Warning: Permanently added '[localhost]:14428' (ED25519) to the list of known hosts.
2025/07/24 03:49:11 ignoring optional flag "sandboxArg"="0"
2025/07/24 03:49:12 parsed 1 programs
[ 137.904210][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[ 137.907192][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[ 140.286681][ T5634] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 147.138028][ T4684] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 147.145658][ T4684] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 147.151624][ T4684] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 147.158591][ T4684] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 147.163010][ T4684] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 148.550696][ T5690] chnl_net:caif_netlink_parms(): no params data found
[ 148.613401][ T5690] bridge0: port 1(bridge_slave_0) entered blocking state
[ 148.616978][ T5690] bridge0: port 1(bridge_slave_0) entered disabled state
[ 148.620585][ T5690] bridge_slave_0: entered allmulticast mode
[ 148.624814][ T5690] bridge_slave_0: entered promiscuous mode
[ 148.630122][ T5690] bridge0: port 2(bridge_slave_1) entered blocking state
[ 148.633386][ T5690] bridge0: port 2(bridge_slave_1) entered disabled state
[ 148.636663][ T5690] bridge_slave_1: entered allmulticast mode
[ 148.641695][ T5690] bridge_slave_1: entered promiscuous mode
[ 148.665975][ T5690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 148.673354][ T5690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 148.697667][ T5690] team0: Port device team_slave_0 added
[ 148.703252][ T5690] team0: Port device team_slave_1 added
[ 148.726344][ T5690] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 148.730786][ T5690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 148.742996][ T5690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 148.751222][ T5690] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 148.754357][ T5690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 148.766936][ T5690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 148.804230][ T5690] hsr_slave_0: entered promiscuous mode
[ 148.807636][ T5690] hsr_slave_1: entered promiscuous mode
[ 149.463110][ T5690] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 149.483064][ T5690] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 149.503264][ T5690] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 149.510177][ T5690] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 149.670334][ T5690] 8021q: adding VLAN 0 to HW filter on device bond0
[ 149.688657][ T5690] 8021q: adding VLAN 0 to HW filter on device team0
[ 149.715919][ T31] bridge0: port 1(bridge_slave_0) entered blocking state
[ 149.719191][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 149.737926][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 149.741247][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 150.086494][ T5690] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 150.173353][ T5690] veth0_vlan: entered promiscuous mode
[ 150.193794][ T5690] veth1_vlan: entered promiscuous mode
[ 150.245118][ T5690] veth0_macvtap: entered promiscuous mode
[ 150.270096][ T5690] veth1_macvtap: entered promiscuous mode
[ 150.294767][ T5690] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 150.315557][ T5690] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 150.334654][ T5690] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.338694][ T5690] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.350619][ T5690] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.354885][ T5690] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.638598][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 150.714849][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 150.798230][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 151.694383][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 152.281223][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 152.284777][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 152.371228][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 152.375806][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 153.320430][ T12] bridge_slave_1: left allmulticast mode
[ 153.331167][ T12] bridge_slave_1: left promiscuous mode
[ 153.344295][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 153.370987][ T12] bridge_slave_0: left allmulticast mode
[ 153.374233][ T12] bridge_slave_0: left promiscuous mode
[ 153.408000][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
2025/07/24 03:49:31 executed programs: 0
[ 154.146275][ T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 154.151780][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 154.155601][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 154.160305][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 154.164810][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 154.211131][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 154.217068][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 154.225251][ T12] bond0 (unregistering): Released all slaves
[ 154.375047][ T12] hsr_slave_0: left promiscuous mode
[ 154.390024][ T12] hsr_slave_1: left promiscuous mode
[ 154.392949][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 154.396234][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 154.410402][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 154.413806][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 154.441956][ T12] veth1_macvtap: left promiscuous mode
[ 154.444574][ T12] veth0_macvtap: left promiscuous mode
[ 154.447564][ T12] veth1_vlan: left promiscuous mode
[ 154.469148][ T12] veth0_vlan: left promiscuous mode
[ 155.124139][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 155.181738][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 155.851383][ T5789] chnl_net:caif_netlink_parms(): no params data found
[ 156.220159][ T45] Bluetooth: hci0: command tx timeout
[ 156.375995][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[ 156.396624][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[ 156.411645][ T5789] bridge_slave_0: entered allmulticast mode
[ 156.423344][ T5789] bridge_slave_0: entered promiscuous mode
[ 156.443705][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[ 156.450228][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[ 156.453896][ T5789] bridge_slave_1: entered allmulticast mode
[ 156.489341][ T5789] bridge_slave_1: entered promiscuous mode
[ 156.632391][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 156.661262][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 156.801674][ T5789] team0: Port device team_slave_0 added
[ 156.825105][ T5789] team0: Port device team_slave_1 added
[ 156.893783][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 156.897040][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 156.930628][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 156.960282][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 156.963515][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 157.001991][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 157.101542][ T5789] hsr_slave_0: entered promiscuous mode
[ 157.121502][ T5789] hsr_slave_1: entered promiscuous mode
[ 157.654155][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 157.671565][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 157.686461][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 157.709977][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 157.875596][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[ 157.910895][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[ 157.925182][ T1038] bridge0: port 1(bridge_slave_0) entered blocking state
[ 157.928630][ T1038] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 157.961037][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[ 157.964660][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 158.032332][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 158.300016][ T45] Bluetooth: hci0: command tx timeout
[ 158.332336][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 158.414189][ T5789] veth0_vlan: entered promiscuous mode
[ 158.440420][ T5789] veth1_vlan: entered promiscuous mode
[ 158.493138][ T5789] veth0_macvtap: entered promiscuous mode
[ 158.503982][ T5789] veth1_macvtap: entered promiscuous mode
[ 158.534592][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 158.552588][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 158.558015][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 158.579594][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 158.583674][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 158.587466][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 158.721151][ T1038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 158.725350][ T1038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 158.792348][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 158.809487][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 158.881377][ T5867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 158.919933][ T5867] wlan1: No basic rates, using min rate instead
[ 158.925890][ T5867] wlan1: authenticate with aa:09:b7:99:c0:d7 (local address=08:02:11:00:00:01)
[ 158.942559][ T5867] wlan1: send auth to aa:09:b7:99:c0:d7 (try 1/3)
[ 158.950036][ T12] wlan1: send auth to aa:09:b7:99:c0:d7 (try 2/3)
[ 158.978613][ T12] wlan1: send auth to aa:09:b7:99:c0:d7 (try 3/3)
[ 158.987571][ T12] wlan1: authentication with aa:09:b7:99:c0:d7 timed out
[ 159.005295][ T12] ==================================================================
[ 159.008906][ T12] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[ 159.012290][ T12] Read of size 1 at addr ffff888042ff76d8 by task kworker/u4:0/12
[ 159.016631][ T12]
[ 159.017576][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted 6.16.0-rc7-syzkaller-g25fae0b93d1d-dirty #0 PREEMPT(full)
[ 159.017590][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 159.017598][ T12] Workqueue: events_unbound cfg80211_wiphy_work
[ 159.017672][ T12] Call Trace:
[ 159.017699][ T12]
[ 159.017707][ T12] dump_stack_lvl+0x189/0x250
[ 159.017722][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 159.017737][ T12] ? rcu_is_watching+0x15/0xb0
[ 159.017779][ T12] ? __kasan_check_byte+0x12/0x40
[ 159.017795][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 159.017807][ T12] ? rcu_is_watching+0x15/0xb0
[ 159.017820][ T12] ? lock_release+0x4b/0x3e0
[ 159.017832][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 159.017845][ T12] ? __virt_addr_valid+0x4a5/0x5c0
[ 159.017861][ T12] print_report+0xca/0x230
[ 159.017871][ T12] ? _raw_spin_lock+0x2e/0x40
[ 159.017889][ T12] kasan_report+0x118/0x150
[ 159.017902][ T12] ? _raw_spin_lock+0x2e/0x40
[ 159.017920][ T12] ? lockref_get+0x15/0x60
[ 159.017932][ T12] __kasan_check_byte+0x2a/0x40
[ 159.017946][ T12] lock_acquire+0x8d/0x360
[ 159.017960][ T12] _raw_spin_lock+0x2e/0x40
[ 159.017975][ T12] ? lockref_get+0x15/0x60
[ 159.017995][ T12] lockref_get+0x15/0x60
[ 159.018006][ T12] simple_recursive_removal+0x35/0x690
[ 159.018021][ T12] ? mntput+0x65/0xc0
[ 159.018032][ T12] ? __pfx_remove_one+0x10/0x10
[ 159.018047][ T12] debugfs_remove+0x5b/0x70
[ 159.018060][ T12] ieee80211_sta_debugfs_remove+0x8e/0xc0
[ 159.018078][ T12] __sta_info_destroy_part2+0x352/0x450
[ 159.018095][ T12] sta_info_destroy_addr+0xf5/0x140
[ 159.018108][ T12] ieee80211_destroy_auth_data+0x12d/0x260
[ 159.018127][ T12] ieee80211_sta_work+0x11cf/0x3600
[ 159.018139][ T12] ? __lock_acquire+0xab9/0xd20
[ 159.018154][ T12] ? __lock_acquire+0xab9/0xd20
[ 159.018168][ T12] ? __lock_acquire+0xab9/0xd20
[ 159.018178][ T12] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 159.018194][ T12] ? do_raw_spin_lock+0x121/0x290
[ 159.018211][ T12] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 159.018229][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 159.018240][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 159.018255][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 159.018273][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 159.018289][ T12] ? skb_dequeue+0x10e/0x150
[ 159.018302][ T12] ? ieee80211_iface_work+0xcdb/0xfe0
[ 159.018313][ T12] ? ieee80211_iface_work+0xeef/0xfe0
[ 159.018326][ T12] ? rcu_is_watching+0x15/0xb0
[ 159.018340][ T12] cfg80211_wiphy_work+0x2df/0x460
[ 159.018353][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 159.018368][ T12] process_scheduled_works+0xae1/0x17b0
[ 159.018387][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 159.018404][ T12] worker_thread+0x8a0/0xda0
[ 159.018423][ T12] kthread+0x70e/0x8a0
[ 159.018441][ T12] ? __pfx_worker_thread+0x10/0x10
[ 159.018454][ T12] ? __pfx_kthread+0x10/0x10
[ 159.018469][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 159.018486][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 159.018495][ T12] ? __pfx_kthread+0x10/0x10
[ 159.018511][ T12] ret_from_fork+0x3fc/0x770
[ 159.018525][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 159.018538][ T12] ? __pfx_kthread+0x10/0x10
[ 159.018554][ T12] ret_from_fork_asm+0x1a/0x30
[ 159.018572][ T12]
[ 159.018576][ T12]
[ 159.156633][ T12] Allocated by task 5867:
[ 159.158816][ T12] kasan_save_track+0x3e/0x80
[ 159.161391][ T12] __kasan_slab_alloc+0x6c/0x80
[ 159.163728][ T12] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 159.166152][ T12] __d_alloc+0x31/0x6f0
[ 159.168096][ T12] d_alloc_parallel+0xe0/0x14e0
[ 159.170041][ T12] __lookup_slow+0x116/0x3d0
[ 159.172213][ T12] start_creating+0x22e/0x3c0
[ 159.174129][ T12] debugfs_create_dir+0x28/0x420
[ 159.176165][ T12] ieee80211_sta_debugfs_add+0x12c/0x850
[ 159.178710][ T12] sta_info_insert_rcu+0xfac/0x1940
[ 159.181156][ T12] sta_info_insert+0x16/0xc0
[ 159.182959][ T12] ieee80211_prep_connection+0x10cd/0x1600
[ 159.185543][ T12] ieee80211_mgd_auth+0xee3/0x1770
[ 159.187747][ T12] cfg80211_mlme_auth+0x632/0x9c0
[ 159.189741][ T12] cfg80211_conn_do_work+0x501/0xd10
[ 159.191752][ T12] cfg80211_connect+0x1862/0x21a0
[ 159.194210][ T12] nl80211_connect+0x17bc/0x1cd0
[ 159.196692][ T12] genl_family_rcv_msg_doit+0x212/0x300
[ 159.199325][ T12] genl_rcv_msg+0x60e/0x790
[ 159.201251][ T12] netlink_rcv_skb+0x208/0x470
[ 159.203121][ T12] genl_rcv+0x28/0x40
[ 159.204679][ T12] netlink_unicast+0x759/0x8e0
[ 159.206533][ T12] netlink_sendmsg+0x805/0xb30
[ 159.208386][ T12] __sock_sendmsg+0x21c/0x270
[ 159.210321][ T12] ____sys_sendmsg+0x505/0x830
[ 159.212493][ T12] ___sys_sendmsg+0x21f/0x2a0
[ 159.214633][ T12] __x64_sys_sendmsg+0x19b/0x260
[ 159.216726][ T12] do_syscall_64+0xfa/0x3b0
[ 159.218496][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 159.220802][ T12]
[ 159.221785][ T12] Freed by task 15:
[ 159.223297][ T12] kasan_save_track+0x3e/0x80
[ 159.225247][ T12] kasan_save_free_info+0x46/0x50
[ 159.227219][ T12] __kasan_slab_free+0x62/0x70
[ 159.229242][ T12] kmem_cache_free+0x18f/0x400
[ 159.231238][ T12] rcu_core+0xca5/0x1710
[ 159.233237][ T12] handle_softirqs+0x286/0x870
[ 159.235505][ T12] run_ksoftirqd+0x9b/0x100
[ 159.237632][ T12] smpboot_thread_fn+0x53f/0xa60
[ 159.239781][ T12] kthread+0x70e/0x8a0
[ 159.241472][ T12] ret_from_fork+0x3fc/0x770
[ 159.243328][ T12] ret_from_fork_asm+0x1a/0x30
[ 159.245329][ T12]
[ 159.246402][ T12] Last potentially related work creation:
[ 159.248735][ T12] kasan_save_stack+0x3e/0x60
[ 159.250678][ T12] kasan_record_aux_stack+0xbd/0xd0
[ 159.252851][ T12] call_rcu+0x157/0x9c0
[ 159.254591][ T12] __dentry_kill+0x4d2/0x660
[ 159.256502][ T12] dput+0x19f/0x2b0
[ 159.258219][ T12] find_next_child+0x1e5/0x250
[ 159.260343][ T12] simple_recursive_removal+0xf4/0x690
[ 159.262776][ T12] debugfs_remove+0x5b/0x70
[ 159.264613][ T12] ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[ 159.267094][ T12] drv_remove_interface+0x1fa/0x590
[ 159.269126][ T12] ieee80211_change_mac+0x912/0x12c0
[ 159.271334][ T12] netif_set_mac_address+0x2f9/0x4c0
[ 159.273708][ T12] do_setlink+0x88c/0x41c0
[ 159.275637][ T12] rtnl_newlink+0x160b/0x1c70
[ 159.277522][ T12] rtnetlink_rcv_msg+0x7cf/0xb70
[ 159.279812][ T12] netlink_rcv_skb+0x208/0x470
[ 159.281657][ T12] netlink_unicast+0x759/0x8e0
[ 159.283289][ T12] netlink_sendmsg+0x805/0xb30
[ 159.285230][ T12] __sock_sendmsg+0x21c/0x270
[ 159.287318][ T12] ____sys_sendmsg+0x505/0x830
[ 159.289531][ T12] ___sys_sendmsg+0x21f/0x2a0
[ 159.291853][ T12] __x64_sys_sendmsg+0x19b/0x260
[ 159.294559][ T12] do_syscall_64+0xfa/0x3b0
[ 159.296408][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 159.298969][ T12]
[ 159.300055][ T12] The buggy address belongs to the object at ffff888042ff7608
[ 159.300055][ T12] which belongs to the cache dentry of size 312
[ 159.305454][ T12] The buggy address is located 208 bytes inside of
[ 159.305454][ T12] freed 312-byte region [ffff888042ff7608, ffff888042ff7740)
[ 159.310932][ T12]
[ 159.312120][ T12] The buggy address belongs to the physical page:
[ 159.314960][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42ff6
[ 159.318966][ T12] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 159.322421][ T12] memcg:ffff88803440e501
[ 159.324162][ T12] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 159.327207][ T12] page_type: f5(slab)
[ 159.329184][ T12] raw: 04fff00000000040 ffff888030413780 ffffea00010c1d00 dead000000000003
[ 159.332608][ T12] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff88803440e501
[ 159.336256][ T12] head: 04fff00000000040 ffff888030413780 ffffea00010c1d00 dead000000000003
[ 159.339553][ T12] head: 0000000000000000 0000000000150015 00000000f5000000 ffff88803440e501
[ 159.343071][ T12] head: 04fff00000000001 ffffea00010bfd81 00000000ffffffff 00000000ffffffff
[ 159.346649][ T12] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 159.350211][ T12] page dumped because: kasan: bad access detected
[ 159.352926][ T12] page_owner tracks the page as allocated
[ 159.355111][ T12] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4744, tgid 4744 (udevd), ts 37683151774, free_ts 0
[ 159.363147][ T12] post_alloc_hook+0x240/0x2a0
[ 159.365173][ T12] get_page_from_freelist+0x21e4/0x22c0
[ 159.367289][ T12] __alloc_frozen_pages_noprof+0x181/0x370
[ 159.369551][ T12] alloc_pages_mpol+0x232/0x4a0
[ 159.371908][ T12] allocate_slab+0x8a/0x3b0
[ 159.374720][ T12] ___slab_alloc+0xbfc/0x1480
[ 159.377249][ T12] kmem_cache_alloc_lru_noprof+0x288/0x3d0
[ 159.379843][ T12] __d_alloc+0x31/0x6f0
[ 159.381669][ T12] d_alloc_parallel+0xe0/0x14e0
[ 159.383851][ T12] path_openat+0xa3b/0x3830
[ 159.385785][ T12] do_filp_open+0x1fa/0x410
[ 159.387825][ T12] do_sys_openat2+0x121/0x1c0
[ 159.389923][ T12] __x64_sys_openat+0x138/0x170
[ 159.392093][ T12] do_syscall_64+0xfa/0x3b0
[ 159.394084][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 159.396681][ T12] page_owner free stack trace missing
[ 159.399235][ T12]
[ 159.400572][ T12] Memory state around the buggy address:
[ 159.403378][ T12] ffff888042ff7580: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[ 159.406704][ T12] ffff888042ff7600: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 159.410194][ T12] >ffff888042ff7680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 159.413693][ T12] ^
[ 159.416533][ T12] ffff888042ff7700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 159.420160][ T12] ffff888042ff7780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 159.424263][ T12] ==================================================================
[ 159.429616][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 159.432936][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted 6.16.0-rc7-syzkaller-g25fae0b93d1d-dirty #0 PREEMPT(full)
[ 159.438270][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 159.443337][ T12] Workqueue: events_unbound cfg80211_wiphy_work
[ 159.446406][ T12] Call Trace:
[ 159.447938][ T12]
[ 159.449275][ T12] dump_stack_lvl+0x99/0x250
[ 159.451324][ T12] ? __asan_memcpy+0x40/0x70
[ 159.453408][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 159.455762][ T12] ? __pfx__printk+0x10/0x10
[ 159.457916][ T12] panic+0x2db/0x790
[ 159.459630][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 159.461841][ T12] ? __pfx_panic+0x10/0x10
[ 159.463753][ T12] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 159.466407][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 159.469348][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 159.472530][ T12] ? _raw_spin_lock+0x2e/0x40
[ 159.474741][ T12] check_panic_on_warn+0x89/0xb0
[ 159.477112][ T12] ? _raw_spin_lock+0x2e/0x40
[ 159.479360][ T12] end_report+0x78/0x160
[ 159.481158][ T12] kasan_report+0x129/0x150
[ 159.483062][ T12] ? _raw_spin_lock+0x2e/0x40
[ 159.485266][ T12] ? lockref_get+0x15/0x60
[ 159.487386][ T12] __kasan_check_byte+0x2a/0x40
[ 159.489877][ T12] lock_acquire+0x8d/0x360
[ 159.492087][ T12] _raw_spin_lock+0x2e/0x40
[ 159.494248][ T12] ? lockref_get+0x15/0x60
[ 159.496345][ T12] lockref_get+0x15/0x60
[ 159.498288][ T12] simple_recursive_removal+0x35/0x690
[ 159.500616][ T12] ? mntput+0x65/0xc0
[ 159.502396][ T12] ? __pfx_remove_one+0x10/0x10
[ 159.504784][ T12] debugfs_remove+0x5b/0x70
[ 159.506991][ T12] ieee80211_sta_debugfs_remove+0x8e/0xc0
[ 159.509619][ T12] __sta_info_destroy_part2+0x352/0x450
[ 159.512038][ T12] sta_info_destroy_addr+0xf5/0x140
[ 159.514515][ T12] ieee80211_destroy_auth_data+0x12d/0x260
[ 159.517224][ T12] ieee80211_sta_work+0x11cf/0x3600
[ 159.519592][ T12] ? __lock_acquire+0xab9/0xd20
[ 159.521855][ T12] ? __lock_acquire+0xab9/0xd20
[ 159.524063][ T12] ? __lock_acquire+0xab9/0xd20
[ 159.526415][ T12] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 159.528754][ T12] ? do_raw_spin_lock+0x121/0x290
[ 159.531124][ T12] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 159.533870][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 159.536331][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 159.538953][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 159.541654][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 159.543981][ T12] ? skb_dequeue+0x10e/0x150
[ 159.546122][ T12] ? ieee80211_iface_work+0xcdb/0xfe0
[ 159.548574][ T12] ? ieee80211_iface_work+0xeef/0xfe0
[ 159.551000][ T12] ? rcu_is_watching+0x15/0xb0
[ 159.553227][ T12] cfg80211_wiphy_work+0x2df/0x460
[ 159.555707][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 159.558263][ T12] process_scheduled_works+0xae1/0x17b0
[ 159.560822][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 159.563366][ T12] worker_thread+0x8a0/0xda0
[ 159.565514][ T12] kthread+0x70e/0x8a0
[ 159.567273][ T12] ? __pfx_worker_thread+0x10/0x10
[ 159.569501][ T12] ? __pfx_kthread+0x10/0x10
[ 159.571637][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 159.574363][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 159.577118][ T12] ? __pfx_kthread+0x10/0x10
[ 159.579376][ T12] ret_from_fork+0x3fc/0x770
[ 159.581469][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 159.583701][ T12] ? __pfx_kthread+0x10/0x10
[ 159.585811][ T12] ret_from_fork_asm+0x1a/0x30
[ 159.587953][ T12]
[ 159.589640][ T12] Kernel Offset: disabled
[ 159.591589][ T12] Rebooting in 86400 seconds..