Warning: Permanently added '[localhost]:43190' (ED25519) to the list of known hosts.
2025/08/12 09:09:16 ignoring optional flag "sandboxArg"="0"
2025/08/12 09:09:17 parsed 1 programs
[ 134.425203][ T5676] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 138.094438][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 138.097991][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 138.958249][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 138.965406][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 139.021114][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 139.024797][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 141.942899][ T5738] chnl_net:caif_netlink_parms(): no params data found
[ 142.011630][ T5738] bridge0: port 1(bridge_slave_0) entered blocking state
[ 142.015774][ T5738] bridge0: port 1(bridge_slave_0) entered disabled state
[ 142.019433][ T5738] bridge_slave_0: entered allmulticast mode
[ 142.024911][ T5738] bridge_slave_0: entered promiscuous mode
[ 142.031101][ T5738] bridge0: port 2(bridge_slave_1) entered blocking state
[ 142.034560][ T5738] bridge0: port 2(bridge_slave_1) entered disabled state
[ 142.037858][ T5738] bridge_slave_1: entered allmulticast mode
[ 142.042318][ T5738] bridge_slave_1: entered promiscuous mode
[ 142.070910][ T5738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 142.077718][ T5738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 142.104600][ T5738] team0: Port device team_slave_0 added
[ 142.111354][ T5738] team0: Port device team_slave_1 added
[ 142.135651][ T5738] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 142.138821][ T5738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 142.151224][ T5738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 142.157521][ T5738] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 142.161949][ T5738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 142.176299][ T5738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 142.215312][ T5738] hsr_slave_0: entered promiscuous mode
[ 142.218816][ T5738] hsr_slave_1: entered promiscuous mode
[ 142.915288][ T5738] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 142.934108][ T5738] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 142.952326][ T5738] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 142.958083][ T5738] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 143.130915][ T5738] 8021q: adding VLAN 0 to HW filter on device bond0
[ 143.159619][ T5738] 8021q: adding VLAN 0 to HW filter on device team0
[ 143.185380][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 143.188588][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 143.213092][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 143.216461][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 143.284761][ T5738] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 143.579113][ T5738] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 143.659728][ T5738] veth0_vlan: entered promiscuous mode
[ 143.675199][ T5738] veth1_vlan: entered promiscuous mode
[ 143.750539][ T5738] veth0_macvtap: entered promiscuous mode
[ 143.756393][ T5738] veth1_macvtap: entered promiscuous mode
[ 143.791848][ T5738] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 143.832869][ T5738] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 143.855934][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 143.883327][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 143.896938][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 143.910508][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.078163][ T1044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.173858][ T1044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.267725][ T1044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.367280][ T1044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.771170][ T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 144.775817][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 144.783880][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 144.787909][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 144.792731][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/08/12 09:09:33 executed programs: 0
[ 146.200584][ T4705] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 146.205870][ T4705] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 146.209836][ T4705] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 146.220819][ T4705] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 146.224809][ T4705] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 146.372808][ T1044] bridge_slave_1: left allmulticast mode
[ 146.375808][ T1044] bridge_slave_1: left promiscuous mode
[ 146.378912][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state
[ 146.393978][ T1044] bridge_slave_0: left allmulticast mode
[ 146.397438][ T1044] bridge_slave_0: left promiscuous mode
[ 146.422772][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state
[ 146.804568][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 146.812432][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 146.817995][ T1044] bond0 (unregistering): Released all slaves
[ 146.935226][ T1044] hsr_slave_0: left promiscuous mode
[ 146.952539][ T1044] hsr_slave_1: left promiscuous mode
[ 146.955663][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 146.958923][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 146.978761][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 146.991983][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 147.013998][ T1044] veth1_macvtap: left promiscuous mode
[ 147.016720][ T1044] veth0_macvtap: left promiscuous mode
[ 147.035284][ T1044] veth1_vlan: left promiscuous mode
[ 147.037776][ T1044] veth0_vlan: left promiscuous mode
[ 147.674467][ T1044] team0 (unregistering): Port device team_slave_1 removed
[ 147.717576][ T1044] team0 (unregistering): Port device team_slave_0 removed
[ 148.250614][ T4705] Bluetooth: hci0: command tx timeout
[ 148.412582][ T5830] chnl_net:caif_netlink_parms(): no params data found
[ 148.595407][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[ 148.598898][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[ 148.611452][ T5830] bridge_slave_0: entered allmulticast mode
[ 148.616149][ T5830] bridge_slave_0: entered promiscuous mode
[ 148.630915][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[ 148.634052][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[ 148.637426][ T5830] bridge_slave_1: entered allmulticast mode
[ 148.660286][ T5830] bridge_slave_1: entered promiscuous mode
[ 149.092019][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 149.178867][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 149.277600][ T5830] team0: Port device team_slave_0 added
[ 149.301461][ T5830] team0: Port device team_slave_1 added
[ 149.406389][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 149.409818][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 149.429829][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 149.461320][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 149.464494][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 149.490139][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 149.595115][ T5830] hsr_slave_0: entered promiscuous mode
[ 149.614667][ T5830] hsr_slave_1: entered promiscuous mode
[ 150.182200][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 150.195688][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 150.212911][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 150.225965][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 150.331596][ T4705] Bluetooth: hci0: command tx timeout
[ 150.434214][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[ 150.462546][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[ 150.489062][ T3109] bridge0: port 1(bridge_slave_0) entered blocking state
[ 150.492432][ T3109] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 150.523724][ T3109] bridge0: port 2(bridge_slave_1) entered blocking state
[ 150.527653][ T3109] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 150.915260][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 150.999268][ T5830] veth0_vlan: entered promiscuous mode
[ 151.021963][ T5830] veth1_vlan: entered promiscuous mode
[ 151.075307][ T5830] veth0_macvtap: entered promiscuous mode
[ 151.092800][ T5830] veth1_macvtap: entered promiscuous mode
[ 151.126840][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 151.147808][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 151.172683][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 151.198866][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 151.222023][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 151.226983][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 151.337691][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 151.361236][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 151.412659][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 151.417784][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/08/12 09:09:38 executed programs: 2
[ 151.521230][ T5912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 151.534933][ T5912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 151.544450][ T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 151.561041][ T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 151.565408][ T5912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 151.573270][ T5912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.123859][ T5929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.138532][ T12] wlan1: authenticated
[ 152.142685][ T5929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.152080][ T12] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[ 152.157502][ T3109] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[ 152.162101][ T5929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.173783][ T3109] wlan1: associated
[ 152.181253][ T5929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.410683][ T4705] Bluetooth: hci0: command tx timeout
[ 152.709197][ T5933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.715069][ T5933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.723521][ T5933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.728740][ T3109] wlan1: AP 08:02:11:00:00:00 tries to chanswitch to same channel, ignore
[ 152.733334][ T5933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.255991][ T5935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.261822][ T5935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.267556][ T5935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.275650][ T5935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.795414][ T5937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.802276][ T5937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.808411][ T5937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.817914][ T5937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 154.344042][ T12] ==================================================================
[ 154.348617][ T12] BUG: KASAN: slab-use-after-free in cmp_bss+0xd4d/0xe80
[ 154.353929][ T12] Read of size 4 at addr ffff888000e6e898 by task kworker/u4:0/12
[ 154.358581][ T12]
[ 154.359711][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498-dirty #0 PREEMPT(full)
[ 154.359727][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 154.359736][ T12] Workqueue: events_unbound cfg80211_wiphy_work
[ 154.359762][ T12] Call Trace:
[ 154.359769][ T12]
[ 154.359775][ T12] dump_stack_lvl+0x189/0x250
[ 154.359790][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 154.359804][ T12] ? rcu_is_watching+0x15/0xb0
[ 154.359870][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 154.359882][ T12] ? rcu_is_watching+0x15/0xb0
[ 154.359892][ T12] ? lock_release+0x4b/0x3e0
[ 154.359907][ T12] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 154.359948][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 154.359959][ T12] ? __virt_addr_valid+0x4a5/0x5c0
[ 154.359970][ T12] print_report+0xca/0x240
[ 154.359980][ T12] ? cmp_bss+0xd4d/0xe80
[ 154.359989][ T12] kasan_report+0x118/0x150
[ 154.360002][ T12] ? ret_from_fork+0x3f9/0x770
[ 154.360014][ T12] ? cmp_bss+0xd4d/0xe80
[ 154.360025][ T12] cmp_bss+0xd4d/0xe80
[ 154.360038][ T12] __cfg80211_bss_update+0xd6/0x2140
[ 154.360051][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 154.360065][ T12] ? trace_kmalloc+0x1f/0xd0
[ 154.360077][ T12] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0
[ 154.360088][ T12] cfg80211_inform_single_bss_data+0xba9/0x1ac0
[ 154.360099][ T12] ? unwind_next_frame+0xa5/0x2390
[ 154.360112][ T12] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[ 154.360129][ T12] ? check_path+0x21/0x40
[ 154.360139][ T12] ? cfg80211_inform_bss_data+0x1e8/0x3b30
[ 154.360151][ T12] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 154.360161][ T12] ? validate_chain+0x897/0x2140
[ 154.360177][ T12] ? __switch_to+0xdae/0x1670
[ 154.360190][ T12] ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[ 154.360200][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.360214][ T12] ? finish_task_switch+0x18b/0x950
[ 154.360230][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.360247][ T12] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 154.360258][ T12] ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 154.360270][ T12] ieee80211_bss_info_update+0x746/0x9e0
[ 154.360282][ T12] ? __pfx_ieee80211_bss_info_update+0x10/0x10
[ 154.360297][ T12] ? ieee80211_get_channel_khz+0x15b/0x8a0
[ 154.360313][ T12] ieee80211_rx_bss_info+0x176/0x280
[ 154.360327][ T12] ieee80211_sta_rx_queued_mgmt+0x1294/0x4470
[ 154.360357][ T12] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[ 154.360371][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.360383][ T12] ? rcu_is_watching+0x15/0xb0
[ 154.360399][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.360415][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.360431][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.360448][ T12] ? kcov_remote_start+0x18e/0x7f0
[ 154.360465][ T12] ieee80211_iface_work+0x652/0x12d0
[ 154.360480][ T12] cfg80211_wiphy_work+0x2b8/0x470
[ 154.360493][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 154.360504][ T12] process_scheduled_works+0xade/0x17b0
[ 154.360522][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 154.360536][ T12] worker_thread+0x8a0/0xda0
[ 154.360551][ T12] kthread+0x70e/0x8a0
[ 154.360564][ T12] ? __pfx_worker_thread+0x10/0x10
[ 154.360573][ T12] ? __pfx_kthread+0x10/0x10
[ 154.360586][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 154.360597][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 154.360608][ T12] ? __pfx_kthread+0x10/0x10
[ 154.360619][ T12] ret_from_fork+0x3f9/0x770
[ 154.360628][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 154.360640][ T12] ? __pfx_kthread+0x10/0x10
[ 154.360652][ T12] ret_from_fork_asm+0x1a/0x30
[ 154.360669][ T12]
[ 154.360673][ T12]
[ 154.535093][ T12] Allocated by task 3109:
[ 154.536991][ T12] kasan_save_track+0x3e/0x80
[ 154.539079][ T12] __kasan_kmalloc+0x93/0xb0
[ 154.541130][ T12] __kmalloc_noprof+0x27a/0x4f0
[ 154.543342][ T12] cfg80211_inform_single_bss_data+0x905/0x1ac0
[ 154.546281][ T12] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 154.549004][ T12] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 154.552009][ T12] ieee80211_bss_info_update+0x746/0x9e0
[ 154.554528][ T12] ieee80211_rx_bss_info+0x176/0x280
[ 154.556968][ T12] ieee80211_rx_mgmt_beacon+0x197d/0x2cd0
[ 154.559513][ T12] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 154.562085][ T12] ieee80211_iface_work+0x652/0x12d0
[ 154.564446][ T12] cfg80211_wiphy_work+0x2b8/0x470
[ 154.566912][ T12] process_scheduled_works+0xade/0x17b0
[ 154.569567][ T12] worker_thread+0x8a0/0xda0
[ 154.571691][ T12] kthread+0x70e/0x8a0
[ 154.573600][ T12] ret_from_fork+0x3f9/0x770
[ 154.575751][ T12] ret_from_fork_asm+0x1a/0x30
[ 154.578148][ T12]
[ 154.579318][ T12] Freed by task 3109:
[ 154.581202][ T12] kasan_save_track+0x3e/0x80
[ 154.583312][ T12] kasan_save_free_info+0x46/0x50
[ 154.585577][ T12] __kasan_slab_free+0x5b/0x80
[ 154.587841][ T12] kmem_cache_free_bulk+0x2d1/0x520
[ 154.590245][ T12] kvfree_rcu_bulk+0xe5/0x1f0
[ 154.592637][ T12] kfree_rcu_monitor+0x211/0x2a0
[ 154.595294][ T12] process_scheduled_works+0xade/0x17b0
[ 154.597787][ T12] worker_thread+0x8a0/0xda0
[ 154.599903][ T12] kthread+0x70e/0x8a0
[ 154.601659][ T12] ret_from_fork+0x3f9/0x770
[ 154.603694][ T12] ret_from_fork_asm+0x1a/0x30
[ 154.605988][ T12]
[ 154.607088][ T12] Last potentially related work creation:
[ 154.609837][ T12] kasan_save_stack+0x3e/0x60
[ 154.612698][ T12] kasan_record_aux_stack+0xbd/0xd0
[ 154.615664][ T12] kvfree_call_rcu+0xbb/0x410
[ 154.617929][ T12] cfg80211_update_known_bss+0x9e8/0x13d0
[ 154.620454][ T12] cfg80211_update_assoc_bss_entry+0x4ba/0x6a0
[ 154.623312][ T12] cfg80211_ch_switch_notify+0x3c1/0x780
[ 154.625845][ T12] ieee80211_sta_process_chanswitch+0xad4/0x2870
[ 154.629053][ T12] ieee80211_rx_mgmt_beacon+0x19c7/0x2cd0
[ 154.632227][ T12] ieee80211_sta_rx_queued_mgmt+0x4ed/0x4470
[ 154.635394][ T12] ieee80211_iface_work+0x652/0x12d0
[ 154.637932][ T12] cfg80211_wiphy_work+0x2b8/0x470
[ 154.640236][ T12] process_scheduled_works+0xade/0x17b0
[ 154.642742][ T12] worker_thread+0x8a0/0xda0
[ 154.644914][ T12] kthread+0x70e/0x8a0
[ 154.646798][ T12] ret_from_fork+0x3f9/0x770
[ 154.648864][ T12] ret_from_fork_asm+0x1a/0x30
[ 154.651013][ T12]
[ 154.652107][ T12] The buggy address belongs to the object at ffff888000e6e880
[ 154.652107][ T12] which belongs to the cache kmalloc-96 of size 96
[ 154.658455][ T12] The buggy address is located 24 bytes inside of
[ 154.658455][ T12] freed 96-byte region [ffff888000e6e880, ffff888000e6e8e0)
[ 154.665185][ T12]
[ 154.666385][ T12] The buggy address belongs to the physical page:
[ 154.669231][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe6e
[ 154.672897][ T12] flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
[ 154.676044][ T12] page_type: f5(slab)
[ 154.678019][ T12] raw: 007ff00000000000 ffff88801a441280 dead000000000100 dead000000000122
[ 154.682325][ T12] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000
[ 154.686518][ T12] page dumped because: kasan: bad access detected
[ 154.689362][ T12] page_owner tracks the page as allocated
[ 154.691843][ T12] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 3109, tgid 3109 (kworker/u4:11), ts 107292613223, free_ts 31900007900
[ 154.701203][ T12] post_alloc_hook+0x240/0x2a0
[ 154.703361][ T12] get_page_from_freelist+0x21e4/0x22c0
[ 154.705858][ T12] __alloc_frozen_pages_noprof+0x181/0x370
[ 154.708518][ T12] allocate_slab+0x65/0x370
[ 154.710606][ T12] ___slab_alloc+0xbeb/0x1410
[ 154.712706][ T12] __kmalloc_node_noprof+0x2fd/0x4e0
[ 154.715071][ T12] allocate_slab+0x16a/0x370
[ 154.717558][ T12] ___slab_alloc+0xbeb/0x1410
[ 154.719898][ T12] kmem_cache_alloc_noprof+0x283/0x3c0
[ 154.722535][ T12] dst_alloc+0x105/0x170
[ 154.724470][ T12] icmp6_dst_alloc+0x75/0x420
[ 154.726629][ T12] mld_sendpack+0x678/0xd80
[ 154.728655][ T12] ipv6_mc_dad_complete+0x88/0x410
[ 154.730955][ T12] addrconf_dad_completed+0x6d5/0xd60
[ 154.733242][ T12] addrconf_dad_work+0xc36/0x14b0
[ 154.735619][ T12] process_scheduled_works+0xade/0x17b0
[ 154.738353][ T12] page last free pid 4756 tgid 4756 stack trace:
[ 154.741313][ T12] __free_frozen_pages+0xbc4/0xd30
[ 154.743672][ T12] rcu_core+0xca8/0x1770
[ 154.745564][ T12] handle_softirqs+0x283/0x870
[ 154.747854][ T12] __irq_exit_rcu+0xca/0x1f0
[ 154.750010][ T12] irq_exit_rcu+0x9/0x30
[ 154.751973][ T12] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 154.754477][ T12] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 154.757128][ T12]
[ 154.758207][ T12] Memory state around the buggy address:
[ 154.760771][ T12] ffff888000e6e780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 154.765148][ T12] ffff888000e6e800: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 154.769652][ T12] >ffff888000e6e880: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 154.773223][ T12] ^
[ 154.775418][ T12] ffff888000e6e900: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 154.779052][ T12] ffff888000e6e980: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 154.782829][ T12] ==================================================================
[ 154.787129][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 154.790815][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498-dirty #0 PREEMPT(full)
[ 154.796382][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 154.801405][ T12] Workqueue: events_unbound cfg80211_wiphy_work
[ 154.804631][ T12] Call Trace:
[ 154.806337][ T12]
[ 154.807699][ T12] dump_stack_lvl+0x99/0x250
[ 154.809731][ T12] ? __asan_memcpy+0x40/0x70
[ 154.811783][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 154.814113][ T12] ? __pfx__printk+0x10/0x10
[ 154.816515][ T12] vpanic+0x281/0x750
[ 154.818337][ T12] ? __pfx_vpanic+0x10/0x10
[ 154.820678][ T12] ? irqentry_exit+0x74/0x90
[ 154.823597][ T12] panic+0xb9/0xc0
[ 154.825746][ T12] ? __pfx_panic+0x10/0x10
[ 154.828117][ T12] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 154.830754][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 154.833364][ T12] ? is_module_address+0x17/0xf0
[ 154.835578][ T12] ? cmp_bss+0xd4d/0xe80
[ 154.837465][ T12] check_panic_on_warn+0x89/0xb0
[ 154.839916][ T12] ? cmp_bss+0xd4d/0xe80
[ 154.842434][ T12] end_report+0x78/0x160
[ 154.844752][ T12] kasan_report+0x129/0x150
[ 154.846890][ T12] ? ret_from_fork+0x3f9/0x770
[ 154.849038][ T12] ? cmp_bss+0xd4d/0xe80
[ 154.850899][ T12] cmp_bss+0xd4d/0xe80
[ 154.852801][ T12] __cfg80211_bss_update+0xd6/0x2140
[ 154.855678][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 154.858408][ T12] ? trace_kmalloc+0x1f/0xd0
[ 154.860523][ T12] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0
[ 154.863152][ T12] cfg80211_inform_single_bss_data+0xba9/0x1ac0
[ 154.865689][ T12] ? unwind_next_frame+0xa5/0x2390
[ 154.867972][ T12] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[ 154.871164][ T12] ? check_path+0x21/0x40
[ 154.873426][ T12] ? cfg80211_inform_bss_data+0x1e8/0x3b30
[ 154.876028][ T12] cfg80211_inform_bss_data+0x1fb/0x3b30
[ 154.878569][ T12] ? validate_chain+0x897/0x2140
[ 154.880748][ T12] ? __switch_to+0xdae/0x1670
[ 154.882907][ T12] ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[ 154.885619][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.888016][ T12] ? finish_task_switch+0x18b/0x950
[ 154.890703][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.893645][ T12] cfg80211_inform_bss_frame_data+0x3d7/0x730
[ 154.897448][ T12] ? ieee80211_bss_info_update+0x2dc/0x9e0
[ 154.900105][ T12] ieee80211_bss_info_update+0x746/0x9e0
[ 154.902577][ T12] ? __pfx_ieee80211_bss_info_update+0x10/0x10
[ 154.905378][ T12] ? ieee80211_get_channel_khz+0x15b/0x8a0
[ 154.908808][ T12] ieee80211_rx_bss_info+0x176/0x280
[ 154.911735][ T12] ieee80211_sta_rx_queued_mgmt+0x1294/0x4470
[ 154.914571][ T12] ? __pfx_ieee80211_sta_rx_queued_mgmt+0x10/0x10
[ 154.917647][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.919904][ T12] ? rcu_is_watching+0x15/0xb0
[ 154.922077][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.924179][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.926374][ T12] ? __lock_acquire+0xab9/0xd20
[ 154.928635][ T12] ? kcov_remote_start+0x18e/0x7f0
[ 154.931119][ T12] ieee80211_iface_work+0x652/0x12d0
[ 154.933667][ T12] cfg80211_wiphy_work+0x2b8/0x470
[ 154.935921][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 154.938460][ T12] process_scheduled_works+0xade/0x17b0
[ 154.941013][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 154.943990][ T12] worker_thread+0x8a0/0xda0
[ 154.946514][ T12] kthread+0x70e/0x8a0
[ 154.948646][ T12] ? __pfx_worker_thread+0x10/0x10
[ 154.951004][ T12] ? __pfx_kthread+0x10/0x10
[ 154.953053][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 154.955368][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 154.957778][ T12] ? __pfx_kthread+0x10/0x10
[ 154.959802][ T12] ret_from_fork+0x3f9/0x770
[ 154.961948][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 154.964258][ T12] ? __pfx_kthread+0x10/0x10
[ 154.966535][ T12] ret_from_fork_asm+0x1a/0x30
[ 154.969329][ T12]
[ 154.971808][ T12] Kernel Offset: disabled
[ 154.974006][ T12] Rebooting in 86400 seconds..