Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts.
2024/07/17 11:10:44 ignoring optional flag "sandboxArg"="0"
2024/07/17 11:10:44 parsed 1 programs
[ 105.425094][ T5519] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 108.632515][ T5545] chnl_net:caif_netlink_parms(): no params data found
[ 108.691790][ T5545] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.699147][ T5545] bridge0: port 1(bridge_slave_0) entered disabled state
[ 108.706415][ T5545] bridge_slave_0: entered allmulticast mode
[ 108.713582][ T5545] bridge_slave_0: entered promiscuous mode
[ 108.722067][ T5545] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.729382][ T5545] bridge0: port 2(bridge_slave_1) entered disabled state
[ 108.736513][ T5545] bridge_slave_1: entered allmulticast mode
[ 108.743488][ T5545] bridge_slave_1: entered promiscuous mode
[ 108.778327][ T5545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 108.793020][ T5545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 108.826428][ T5545] team0: Port device team_slave_0 added
[ 108.836647][ T5545] team0: Port device team_slave_1 added
[ 108.884511][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 108.891712][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.918174][ T5545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 108.930205][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 108.937278][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.963774][ T5545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 109.010599][ T5545] hsr_slave_0: entered promiscuous mode
[ 109.017416][ T5545] hsr_slave_1: entered promiscuous mode
[ 109.620072][ T5545] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 109.668252][ T5545] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 109.680302][ T5545] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 109.692098][ T5545] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 109.791060][ T5545] 8021q: adding VLAN 0 to HW filter on device bond0
[ 109.817810][ T5545] 8021q: adding VLAN 0 to HW filter on device team0
[ 109.830651][ T786] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.837850][ T786] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 109.870849][ T786] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.878053][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 109.913122][ T5545] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 109.930367][ T5545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 110.101034][ T5545] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 110.155774][ T5545] veth0_vlan: entered promiscuous mode
[ 110.174145][ T5545] veth1_vlan: entered promiscuous mode
[ 110.214286][ T5545] veth0_macvtap: entered promiscuous mode
[ 110.228771][ T5545] veth1_macvtap: entered promiscuous mode
[ 110.252605][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 110.268788][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 110.283412][ T5545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.293085][ T5545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.302831][ T5545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.311867][ T5545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.502070][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.579556][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.661828][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.744889][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 111.024628][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.043474][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.092209][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.104735][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.865109][ T4492] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 111.874067][ T4492] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 111.882722][ T4492] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 111.891742][ T4492] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 111.899536][ T4492] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 111.906967][ T4492] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/07/17 11:10:55 executed programs: 0
[ 112.751875][ T4492] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 112.767135][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 112.775313][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 112.784914][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 112.793035][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 112.802087][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 113.014913][ T5719] chnl_net:caif_netlink_parms(): no params data found
[ 113.114657][ T5719] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.124148][ T5719] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.131973][ T5719] bridge_slave_0: entered allmulticast mode
[ 113.142448][ T5719] bridge_slave_0: entered promiscuous mode
[ 113.152452][ T5719] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.162761][ T5719] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.171321][ T5719] bridge_slave_1: entered allmulticast mode
[ 113.183749][ T5719] bridge_slave_1: entered promiscuous mode
[ 113.221042][ T5719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.233467][ T5719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.274964][ T5719] team0: Port device team_slave_0 added
[ 113.284342][ T5719] team0: Port device team_slave_1 added
[ 113.321749][ T5719] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 113.329718][ T5719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.356293][ T5719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 113.369702][ T5719] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 113.376662][ T5719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.403601][ T5719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 113.462476][ T5719] hsr_slave_0: entered promiscuous mode
[ 113.471703][ T5719] hsr_slave_1: entered promiscuous mode
[ 113.479148][ T5719] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 113.486735][ T5719] Cannot create hsr debugfs directory
[ 114.838561][ T5149] Bluetooth: hci0: command tx timeout
[ 115.521082][ T51] bridge_slave_1: left allmulticast mode
[ 115.527842][ T51] bridge_slave_1: left promiscuous mode
[ 115.533665][ T51] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.545701][ T51] bridge_slave_0: left allmulticast mode
[ 115.552891][ T51] bridge_slave_0: left promiscuous mode
[ 115.566720][ T51] bridge0: port 1(bridge_slave_0) entered disabled state
[ 115.846568][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 115.859954][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 115.870131][ T51] bond0 (unregistering): Released all slaves
[ 115.993920][ T51] hsr_slave_0: left promiscuous mode
[ 116.004451][ T51] hsr_slave_1: left promiscuous mode
[ 116.011583][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 116.024798][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 116.034361][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 116.046624][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 116.070490][ T51] veth1_macvtap: left promiscuous mode
[ 116.076080][ T51] veth0_macvtap: left promiscuous mode
[ 116.084614][ T51] veth1_vlan: left promiscuous mode
[ 116.090139][ T51] veth0_vlan: left promiscuous mode
[ 116.536257][ T51] team0 (unregistering): Port device team_slave_1 removed
[ 116.576795][ T51] team0 (unregistering): Port device team_slave_0 removed
[ 116.917180][ T5149] Bluetooth: hci0: command tx timeout
[ 117.039324][ T5719] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 117.052872][ T5719] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 117.069409][ T5719] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 117.086481][ T5719] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 117.249966][ T5719] 8021q: adding VLAN 0 to HW filter on device bond0
[ 117.299759][ T5719] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.312825][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.320709][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.351975][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.359204][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.766818][ T5719] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 118.019460][ T5719] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.086743][ T5719] veth0_vlan: entered promiscuous mode
[ 118.101103][ T5719] veth1_vlan: entered promiscuous mode
[ 118.141080][ T5719] veth0_macvtap: entered promiscuous mode
[ 118.153359][ T5719] veth1_macvtap: entered promiscuous mode
[ 118.211046][ T5719] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 118.236030][ T5719] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 118.289963][ T5719] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.299544][ T5719] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.308323][ T5719] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.317100][ T5719] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.429855][ T2460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.438390][ T2460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/07/17 11:11:01 executed programs: 2
[ 118.471550][ T2460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.480270][ T2460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.606132][ T5957] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 118.635136][ T786] wlan1: No basic rates, using min rate instead
[ 118.648399][ T786] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 118.657763][ T786] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 118.767562][ T51] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 118.877799][ T51] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 118.987145][ T51] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 118.995376][ T51] ==================================================================
[ 119.003458][ T51] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x1fd0
[ 119.011094][ T51] Read of size 8 at addr ffff88806706cf60 by task kworker/u8:3/51
[ 119.018895][ T51]
[ 119.021220][ T51] CPU: 1 PID: 51 Comm: kworker/u8:3 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a-dirty #0
[ 119.031795][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 119.041927][ T51] Workqueue: events_unbound cfg80211_wiphy_work
[ 119.048350][ T51] Call Trace:
[ 119.051624][ T51]
[ 119.054550][ T51] dump_stack_lvl+0x241/0x360
[ 119.059232][ T51] ? __pfx_dump_stack_lvl+0x10/0x10
[ 119.064522][ T51] ? __pfx__printk+0x10/0x10
[ 119.069097][ T51] ? _printk+0xd5/0x120
[ 119.073238][ T51] ? __virt_addr_valid+0x183/0x520
[ 119.078345][ T51] ? __virt_addr_valid+0x183/0x520
[ 119.083471][ T51] print_report+0x169/0x550
[ 119.087990][ T51] ? __virt_addr_valid+0x183/0x520
[ 119.093126][ T51] ? __virt_addr_valid+0x183/0x520
[ 119.098244][ T51] ? __virt_addr_valid+0x44e/0x520
[ 119.103353][ T51] ? __phys_addr+0xba/0x170
[ 119.107851][ T51] ? __lock_acquire+0x78/0x1fd0
[ 119.112774][ T51] kasan_report+0x143/0x180
[ 119.117270][ T51] ? __lock_acquire+0x78/0x1fd0
[ 119.122109][ T51] __lock_acquire+0x78/0x1fd0
[ 119.126809][ T51] lock_acquire+0x1ed/0x550
[ 119.131391][ T51] ? lockref_get+0x15/0x60
[ 119.135799][ T51] ? __pfx_lock_acquire+0x10/0x10
[ 119.140814][ T51] ? simple_pin_fs+0x91/0x160
[ 119.145477][ T51] ? do_raw_spin_lock+0x14f/0x370
[ 119.150492][ T51] ? __pfx_lock_release+0x10/0x10
[ 119.155512][ T51] _raw_spin_lock+0x2e/0x40
[ 119.160047][ T51] ? lockref_get+0x15/0x60
[ 119.164454][ T51] lockref_get+0x15/0x60
[ 119.168692][ T51] simple_recursive_removal+0x35/0x8e0
[ 119.174139][ T51] ? mntput+0x65/0xc0
[ 119.178107][ T51] ? __pfx_remove_one+0x10/0x10
[ 119.183307][ T51] debugfs_remove+0x49/0x70
[ 119.187806][ T51] ieee80211_sta_debugfs_remove+0x98/0xe0
[ 119.193515][ T51] __sta_info_destroy_part2+0x35e/0x450
[ 119.199063][ T51] sta_info_destroy_addr+0xf4/0x140
[ 119.204260][ T51] ieee80211_destroy_auth_data+0x139/0x270
[ 119.210064][ T51] ieee80211_sta_work+0x1256/0x3850
[ 119.215431][ T51] ? mark_lock+0x9a/0x350
[ 119.219838][ T51] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 119.225368][ T51] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 119.231685][ T51] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 119.237623][ T51] ? lockdep_hardirqs_on+0x99/0x150
[ 119.242829][ T51] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 119.248815][ T51] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 119.255430][ T51] ? skb_dequeue+0x113/0x150
[ 119.260029][ T51] ? ieee80211_iface_work+0xc0d/0xf20
[ 119.265397][ T51] ? ieee80211_iface_work+0xe29/0xf20
[ 119.270762][ T51] ? rcu_is_watching+0x15/0xb0
[ 119.275516][ T51] cfg80211_wiphy_work+0x2db/0x490
[ 119.280624][ T51] ? process_scheduled_works+0x945/0x1830
[ 119.286330][ T51] process_scheduled_works+0xa2c/0x1830
[ 119.291877][ T51] ? __pfx_process_scheduled_works+0x10/0x10
[ 119.297846][ T51] ? assign_work+0x364/0x3d0
[ 119.302426][ T51] worker_thread+0x86d/0xd50
[ 119.307012][ T51] ? __kthread_parkme+0x169/0x1d0
[ 119.312268][ T51] ? __pfx_worker_thread+0x10/0x10
[ 119.317659][ T51] kthread+0x2f0/0x390
[ 119.321914][ T51] ? __pfx_worker_thread+0x10/0x10
[ 119.327021][ T51] ? __pfx_kthread+0x10/0x10
[ 119.331644][ T51] ret_from_fork+0x4b/0x80
[ 119.336226][ T51] ? __pfx_kthread+0x10/0x10
[ 119.340806][ T51] ret_from_fork_asm+0x1a/0x30
[ 119.345651][ T51]
[ 119.348923][ T51]
[ 119.351227][ T51] Allocated by task 786:
[ 119.355445][ T51] kasan_save_track+0x3f/0x80
[ 119.360110][ T51] __kasan_slab_alloc+0x66/0x80
[ 119.364953][ T51] kmem_cache_alloc_lru_noprof+0x139/0x2b0
[ 119.370740][ T51] __d_alloc+0x31/0x700
[ 119.374878][ T51] d_alloc_parallel+0xdf/0x1600
[ 119.379719][ T51] __lookup_slow+0x117/0x3f0
[ 119.384385][ T51] lookup_one_len+0x18b/0x2d0
[ 119.389044][ T51] start_creating+0x187/0x310
[ 119.393711][ T51] debugfs_create_dir+0x25/0x430
[ 119.398633][ T51] ieee80211_sta_debugfs_add+0x132/0x820
[ 119.404255][ T51] sta_info_insert_rcu+0xecf/0x1900
[ 119.409436][ T51] sta_info_insert+0x16/0xc0
[ 119.414013][ T51] ieee80211_prep_connection+0xecd/0x12d0
[ 119.419994][ T51] ieee80211_mgd_auth+0xd42/0x14c0
[ 119.425120][ T51] cfg80211_mlme_auth+0x59f/0x980
[ 119.430141][ T51] cfg80211_conn_do_work+0x5ed/0xe60
[ 119.435420][ T51] cfg80211_conn_work+0x27c/0x4d0
[ 119.440449][ T51] process_scheduled_works+0xa2c/0x1830
[ 119.445988][ T51] worker_thread+0x86d/0xd50
[ 119.450594][ T51] kthread+0x2f0/0x390
[ 119.454653][ T51] ret_from_fork+0x4b/0x80
[ 119.459062][ T51] ret_from_fork_asm+0x1a/0x30
[ 119.463814][ T51]
[ 119.466118][ T51] Freed by task 16:
[ 119.469991][ T51] kasan_save_track+0x3f/0x80
[ 119.474659][ T51] kasan_save_free_info+0x40/0x50
[ 119.479667][ T51] poison_slab_object+0xe0/0x150
[ 119.484590][ T51] __kasan_slab_free+0x37/0x60
[ 119.489341][ T51] kmem_cache_free+0x145/0x350
[ 119.494094][ T51] rcu_core+0xafd/0x1830
[ 119.498320][ T51] handle_softirqs+0x2c4/0x970
[ 119.503086][ T51] run_ksoftirqd+0xca/0x130
[ 119.507585][ T51] smpboot_thread_fn+0x544/0xa30
[ 119.512779][ T51] kthread+0x2f0/0x390
[ 119.516838][ T51] ret_from_fork+0x4b/0x80
[ 119.521248][ T51] ret_from_fork_asm+0x1a/0x30
[ 119.526013][ T51]
[ 119.528321][ T51] Last potentially related work creation:
[ 119.534015][ T51] kasan_save_stack+0x3f/0x60
[ 119.538681][ T51] __kasan_record_aux_stack+0xac/0xc0
[ 119.544034][ T51] call_rcu+0x167/0xa70
[ 119.548178][ T51] __dentry_kill+0x497/0x630
[ 119.552749][ T51] dput+0x19f/0x2b0
[ 119.556622][ T51] simple_recursive_removal+0x2bd/0x8e0
[ 119.562153][ T51] debugfs_remove+0x49/0x70
[ 119.567111][ T51] ieee80211_debugfs_recreate_netdev+0xd5/0x1400
[ 119.573438][ T51] drv_remove_interface+0x1e1/0x590
[ 119.578621][ T51] ieee80211_change_mac+0xaf5/0x11e0
[ 119.584071][ T51] dev_set_mac_address+0x327/0x510
[ 119.589166][ T51] dev_set_mac_address_user+0x31/0x50
[ 119.594522][ T51] dev_ifsioc+0xbd9/0xe70
[ 119.598838][ T51] dev_ioctl+0x719/0x1340
[ 119.603152][ T51] sock_do_ioctl+0x240/0x460
[ 119.607726][ T51] sock_ioctl+0x629/0x8e0
[ 119.612210][ T51] __se_sys_ioctl+0xfc/0x170
[ 119.616783][ T51] do_syscall_64+0xf3/0x230
[ 119.621273][ T51] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.627327][ T51]
[ 119.629640][ T51] The buggy address belongs to the object at ffff88806706ceb0
[ 119.629640][ T51] which belongs to the cache dentry of size 312
[ 119.643298][ T51] The buggy address is located 176 bytes inside of
[ 119.643298][ T51] freed 312-byte region [ffff88806706ceb0, ffff88806706cfe8)
[ 119.657106][ T51]
[ 119.659560][ T51] The buggy address belongs to the physical page:
[ 119.666136][ T51] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6706c
[ 119.675778][ T51] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 119.684584][ T51] memcg:ffff88802d138201
[ 119.688805][ T51] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 119.696861][ T51] page_type: 0xffffefff(slab)
[ 119.701522][ T51] raw: 00fff00000000040 ffff888015ef98c0 ffffea00019c0d80 dead000000000003
[ 119.710175][ T51] raw: 0000000000000000 0000000000150015 00000001ffffefff ffff88802d138201
[ 119.718846][ T51] head: 00fff00000000040 ffff888015ef98c0 ffffea00019c0d80 dead000000000003
[ 119.727522][ T51] head: 0000000000000000 0000000000150015 00000001ffffefff ffff88802d138201
[ 119.736264][ T51] head: 00fff00000000001 ffffea00019c1b01 ffffffffffffffff 0000000000000000
[ 119.744921][ T51] head: 0000000700000002 0000000000000000 00000000ffffffff 0000000000000000
[ 119.753587][ T51] page dumped because: kasan: bad access detected
[ 119.759990][ T51] page_owner tracks the page as allocated
[ 119.765688][ T51] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4548, tgid 4548 (udevd), ts 79059185868, free_ts 66719430476
[ 119.789739][ T51] post_alloc_hook+0x1f3/0x230
[ 119.794586][ T51] get_page_from_freelist+0x2e4c/0x2f10
[ 119.800117][ T51] __alloc_pages_noprof+0x256/0x6c0
[ 119.805303][ T51] alloc_slab_page+0x5f/0x120
[ 119.809969][ T51] allocate_slab+0x5a/0x2f0
[ 119.814464][ T51] ___slab_alloc+0xcd1/0x14b0
[ 119.819143][ T51] __slab_alloc+0x58/0xa0
[ 119.823479][ T51] kmem_cache_alloc_lru_noprof+0x1c5/0x2b0
[ 119.829278][ T51] __d_alloc+0x31/0x700
[ 119.833427][ T51] d_alloc_parallel+0xdf/0x1600
[ 119.838268][ T51] __lookup_slow+0x117/0x3f0
[ 119.842843][ T51] lookup_slow+0x53/0x70
[ 119.847243][ T51] walk_component+0x2e1/0x410
[ 119.851906][ T51] path_lookupat+0x16f/0x450
[ 119.856482][ T51] filename_lookup+0x256/0x610
[ 119.861233][ T51] user_path_at_empty+0x42/0x60
[ 119.866080][ T51] page last free pid 5092 tgid 5092 stack trace:
[ 119.872497][ T51] free_unref_folios+0xf23/0x19e0
[ 119.877515][ T51] folios_put_refs+0x93a/0xa60
[ 119.882471][ T51] free_pages_and_swap_cache+0x2ea/0x690
[ 119.888114][ T51] tlb_flush_mmu+0x3a3/0x680
[ 119.892705][ T51] tlb_finish_mmu+0xd4/0x200
[ 119.897285][ T51] unmap_region+0x2df/0x350
[ 119.901806][ T51] do_vmi_align_munmap+0x1122/0x18c0
[ 119.907265][ T51] do_vmi_munmap+0x261/0x2f0
[ 119.911852][ T51] __vm_munmap+0x1fc/0x400
[ 119.916265][ T51] __x64_sys_munmap+0x68/0x80
[ 119.921024][ T51] do_syscall_64+0xf3/0x230
[ 119.925514][ T51] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.931398][ T51]
[ 119.933705][ T51] Memory state around the buggy address:
[ 119.939339][ T51] ffff88806706ce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 119.947395][ T51] ffff88806706ce80: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[ 119.955440][ T51] >ffff88806706cf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 119.963492][ T51] ^
[ 119.970670][ T51] ffff88806706cf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 119.978715][ T51] ffff88806706d000: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb
[ 119.986758][ T51] ==================================================================
[ 119.994801][ T51] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 120.001989][ T51] CPU: 1 PID: 51 Comm: kworker/u8:3 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a-dirty #0
[ 120.012739][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 120.022912][ T51] Workqueue: events_unbound cfg80211_wiphy_work
[ 120.029296][ T51] Call Trace:
[ 120.032576][ T51]
[ 120.035592][ T51] dump_stack_lvl+0x241/0x360
[ 120.040278][ T51] ? __pfx_dump_stack_lvl+0x10/0x10
[ 120.045731][ T51] ? __pfx__printk+0x10/0x10
[ 120.050304][ T51] ? rcu_is_watching+0x15/0xb0
[ 120.055140][ T51] ? lock_release+0xbf/0x9f0
[ 120.059719][ T51] ? vscnprintf+0x5d/0x90
[ 120.064146][ T51] panic+0x349/0x860
[ 120.068029][ T51] ? check_panic_on_warn+0x21/0xb0
[ 120.073136][ T51] ? __pfx_panic+0x10/0x10
[ 120.077536][ T51] ? do_raw_spin_unlock+0x13c/0x8b0
[ 120.082723][ T51] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 120.088619][ T51] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 120.094938][ T51] ? print_report+0x502/0x550
[ 120.099694][ T51] check_panic_on_warn+0x86/0xb0
[ 120.104633][ T51] ? __lock_acquire+0x78/0x1fd0
[ 120.109480][ T51] end_report+0x77/0x160
[ 120.113722][ T51] kasan_report+0x154/0x180
[ 120.118216][ T51] ? __lock_acquire+0x78/0x1fd0
[ 120.123054][ T51] __lock_acquire+0x78/0x1fd0
[ 120.127899][ T51] lock_acquire+0x1ed/0x550
[ 120.132404][ T51] ? lockref_get+0x15/0x60
[ 120.136822][ T51] ? __pfx_lock_acquire+0x10/0x10
[ 120.141928][ T51] ? simple_pin_fs+0x91/0x160
[ 120.146614][ T51] ? do_raw_spin_lock+0x14f/0x370
[ 120.151663][ T51] ? __pfx_lock_release+0x10/0x10
[ 120.156683][ T51] _raw_spin_lock+0x2e/0x40
[ 120.161174][ T51] ? lockref_get+0x15/0x60
[ 120.165576][ T51] lockref_get+0x15/0x60
[ 120.169803][ T51] simple_recursive_removal+0x35/0x8e0
[ 120.175261][ T51] ? mntput+0x65/0xc0
[ 120.179235][ T51] ? __pfx_remove_one+0x10/0x10
[ 120.184161][ T51] debugfs_remove+0x49/0x70
[ 120.188745][ T51] ieee80211_sta_debugfs_remove+0x98/0xe0
[ 120.194458][ T51] __sta_info_destroy_part2+0x35e/0x450
[ 120.199999][ T51] sta_info_destroy_addr+0xf4/0x140
[ 120.205293][ T51] ieee80211_destroy_auth_data+0x139/0x270
[ 120.211201][ T51] ieee80211_sta_work+0x1256/0x3850
[ 120.216411][ T51] ? mark_lock+0x9a/0x350
[ 120.220737][ T51] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 120.226375][ T51] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 120.232696][ T51] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 120.238586][ T51] ? lockdep_hardirqs_on+0x99/0x150
[ 120.243774][ T51] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 120.249660][ T51] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 120.255978][ T51] ? skb_dequeue+0x113/0x150
[ 120.260556][ T51] ? ieee80211_iface_work+0xc0d/0xf20
[ 120.265982][ T51] ? ieee80211_iface_work+0xe29/0xf20
[ 120.271431][ T51] ? rcu_is_watching+0x15/0xb0
[ 120.276191][ T51] cfg80211_wiphy_work+0x2db/0x490
[ 120.281298][ T51] ? process_scheduled_works+0x945/0x1830
[ 120.287094][ T51] process_scheduled_works+0xa2c/0x1830
[ 120.292665][ T51] ? __pfx_process_scheduled_works+0x10/0x10
[ 120.298899][ T51] ? assign_work+0x364/0x3d0
[ 120.303484][ T51] worker_thread+0x86d/0xd50
[ 120.308067][ T51] ? __kthread_parkme+0x169/0x1d0
[ 120.313080][ T51] ? __pfx_worker_thread+0x10/0x10
[ 120.318267][ T51] kthread+0x2f0/0x390
[ 120.322324][ T51] ? __pfx_worker_thread+0x10/0x10
[ 120.327425][ T51] ? __pfx_kthread+0x10/0x10
[ 120.332005][ T51] ret_from_fork+0x4b/0x80
[ 120.336441][ T51] ? __pfx_kthread+0x10/0x10
[ 120.341047][ T51] ret_from_fork_asm+0x1a/0x30
[ 120.345815][ T51]
[ 120.349226][ T51] Kernel Offset: disabled
[ 120.353577][ T51] Rebooting in 86400 seconds..