Warning: Permanently added '10.128.0.152' (ED25519) to the list of known hosts. 1970/01/01 00:01:31 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:32 parsed 1 programs [ 95.477871][ T6832] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 105.032876][ T6013] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 105.035750][ T6013] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 105.038168][ T6013] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 105.040763][ T6013] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 105.043008][ T6013] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 105.045518][ T6013] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 105.640658][ T6951] chnl_net:caif_netlink_parms(): no params data found [ 105.669491][ T6951] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.671510][ T6951] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.673551][ T6951] bridge_slave_0: entered allmulticast mode [ 105.675797][ T6951] bridge_slave_0: entered promiscuous mode [ 105.706822][ T6951] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.708753][ T6951] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.710599][ T6951] bridge_slave_1: entered allmulticast mode [ 105.712649][ T6951] bridge_slave_1: entered promiscuous mode [ 105.724891][ T6951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.728513][ T6951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.739471][ T6951] team0: Port device team_slave_0 added [ 105.742294][ T6951] team0: Port device team_slave_1 added [ 105.756487][ T6951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.758293][ T6951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.766096][ T6951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.769843][ T6951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.771611][ T6951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.778936][ T6951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.801229][ T6951] hsr_slave_0: entered promiscuous mode [ 105.803083][ T6951] hsr_slave_1: entered promiscuous mode [ 106.638471][ T6951] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.643560][ T6951] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.650161][ T6951] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.653437][ T6951] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.701324][ T6951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.710308][ T6951] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.714616][ T677] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.716508][ T677] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.725604][ T677] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.727511][ T677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.820939][ T6951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.845482][ T6951] veth0_vlan: entered promiscuous mode [ 106.849716][ T6951] veth1_vlan: entered promiscuous mode [ 106.862272][ T6951] veth0_macvtap: entered promiscuous mode [ 106.868812][ T6951] veth1_macvtap: entered promiscuous mode [ 106.875567][ T6951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.880271][ T6951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.884198][ T6951] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.887413][ T6951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.889756][ T6951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.891997][ T6951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.248294][ T677] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.326221][ T677] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.335699][ T477] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.337758][ T477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.355283][ T477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.357365][ T477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.407198][ T677] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.477687][ T677] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:48 executed programs: 0 [ 108.952739][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 108.957127][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 108.959421][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 108.961922][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 108.964026][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 108.968085][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 109.052047][ T7240] chnl_net:caif_netlink_parms(): no params data found [ 109.083140][ T7240] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.085283][ T7240] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.087269][ T7240] bridge_slave_0: entered allmulticast mode [ 109.089329][ T7240] bridge_slave_0: entered promiscuous mode [ 109.092249][ T7240] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.094171][ T7240] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.099182][ T7240] bridge_slave_1: entered allmulticast mode [ 109.101433][ T7240] bridge_slave_1: entered promiscuous mode [ 109.118248][ T7240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.121925][ T7240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.135930][ T7240] team0: Port device team_slave_0 added [ 109.138715][ T7240] team0: Port device team_slave_1 added [ 109.150623][ T7240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.152510][ T7240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.161898][ T7240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.166389][ T7240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.168165][ T7240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.177204][ T7240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.194101][ T7240] hsr_slave_0: entered promiscuous mode [ 109.197863][ T7240] hsr_slave_1: entered promiscuous mode [ 109.199674][ T7240] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.201706][ T7240] Cannot create hsr debugfs directory [ 110.169132][ T677] bridge_slave_1: left allmulticast mode [ 110.170746][ T677] bridge_slave_1: left promiscuous mode [ 110.172365][ T677] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.176797][ T677] bridge_slave_0: left allmulticast mode [ 110.178340][ T677] bridge_slave_0: left promiscuous mode [ 110.179941][ T677] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.974508][ T55] Bluetooth: hci0: command tx timeout [ 111.646316][ T677] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 111.696550][ T677] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.746624][ T677] bond0 (unregistering): Released all slaves [ 111.834227][ T677] hsr_slave_0: left promiscuous mode [ 111.836648][ T677] hsr_slave_1: left promiscuous mode [ 111.838387][ T677] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.840463][ T677] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.842864][ T677] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.849215][ T677] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.857638][ T677] veth1_macvtap: left promiscuous mode [ 111.859165][ T677] veth0_macvtap: left promiscuous mode [ 111.861045][ T677] veth1_vlan: left promiscuous mode [ 111.862548][ T677] veth0_vlan: left promiscuous mode [ 113.055154][ T55] Bluetooth: hci0: command tx timeout [ 113.466497][ T677] team0 (unregistering): Port device team_slave_1 removed [ 113.635699][ T677] team0 (unregistering): Port device team_slave_0 removed [ 115.134441][ T55] Bluetooth: hci0: command tx timeout [ 116.415350][ T7240] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 116.424689][ T7240] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 116.430959][ T7240] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.434916][ T7240] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.634070][ T7240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.641291][ T7240] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.645625][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.647563][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.652385][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.654291][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.747816][ T7240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.915966][ T7240] veth0_vlan: entered promiscuous mode [ 116.920105][ T7240] veth1_vlan: entered promiscuous mode [ 116.932648][ T7240] veth0_macvtap: entered promiscuous mode [ 116.977114][ T7240] veth1_macvtap: entered promiscuous mode [ 116.985330][ T7240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.990370][ T7240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.994809][ T7240] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.997082][ T7240] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.999375][ T7240] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.001683][ T7240] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.185597][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.187686][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.200141][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.202257][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.215041][ T55] Bluetooth: hci0: command tx timeout 1970/01/01 00:01:57 executed programs: 2 [ 117.373537][ T7430] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.445841][ T6494] wlan1: No basic rates, using min rate instead [ 117.448811][ T6494] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 117.451229][ T6494] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 117.569736][ T553] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 117.675465][ T44] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 117.785194][ T477] wlan1: authentication with 08:02:11:00:00:00 timed out [ 117.814849][ T477] ================================================================== [ 117.817092][ T477] BUG: KASAN: slab-use-after-free in __lock_acquire+0x10c/0x7904 [ 117.819003][ T477] Read of size 8 at addr ffff0000db4590f8 by task kworker/u8:6/477 [ 117.820972][ T477] [ 117.821552][ T477] CPU: 0 UID: 0 PID: 477 Comm: kworker/u8:6 Not tainted 6.14.0-rc7-syzkaller-gb5737d35364f #0 [ 117.821566][ T477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 117.821601][ T477] Workqueue: events_unbound cfg80211_wiphy_work [ 117.821620][ T477] Call trace: [ 117.821623][ T477] show_stack+0x2c/0x3c (C) [ 117.821640][ T477] dump_stack_lvl+0xe4/0x150 [ 117.821654][ T477] print_report+0x198/0x550 [ 117.821667][ T477] kasan_report+0xd8/0x138 [ 117.821678][ T477] __asan_report_load8_noabort+0x20/0x2c [ 117.821691][ T477] __lock_acquire+0x10c/0x7904 [ 117.821703][ T477] lock_acquire+0x23c/0x724 [ 117.821714][ T477] _raw_spin_lock+0x48/0x60 [ 117.821726][ T477] lockref_get+0x20/0x74 [ 117.821740][ T477] simple_recursive_removal+0x40/0x744 [ 117.821754][ T477] debugfs_remove+0x60/0x88 [ 117.821764][ T477] ieee80211_sta_debugfs_remove+0x44/0x6c [ 117.821776][ T477] __sta_info_destroy_part2+0x31c/0x410 [ 117.821790][ T477] sta_info_destroy_addr+0x11c/0x150 [ 117.821802][ T477] ieee80211_destroy_auth_data+0x120/0x248 [ 117.821815][ T477] ieee80211_sta_work+0xe70/0x2e8c [ 117.821827][ T477] ieee80211_iface_work+0xc38/0xcd4 [ 117.821839][ T477] cfg80211_wiphy_work+0x2cc/0x508 [ 117.821852][ T477] process_one_work+0x810/0x1638 [ 117.821864][ T477] worker_thread+0x97c/0xeec [ 117.821876][ T477] kthread+0x65c/0x7b0 [ 117.821887][ T477] ret_from_fork+0x10/0x20 [ 117.821898][ T477] [ 117.858591][ T477] Allocated by task 6494: [ 117.859731][ T477] kasan_save_track+0x40/0x78 [ 117.860983][ T477] kasan_save_alloc_info+0x40/0x50 [ 117.862336][ T477] __kasan_slab_alloc+0x74/0x8c [ 117.863638][ T477] kmem_cache_alloc_lru_noprof+0x258/0x414 [ 117.865128][ T477] __d_alloc+0x44/0x68c [ 117.866211][ T477] d_alloc_parallel+0xc4/0x11bc [ 117.867449][ T477] __lookup_slow+0x108/0x37c [ 117.868649][ T477] lookup_one_len+0x17c/0x2b0 [ 117.869945][ T477] start_creating+0x19c/0x2e0 [ 117.871176][ T477] debugfs_create_dir+0x30/0x3cc [ 117.872450][ T477] ieee80211_sta_debugfs_add+0x118/0x6e4 [ 117.873955][ T477] sta_info_insert_rcu+0xf3c/0x181c [ 117.875381][ T477] sta_info_insert+0x20/0xcc [ 117.876620][ T477] ieee80211_prep_connection+0xd60/0x1110 [ 117.878139][ T477] ieee80211_mgd_auth+0xc74/0x1438 [ 117.879478][ T477] ieee80211_auth+0x28/0x38 [ 117.880658][ T477] cfg80211_mlme_auth+0x4a4/0x8e4 [ 117.881968][ T477] cfg80211_conn_do_work+0x3c8/0xba8 [ 117.883341][ T477] cfg80211_conn_work+0x248/0x44c [ 117.884654][ T477] process_one_work+0x810/0x1638 [ 117.885944][ T477] worker_thread+0x97c/0xeec [ 117.887190][ T477] kthread+0x65c/0x7b0 [ 117.888255][ T477] ret_from_fork+0x10/0x20 [ 117.889397][ T477] [ 117.889989][ T477] Freed by task 25: [ 117.890956][ T477] kasan_save_track+0x40/0x78 [ 117.892195][ T477] kasan_save_free_info+0x54/0x6c [ 117.893517][ T477] __kasan_slab_free+0x64/0x8c [ 117.894794][ T477] kmem_cache_free+0x198/0x554 [ 117.896059][ T477] __d_free+0x28/0x38 [ 117.897072][ T477] rcu_core+0x898/0x1b5c [ 117.898174][ T477] rcu_core_si+0x10/0x1c [ 117.899307][ T477] handle_softirqs+0x320/0xd34 [ 117.900586][ T477] run_ksoftirqd+0x70/0xc0 [ 117.901752][ T477] smpboot_thread_fn+0x4b0/0x90c [ 117.903082][ T477] kthread+0x65c/0x7b0 [ 117.904130][ T477] ret_from_fork+0x10/0x20 [ 117.905292][ T477] [ 117.905900][ T477] Last potentially related work creation: [ 117.907367][ T477] kasan_save_stack+0x40/0x6c [ 117.908655][ T477] kasan_record_aux_stack+0xb4/0xcc [ 117.910006][ T477] call_rcu+0x104/0xb9c [ 117.911156][ T477] dentry_free+0xa8/0x174 [ 117.912361][ T477] __dentry_kill+0x44c/0x5e8 [ 117.913599][ T477] dput+0x1b8/0x290 [ 117.914594][ T477] simple_recursive_removal+0x254/0x744 [ 117.916053][ T477] debugfs_remove+0x60/0x88 [ 117.917237][ T477] ieee80211_debugfs_recreate_netdev+0xbc/0x1360 [ 117.918988][ T477] drv_remove_interface+0x1dc/0x5f0 [ 117.920424][ T477] ieee80211_change_mac+0x90c/0xf74 [ 117.921792][ T477] dev_set_mac_address+0x1f4/0x430 [ 117.923141][ T477] dev_set_mac_address_user+0x44/0x68 [ 117.924616][ T477] dev_ifsioc+0x764/0x9a0 [ 117.925772][ T477] dev_ioctl+0x4d8/0xd34 [ 117.926923][ T477] sock_do_ioctl+0x1d4/0x2d0 [ 117.928091][ T477] sock_ioctl+0x4ec/0x838 [ 117.929242][ T477] __arm64_sys_ioctl+0x14c/0x1cc [ 117.930544][ T477] invoke_syscall+0x98/0x2b8 [ 117.931798][ T477] el0_svc_common+0x130/0x23c [ 117.933073][ T477] do_el0_svc+0x48/0x58 [ 117.934248][ T477] el0_svc+0x54/0x168 [ 117.935297][ T477] el0t_64_sync_handler+0x84/0x108 [ 117.936689][ T477] el0t_64_sync+0x198/0x19c [ 117.937893][ T477] [ 117.938541][ T477] The buggy address belongs to the object at ffff0000db459028 [ 117.938541][ T477] which belongs to the cache dentry of size 312 [ 117.942163][ T477] The buggy address is located 208 bytes inside of [ 117.942163][ T477] freed 312-byte region [ffff0000db459028, ffff0000db459160) [ 117.945861][ T477] [ 117.946488][ T477] The buggy address belongs to the physical page: [ 117.948186][ T477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b458 [ 117.950586][ T477] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 117.952903][ T477] anon flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 117.955063][ T477] page_type: f5(slab) [ 117.956180][ T477] raw: 05ffc00000000040 ffff0000c18a8a00 0000000000000000 dead000000000001 [ 117.958464][ T477] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 117.960835][ T477] head: 05ffc00000000040 ffff0000c18a8a00 0000000000000000 dead000000000001 [ 117.963127][ T477] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 117.965438][ T477] head: 05ffc00000000001 fffffdffc36d1601 ffffffffffffffff 0000000000000000 [ 117.967763][ T477] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 117.970028][ T477] page dumped because: kasan: bad access detected [ 117.971722][ T477] [ 117.972309][ T477] Memory state around the buggy address: [ 117.973797][ T477] ffff0000db458f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 117.975945][ T477] ffff0000db459000: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb [ 117.978126][ T477] >ffff0000db459080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.980262][ T477] ^ [ 117.982409][ T477] ffff0000db459100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 117.984541][ T477] ffff0000db459180: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb [ 117.986650][ T477] ================================================================== [ 117.988743][ T477] Disabling lock debugging due to kernel taint [ 118.008607][ T477] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d8 [ 118.011202][ T477] Mem abort info: [ 118.012172][ T477] ESR = 0x0000000096000004 [ 118.013360][ T477] EC = 0x25: DABT (current EL), IL = 32 bits [ 118.015213][ T477] SET = 0, FnV = 0 [ 118.016258][ T477] EA = 0, S1PTW = 0 [ 118.017303][ T477] FSC = 0x04: level 0 translation fault [ 118.018816][ T477] Data abort info: [ 118.019740][ T477] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 118.021377][ T477] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 118.022977][ T477] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 118.024867][ T477] user pgtable: 4k pages, 48-bit VAs, pgdp=000000010d0ba000 [ 118.026809][ T477] [00000000000000d8] pgd=0000000000000000, p4d=0000000000000000 [ 118.028839][ T477] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 118.030740][ T477] Modules linked in: [ 118.031716][ T477] CPU: 1 UID: 0 PID: 477 Comm: kworker/u8:6 Tainted: G B 6.14.0-rc7-syzkaller-gb5737d35364f #0 [ 118.034728][ T477] Tainted: [B]=BAD_PAGE [ 118.035786][ T477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.038395][ T477] Workqueue: events_unbound cfg80211_wiphy_work [ 118.040015][ T477] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 118.042047][ T477] pc : rwsem_write_trylock+0xc8/0x420 [ 118.043504][ T477] lr : rwsem_write_trylock+0xa8/0x420 [ 118.044988][ T477] sp : ffff80009cae73a0 [ 118.046093][ T477] x29: ffff80009cae7410 x28: dfff800000000000 x27: ffff0000d3631720 [ 118.048209][ T477] x26: 1fffe00019cd002f x25: dfff800000000000 x24: 0000000000000000 [ 118.050267][ T477] x23: 0000000000000000 x22: 1ffff0001395ce78 x21: dfff800000000000 [ 118.052443][ T477] x20: ffff80009cae73e0 x19: 00000000000000d8 x18: 1fffe000366f6086 [ 118.054659][ T477] x17: ffff80008fbbd000 x16: ffff800080464540 x15: 0000000000000001 [ 118.056812][ T477] x14: 1ffff0001395ce7c x13: 0000000000000000 x12: 0000000000000000 [ 118.058894][ T477] x11: ffff70001395ce7d x10: 1ffff0001395ce7c x9 : dfff800000000000 [ 118.060933][ T477] x8 : 0000000000000001 x7 : 1fffe000366f6087 x6 : ffff800080daeac0 [ 118.063007][ T477] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000804645e8 [ 118.065141][ T477] x2 : 0000000000000001 x1 : 0000000000000008 x0 : 0000000000000001 [ 118.067266][ T477] Call trace: [ 118.068133][ T477] rwsem_write_trylock+0xc8/0x420 (P) [ 118.069546][ T477] down_write+0x60/0xc0 [ 118.070691][ T477] simple_recursive_removal+0x90/0x744 [ 118.072148][ T477] debugfs_remove+0x60/0x88 [ 118.073324][ T477] ieee80211_sta_debugfs_remove+0x44/0x6c [ 118.074793][ T477] __sta_info_destroy_part2+0x31c/0x410 [ 118.076254][ T477] sta_info_destroy_addr+0x11c/0x150 [ 118.077631][ T477] ieee80211_destroy_auth_data+0x120/0x248 [ 118.079160][ T477] ieee80211_sta_work+0xe70/0x2e8c [ 118.080514][ T477] ieee80211_iface_work+0xc38/0xcd4 [ 118.081876][ T477] cfg80211_wiphy_work+0x2cc/0x508 [ 118.083295][ T477] process_one_work+0x810/0x1638 [ 118.084601][ T477] worker_thread+0x97c/0xeec [ 118.085795][ T477] kthread+0x65c/0x7b0 [ 118.086917][ T477] ret_from_fork+0x10/0x20 [ 118.088057][ T477] Code: f94023f7 d503201f aa1703f8 52800028 (c8f87e68) [ 118.089910][ T477] ---[ end trace 0000000000000000 ]--- [ 118.204259][ T7435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 118.458324][ T477] Kernel panic - not syncing: Oops: Fatal exception [ 118.460153][ T477] SMP: stopping secondary CPUs [ 118.461419][ T477] Kernel Offset: disabled [ 118.462641][ T477] CPU features: 0x200,00002070,00800250,82017203 [ 118.464254][ T477] Memory Limit: none [ 118.823358][ T477] Rebooting in 86400 seconds..