   79.491910][ T5867] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   82.546186][ T5886] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   82.647441][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.655224][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.663747][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.672420][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.680705][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.885850][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.894504][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.921890][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.931652][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.179437][ T5936] chnl_net:caif_netlink_parms(): no params data found
[   85.259314][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.267484][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.274785][ T5936] bridge_slave_0: entered allmulticast mode
[   85.282482][ T5936] bridge_slave_0: entered promiscuous mode
[   85.292738][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.300575][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.307807][ T5936] bridge_slave_1: entered allmulticast mode
[   85.314789][ T5936] bridge_slave_1: entered promiscuous mode
[   85.345905][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.358496][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.389511][ T5936] team0: Port device team_slave_0 added
[   85.432478][ T5936] team0: Port device team_slave_1 added
[   85.463493][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.475335][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.502572][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.518217][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.525204][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.551910][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.613991][ T5936] hsr_slave_0: entered promiscuous mode
[   85.621133][ T5936] hsr_slave_1: entered promiscuous mode
[   85.814556][ T5936] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.827384][ T5936] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.838164][ T5936] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.849398][ T5936] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.879807][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.887025][ T5936] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.894898][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.902204][ T5936] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.914940][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.924089][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.972935][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.994657][ T5936] 8021q: adding VLAN 0 to HW filter on device team0
[   86.009369][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.016910][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.031085][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.038264][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.202259][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.244522][ T5936] veth0_vlan: entered promiscuous mode
[   86.257383][ T5936] veth1_vlan: entered promiscuous mode
[   86.285090][ T5936] veth0_macvtap: entered promiscuous mode
[   86.297793][ T5936] veth1_macvtap: entered promiscuous mode
[   86.318621][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.333441][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.349551][   T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.358976][   T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.369349][ T3606] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.379675][ T3606] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.494166][ T2951] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.560851][ T2951] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.622802][ T2951] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.690772][ T2951] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.779988][  T980] cfg80211: failed to load regulatory.db
2025/09/03 10:03:42 executed programs: 0
[   87.527468][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.535220][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.546417][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.554465][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.563002][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.715820][ T5976] chnl_net:caif_netlink_parms(): no params data found
[   87.810984][ T5976] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.818521][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.827057][ T5976] bridge_slave_0: entered allmulticast mode
[   87.834049][ T5976] bridge_slave_0: entered promiscuous mode
[   87.842012][ T5976] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.849217][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.856421][ T5976] bridge_slave_1: entered allmulticast mode
[   87.863451][ T5976] bridge_slave_1: entered promiscuous mode
[   87.894455][ T5976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.908068][ T5976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.950057][ T5976] team0: Port device team_slave_0 added
[   87.957935][ T5976] team0: Port device team_slave_1 added
[   87.991643][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.999354][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.025838][ T5976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.040924][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.048611][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.074853][ T5976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.121668][ T5976] hsr_slave_0: entered promiscuous mode
[   88.128864][ T5976] hsr_slave_1: entered promiscuous mode
[   88.135180][ T5976] debugfs: 'hsr0' already exists in 'hsr'
[   88.142103][ T5976] Cannot create hsr debugfs directory
[   89.324230][ T2951] bridge_slave_1: left allmulticast mode
[   89.332075][ T2951] bridge_slave_1: left promiscuous mode
[   89.338911][ T2951] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.351675][ T2951] bridge_slave_0: left allmulticast mode
[   89.357441][ T2951] bridge_slave_0: left promiscuous mode
[   89.363196][ T2951] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.604165][ T2951] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   89.616072][ T2951] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   89.625972][ T2951] bond0 (unregistering): Released all slaves
[   89.646625][   T52] Bluetooth: hci0: command tx timeout
[   89.747381][ T2951] hsr_slave_0: left promiscuous mode
[   89.754021][ T2951] hsr_slave_1: left promiscuous mode
[   89.764842][ T2951] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.772370][ T2951] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.785183][ T2951] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.795093][ T2951] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.820641][ T2951] veth1_macvtap: left promiscuous mode
[   89.828673][ T2951] veth0_macvtap: left promiscuous mode
[   89.834390][ T2951] veth1_vlan: left promiscuous mode
[   89.840471][ T2951] veth0_vlan: left promiscuous mode
[   90.289027][ T2951] team0 (unregistering): Port device team_slave_1 removed
[   90.326750][ T2951] team0 (unregistering): Port device team_slave_0 removed
[   90.919862][ T5976] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.933938][ T5976] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.948660][ T5976] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.961159][ T5976] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.284676][ T5976] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.342528][ T5976] 8021q: adding VLAN 0 to HW filter on device team0
[   91.368106][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.375426][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.391190][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.398417][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.639303][ T5976] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.675883][ T5976] veth0_vlan: entered promiscuous mode
[   91.690008][ T5976] veth1_vlan: entered promiscuous mode
[   91.716432][ T5976] veth0_macvtap: entered promiscuous mode
[   91.725913][   T52] Bluetooth: hci0: command tx timeout
[   91.732315][ T5976] veth1_macvtap: entered promiscuous mode
[   91.750293][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.764548][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.778553][   T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.788264][   T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.798058][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.808152][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.862350][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.873100][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.902597][ T2951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.911099][ T2951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.958077][ T6023] ==================================================================
[   91.966174][ T6023] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[   91.974586][ T6023] Read of size 8 at addr ffff888024d95d68 by task syz.0.17/6023
[   91.982188][ T6023] 
[   91.984504][ T6023] CPU: 0 UID: 0 PID: 6023 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   91.984519][ T6023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   91.984531][ T6023] Call Trace:
[   91.984536][ T6023]  <TASK>
[   91.984541][ T6023]  dump_stack_lvl+0x189/0x250
[   91.984558][ T6023]  ? __kasan_check_byte+0x12/0x40
[   91.984571][ T6023]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.984583][ T6023]  ? lock_release+0x4b/0x3e0
[   91.984595][ T6023]  ? __virt_addr_valid+0x4a5/0x5c0
[   91.984609][ T6023]  print_report+0xca/0x240
[   91.984619][ T6023]  ? change_page_attr_set_clr+0x625/0xfc0
[   91.984629][ T6023]  kasan_report+0x118/0x150
[   91.984639][ T6023]  ? change_page_attr_set_clr+0x625/0xfc0
[   91.984651][ T6023]  change_page_attr_set_clr+0x625/0xfc0
[   91.984662][ T6023]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   91.984672][ T6023]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   91.984686][ T6023]  ? memtype_reserve+0x874/0xb30
[   91.984701][ T6023]  ? __pfx___ww_mutex_lock+0x10/0x10
[   91.984712][ T6023]  _set_pages_array+0x145/0x270
[   91.984724][ T6023]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   91.984739][ T6023]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   91.984752][ T6023]  ? ww_mutex_lock+0x3f/0x1c0
[   91.984767][ T6023]  drm_gem_shmem_mmap+0x193/0x460
[   91.984781][ T6023]  drm_gem_mmap_obj+0x18a/0x4e0
[   91.984792][ T6023]  drm_gem_mmap+0x384/0x640
[   91.984802][ T6023]  ? __pfx_drm_gem_mmap+0x10/0x10
[   91.984812][ T6023]  ? __mas_set_range+0x12f/0x3c0
[   91.984826][ T6023]  mmap_region+0x18ab/0x20c0
[   91.984841][ T6023]  ? __pfx_mmap_region+0x10/0x10
[   91.984853][ T6023]  ? kasan_save_track+0x4f/0x80
[   91.984861][ T6023]  ? kasan_save_track+0x3e/0x80
[   91.984870][ T6023]  ? __kasan_kmalloc+0x93/0xb0
[   91.984878][ T6023]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   91.984888][ T6023]  ? vma_node_allow+0x5a/0x240
[   91.984897][ T6023]  ? drm_gem_handle_create_tail+0x20d/0x490
[   91.984906][ T6023]  ? drm_gem_shmem_dumb_create+0x24d/0x3c0
[   91.984918][ T6023]  ? drm_ioctl_kernel+0x2cf/0x390
[   91.984936][ T6023]  ? lockdep_unlock+0x89/0x120
[   91.984945][ T6023]  ? validate_chain+0x897/0x2140
[   91.984965][ T6023]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   91.984980][ T6023]  ? bpf_lsm_mmap_addr+0x9/0x20
[   91.984989][ T6023]  ? security_mmap_addr+0x71/0x270
[   91.985001][ T6023]  ? shmem_mapping+0xd/0x50
[   91.985013][ T6023]  ? memfd_check_seals_mmap+0xc5/0x200
[   91.985023][ T6023]  do_mmap+0xc45/0x10d0
[   91.985034][ T6023]  ? __pfx_do_mmap+0x10/0x10
[   91.985042][ T6023]  ? down_write_killable+0x178/0x230
[   91.985052][ T6023]  ? __pfx_down_write_killable+0x10/0x10
[   91.985062][ T6023]  ? common_file_perm+0x1b5/0x230
[   91.985072][ T6023]  vm_mmap_pgoff+0x2a6/0x4d0
[   91.985086][ T6023]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   91.985099][ T6023]  ? __fget_files+0x2a/0x420
[   91.985112][ T6023]  ? __fget_files+0x2a/0x420
[   91.985123][ T6023]  ? __fget_files+0x2a/0x420
[   91.985136][ T6023]  ksys_mmap_pgoff+0x51f/0x760
[   91.985146][ T6023]  do_syscall_64+0xfa/0xfa0
[   91.985155][ T6023]  ? lockdep_hardirqs_on+0x9c/0x150
[   91.985163][ T6023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.985172][ T6023]  ? clear_bhb_loop+0x60/0xb0
[   91.985182][ T6023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.985192][ T6023] RIP: 0033:0x7f001358ebe9
[   91.985205][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.985213][ T6023] RSP: 002b:00007ffcf2d828e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   91.985224][ T6023] RAX: ffffffffffffffda RBX: 00007f00137c5fa0 RCX: 00007f001358ebe9
[   91.985231][ T6023] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[   91.985237][ T6023] RBP: 00007f0013611e19 R08: 0000000000000003 R09: 0000000100000000
[   91.985243][ T6023] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   91.985249][ T6023] R13: 00007f00137c5fa0 R14: 00007f00137c5fa0 R15: 0000000000000006
[   91.985259][ T6023]  </TASK>
[   91.985262][ T6023] 
[   92.373026][ T6023] Allocated by task 6023:
[   92.377418][ T6023]  kasan_save_track+0x3e/0x80
[   92.382081][ T6023]  __kasan_kmalloc+0x93/0xb0
[   92.386659][ T6023]  __kvmalloc_node_noprof+0x5cd/0x910
[   92.392011][ T6023]  drm_gem_get_pages+0x166/0xa20
[   92.396927][ T6023]  drm_gem_shmem_get_pages_locked+0x201/0x440
[   92.402999][ T6023]  drm_gem_shmem_mmap+0x193/0x460
[   92.408023][ T6023]  drm_gem_mmap_obj+0x18a/0x4e0
[   92.412858][ T6023]  drm_gem_mmap+0x384/0x640
[   92.417344][ T6023]  mmap_region+0x18ab/0x20c0
[   92.421933][ T6023]  do_mmap+0xc45/0x10d0
[   92.426076][ T6023]  vm_mmap_pgoff+0x2a6/0x4d0
[   92.430651][ T6023]  ksys_mmap_pgoff+0x51f/0x760
[   92.435392][ T6023]  do_syscall_64+0xfa/0xfa0
[   92.439897][ T6023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.445784][ T6023] 
[   92.448092][ T6023] The buggy address belongs to the object at ffff888024d95c00
[   92.448092][ T6023]  which belongs to the cache kmalloc-512 of size 512
[   92.462123][ T6023] The buggy address is located 0 bytes to the right of
[   92.462123][ T6023]  allocated 360-byte region [ffff888024d95c00, ffff888024d95d68)
[   92.476605][ T6023] 
[   92.478946][ T6023] The buggy address belongs to the physical page:
[   92.485352][ T6023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24d94
[   92.494104][ T6023] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   92.502594][ T6023] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   92.510294][ T6023] page_type: f5(slab)
[   92.514256][ T6023] raw: 00fff00000000040 ffff88801a841c80 dead000000000122 0000000000000000
[   92.522936][ T6023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   92.531501][ T6023] head: 00fff00000000040 ffff88801a841c80 dead000000000122 0000000000000000
[   92.540177][ T6023] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   92.548830][ T6023] head: 00fff00000000002 ffffea0000936501 00000000ffffffff 00000000ffffffff
[   92.557509][ T6023] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   92.566160][ T6023] page dumped because: kasan: bad access detected
[   92.572574][ T6023] page_owner tracks the page as allocated
[   92.578267][ T6023] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2951, tgid 2951 (kworker/u8:7), ts 91918554030, free_ts 91852670181
[   92.599875][ T6023]  post_alloc_hook+0x240/0x2a0
[   92.604637][ T6023]  get_page_from_freelist+0x21e4/0x22c0
[   92.610165][ T6023]  __alloc_frozen_pages_noprof+0x181/0x370
[   92.615955][ T6023]  alloc_pages_mpol+0x232/0x4a0
[   92.620836][ T6023]  allocate_slab+0x8a/0x330
[   92.625348][ T6023]  ___slab_alloc+0xbd1/0x13f0
[   92.630024][ T6023]  __slab_alloc+0x55/0xa0
[   92.634438][ T6023]  __kmalloc_noprof+0x471/0x7f0
[   92.639278][ T6023]  ieee80211_ibss_build_presp+0x11f/0x1900
[   92.645245][ T6023]  __ieee80211_sta_join_ibss+0x6db/0x1610
[   92.650964][ T6023]  ieee80211_sta_create_ibss+0x300/0x480
[   92.656607][ T6023]  ieee80211_ibss_work+0xdb6/0x1060
[   92.661790][ T6023]  cfg80211_wiphy_work+0x2b8/0x470
[   92.666905][ T6023]  process_scheduled_works+0xade/0x17b0
[   92.672438][ T6023]  worker_thread+0x8a0/0xda0
[   92.677020][ T6023]  kthread+0x70e/0x8a0
[   92.681104][ T6023] page last free pid 5976 tgid 5976 stack trace:
[   92.687421][ T6023]  __free_frozen_pages+0xbc4/0xd30
[   92.692522][ T6023]  __slab_free+0x2e7/0x390
[   92.697102][ T6023]  qlist_free_all+0x97/0x140
[   92.701675][ T6023]  kasan_quarantine_reduce+0x148/0x160
[   92.707113][ T6023]  __kasan_slab_alloc+0x22/0x80
[   92.711946][ T6023]  kmem_cache_alloc_lru_noprof+0x35d/0x6d0
[   92.717742][ T6023]  __d_alloc+0x36/0x7a0
[   92.721877][ T6023]  d_alloc_parallel+0xe5/0x15e0
[   92.726707][ T6023]  __lookup_slow+0x116/0x3d0
[   92.731276][ T6023]  simple_start_creating+0xfd/0x1e0
[   92.736460][ T6023]  start_creating+0x10f/0x180
[   92.741125][ T6023]  debugfs_create_dir+0x28/0x420
[   92.746054][ T6023]  ieee80211_debugfs_recreate_netdev+0x1a6/0x1460
[   92.752457][ T6023]  ieee80211_if_add+0xc17/0x1390
[   92.757379][ T6023]  ieee80211_register_hw+0x35b6/0x4100
[   92.762823][ T6023]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[   92.768531][ T6023] 
[   92.770840][ T6023] Memory state around the buggy address:
[   92.776453][ T6023]  ffff888024d95c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.784497][ T6023]  ffff888024d95c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.792547][ T6023] >ffff888024d95d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   92.800594][ T6023]                                                           ^
[   92.808047][ T6023]  ffff888024d95d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.816085][ T6023]  ffff888024d95e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.824124][ T6023] ==================================================================
[   92.852384][ T6023] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   92.859624][ T6023] CPU: 0 UID: 0 PID: 6023 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   92.868744][ T6023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   92.878822][ T6023] Call Trace:
[   92.882096][ T6023]  <TASK>
[   92.885028][ T6023]  dump_stack_lvl+0x99/0x250
[   92.889707][ T6023]  ? __asan_memcpy+0x40/0x70
[   92.894314][ T6023]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.899500][ T6023]  ? __pfx__printk+0x10/0x10
[   92.904091][ T6023]  vpanic+0x229/0x6d0
[   92.908063][ T6023]  ? __pfx_vpanic+0x10/0x10
[   92.912566][ T6023]  ? preempt_schedule+0xae/0xc0
[   92.917405][ T6023]  ? __pfx_preempt_schedule+0x10/0x10
[   92.922781][ T6023]  panic+0xb9/0xc0
[   92.926503][ T6023]  ? __pfx_panic+0x10/0x10
[   92.930917][ T6023]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   92.936809][ T6023]  ? change_page_attr_set_clr+0x625/0xfc0
[   92.942522][ T6023]  check_panic_on_warn+0x89/0xb0
[   92.947444][ T6023]  ? change_page_attr_set_clr+0x625/0xfc0
[   92.953148][ T6023]  end_report+0x78/0x160
[   92.957374][ T6023]  kasan_report+0x129/0x150
[   92.961865][ T6023]  ? change_page_attr_set_clr+0x625/0xfc0
[   92.967570][ T6023]  change_page_attr_set_clr+0x625/0xfc0
[   92.973242][ T6023]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   92.979298][ T6023]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   92.985451][ T6023]  ? memtype_reserve+0x874/0xb30
[   92.990385][ T6023]  ? __pfx___ww_mutex_lock+0x10/0x10
[   92.995654][ T6023]  _set_pages_array+0x145/0x270
[   93.000500][ T6023]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   93.006556][ T6023]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   93.013133][ T6023]  ? ww_mutex_lock+0x3f/0x1c0
[   93.017793][ T6023]  drm_gem_shmem_mmap+0x193/0x460
[   93.022901][ T6023]  drm_gem_mmap_obj+0x18a/0x4e0
[   93.027745][ T6023]  drm_gem_mmap+0x384/0x640
[   93.032235][ T6023]  ? __pfx_drm_gem_mmap+0x10/0x10
[   93.037244][ T6023]  ? __mas_set_range+0x12f/0x3c0
[   93.042169][ T6023]  mmap_region+0x18ab/0x20c0
[   93.046753][ T6023]  ? __pfx_mmap_region+0x10/0x10
[   93.051696][ T6023]  ? kasan_save_track+0x4f/0x80
[   93.056530][ T6023]  ? kasan_save_track+0x3e/0x80
[   93.061365][ T6023]  ? __kasan_kmalloc+0x93/0xb0
[   93.066108][ T6023]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[   93.071632][ T6023]  ? vma_node_allow+0x5a/0x240
[   93.076381][ T6023]  ? drm_gem_handle_create_tail+0x20d/0x490
[   93.082288][ T6023]  ? drm_gem_shmem_dumb_create+0x24d/0x3c0
[   93.088083][ T6023]  ? drm_ioctl_kernel+0x2cf/0x390
[   93.093114][ T6023]  ? lockdep_unlock+0x89/0x120
[   93.097858][ T6023]  ? validate_chain+0x897/0x2140
[   93.102792][ T6023]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   93.109383][ T6023]  ? bpf_lsm_mmap_addr+0x9/0x20
[   93.114223][ T6023]  ? security_mmap_addr+0x71/0x270
[   93.119319][ T6023]  ? shmem_mapping+0xd/0x50
[   93.123807][ T6023]  ? memfd_check_seals_mmap+0xc5/0x200
[   93.129253][ T6023]  do_mmap+0xc45/0x10d0
[   93.133395][ T6023]  ? __pfx_do_mmap+0x10/0x10
[   93.138060][ T6023]  ? down_write_killable+0x178/0x230
[   93.143342][ T6023]  ? __pfx_down_write_killable+0x10/0x10
[   93.148958][ T6023]  ? common_file_perm+0x1b5/0x230
[   93.153968][ T6023]  vm_mmap_pgoff+0x2a6/0x4d0
[   93.158553][ T6023]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   93.163653][ T6023]  ? __fget_files+0x2a/0x420
[   93.168256][ T6023]  ? __fget_files+0x2a/0x420
[   93.172861][ T6023]  ? __fget_files+0x2a/0x420
[   93.177445][ T6023]  ksys_mmap_pgoff+0x51f/0x760
[   93.182198][ T6023]  do_syscall_64+0xfa/0xfa0
[   93.186685][ T6023]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.191875][ T6023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.197927][ T6023]  ? clear_bhb_loop+0x60/0xb0
[   93.202597][ T6023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.208472][ T6023] RIP: 0033:0x7f001358ebe9
[   93.212957][ T6023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.232649][ T6023] RSP: 002b:00007ffcf2d828e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   93.241049][ T6023] RAX: ffffffffffffffda RBX: 00007f00137c5fa0 RCX: 00007f001358ebe9
[   93.249006][ T6023] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[   93.257151][ T6023] RBP: 00007f0013611e19 R08: 0000000000000003 R09: 0000000100000000
[   93.265572][ T6023] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   93.273536][ T6023] R13: 00007f00137c5fa0 R14: 00007f00137c5fa0 R15: 0000000000000006
[   93.281585][ T6023]  </TASK>
[   93.284923][ T6023] Kernel Offset: disabled
[   93.289231][ T6023] Rebooting in 86400 seconds..