================================================================== BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: wild-memory-access in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: wild-memory-access in __lock_acquire+0xc8b/0x2050 kernel/locking/lockdep.c:5169 Read of size 8 at addr 1fffffff91a78d28 by task kworker/u8:12/5404 CPU: 0 UID: 0 PID: 5404 Comm: kworker/u8:12 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: events_unbound cfg80211_wiphy_work Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_report+0xe8/0x550 mm/kasan/report.c:491 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] __lock_acquire+0xc8b/0x2050 kernel/locking/lockdep.c:5169 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5822 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378 raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:601 raw_spin_rq_lock kernel/sched/sched.h:1503 [inline] rq_lock kernel/sched/sched.h:1802 [inline] __schedule+0x357/0x4b30 kernel/sched/core.c:6575 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:6996 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707 RIP: 0010:_ieee802_11_parse_elems_full+0x83/0x4a40 net/mac80211/parse.c:272 Code: 10 1c 2e 8e 48 c7 84 24 30 03 00 00 20 c9 3f 8b 48 8d 8c 24 20 03 00 00 48 c1 e9 03 48 b8 f1 f1 f1 f1 01 f2 01 f2 4a 89 04 39 <48> b8 f2 f2 f2 f2 04 f3 f3 f3 48 89 8c 24 b0 00 00 00 4a 89 44 39 RSP: 0018:ffffc9000341f180 EFLAGS: 00000212 RAX: f201f201f1f1f1f1 RBX: ffffc9000341fa40 RCX: 1ffff92000683e94 RDX: 0000000000000000 RSI: ffff88805df10800 RDI: ffffc9000341fa40 RBP: ffffc9000341f590 R08: ffffffff8b0f32c7 R09: 0000000000000000 R10: dffffc0000000000 R11: ffffed100bbe2157 R12: 0000000000000000 R13: dffffc0000000000 R14: ffff88805df10800 R15: dffffc0000000000 ieee802_11_parse_elems_full+0xdff/0x2880 net/mac80211/parse.c:984 ieee802_11_parse_elems_crc net/mac80211/ieee80211_i.h:2383 [inline] ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2390 [inline] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1575 [inline] ieee80211_ibss_rx_queued_mgmt+0x4c8/0x2d70 net/mac80211/ibss.c:1606 ieee80211_iface_process_skb net/mac80211/iface.c:1603 [inline] ieee80211_iface_work+0x8a5/0xf20 net/mac80211/iface.c:1657 cfg80211_wiphy_work+0x2dd/0x490 net/wireless/core.c:440 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 ================================================================== ---------------- Code disassembly (best guess), 4 bytes skipped: 0: 48 c7 84 24 30 03 00 movq $0xffffffff8b3fc920,0x330(%rsp) 7: 00 20 c9 3f 8b c: 48 8d 8c 24 20 03 00 lea 0x320(%rsp),%rcx 13: 00 14: 48 c1 e9 03 shr $0x3,%rcx 18: 48 b8 f1 f1 f1 f1 01 movabs $0xf201f201f1f1f1f1,%rax 1f: f2 01 f2 22: 4a 89 04 39 mov %rax,(%rcx,%r15,1) * 26: 48 b8 f2 f2 f2 f2 04 movabs $0xf3f3f304f2f2f2f2,%rax <-- trapping instruction 2d: f3 f3 f3 30: 48 89 8c 24 b0 00 00 mov %rcx,0xb0(%rsp) 37: 00 38: 4a rex.WX 39: 89 .byte 0x89 3a: 44 rex.R 3b: 39 .byte 0x39