Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts.
[   36.956099][   T95] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   36.958471][   T95] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   36.969739][   T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   36.971870][   T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[   37.091911][ T6440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.107215][ T6441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.117961][ T6442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.159321][   T27] wlan1: No basic rates, using min rate instead
[   37.159515][ T6443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   37.161891][   T27] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   37.166067][   T27] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
executing program
[   37.181022][ T6444] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.191970][ T6445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.202763][ T6446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.213922][ T6447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.224386][ T6448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.235199][ T6449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.257166][ T6450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.267880][ T6451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.278342][   T44] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[   37.281015][ T6452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.289673][ T6453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.300863][ T6454] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.311218][ T6455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.322071][ T6456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.332905][ T6457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.344518][ T6458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.355354][ T6459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.366257][ T6460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.377011][ T6461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.387909][ T6462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   37.394354][   T44] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
executing program
[   37.399361][ T6463] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.411177][ T6464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.420504][ T6465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.431321][ T6466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.442232][ T6467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.453054][ T6468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.463787][ T6469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.475252][ T6470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.485704][ T6471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[   37.496290][ T6472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   37.499245][   T44] wlan1: authentication with 08:02:11:00:00:00 timed out
[   37.558421][   T44] ==================================================================
[   37.560495][   T44] BUG: KASAN: slab-use-after-free in __lock_acquire+0x10c/0x7904
[   37.562563][   T44] Read of size 8 at addr ffff0000db1b1560 by task kworker/u8:3/44
[   37.564663][   T44] 
[   37.565281][   T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u8:3 Not tainted 6.14.0-rc3-syzkaller-ga1c24ab82279 #0
[   37.565295][   T44] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   37.565303][   T44] Workqueue: events_unbound cfg80211_wiphy_work
[   37.565321][   T44] Call trace:
[   37.565325][   T44]  show_stack+0x2c/0x3c (C)
[   37.565356][   T44]  dump_stack_lvl+0xe4/0x150
[   37.565370][   T44]  print_report+0x198/0x538
[   37.565382][   T44]  kasan_report+0xd8/0x138
[   37.565393][   T44]  __asan_report_load8_noabort+0x20/0x2c
[   37.565407][   T44]  __lock_acquire+0x10c/0x7904
[   37.565418][   T44]  lock_acquire+0x23c/0x724
[   37.565429][   T44]  _raw_spin_lock+0x48/0x60
[   37.565440][   T44]  lockref_get+0x20/0x74
[   37.565454][   T44]  simple_recursive_removal+0x40/0x744
[   37.565467][   T44]  debugfs_remove+0x60/0x88
[   37.565481][   T44]  ieee80211_sta_debugfs_remove+0x44/0x6c
[   37.565495][   T44]  __sta_info_destroy_part2+0x31c/0x410
[   37.565508][   T44]  sta_info_destroy_addr+0x11c/0x150
[   37.565520][   T44]  ieee80211_destroy_auth_data+0x120/0x248
[   37.565531][   T44]  ieee80211_sta_work+0xe70/0x2e8c
[   37.565542][   T44]  ieee80211_iface_work+0xc38/0xcd4
[   37.565554][   T44]  cfg80211_wiphy_work+0x2cc/0x508
[   37.565566][   T44]  process_one_work+0x810/0x1638
[   37.565579][   T44]  worker_thread+0x97c/0xeec
[   37.565590][   T44]  kthread+0x65c/0x7b0
[   37.565601][   T44]  ret_from_fork+0x10/0x20
[   37.565613][   T44] 
[   37.601796][   T44] Allocated by task 27:
[   37.602865][   T44]  kasan_save_track+0x40/0x78
[   37.604093][   T44]  kasan_save_alloc_info+0x40/0x50
[   37.605469][   T44]  __kasan_slab_alloc+0x74/0x8c
[   37.606773][   T44]  kmem_cache_alloc_lru_noprof+0x258/0x414
[   37.608326][   T44]  __d_alloc+0x44/0x68c
[   37.609383][   T44]  d_alloc_parallel+0xc4/0x11bc
[   37.610622][   T44]  __lookup_slow+0x108/0x37c
[   37.611883][   T44]  lookup_one_len+0x17c/0x2b0
[   37.613033][   T44]  start_creating+0x19c/0x2e0
[   37.614221][   T44]  debugfs_create_dir+0x30/0x3cc
[   37.615484][   T44]  ieee80211_sta_debugfs_add+0x118/0x6e4
[   37.616949][   T44]  sta_info_insert_rcu+0xf3c/0x181c
[   37.618270][   T44]  sta_info_insert+0x20/0xcc
[   37.619471][   T44]  ieee80211_prep_connection+0xd60/0x1110
[   37.620981][   T44]  ieee80211_mgd_auth+0xc74/0x1438
[   37.622367][   T44]  ieee80211_auth+0x28/0x38
[   37.623509][   T44]  cfg80211_mlme_auth+0x4a4/0x8e4
[   37.624771][   T44]  cfg80211_conn_do_work+0x3c8/0xba8
[   37.626141][   T44]  cfg80211_conn_work+0x248/0x44c
[   37.627500][   T44]  process_one_work+0x810/0x1638
[   37.628928][   T44]  worker_thread+0x97c/0xeec
[   37.630053][   T44]  kthread+0x65c/0x7b0
[   37.631135][   T44]  ret_from_fork+0x10/0x20
[   37.632306][   T44] 
[   37.632903][   T44] Freed by task 24:
[   37.633898][   T44]  kasan_save_track+0x40/0x78
[   37.635094][   T44]  kasan_save_free_info+0x54/0x6c
[   37.636454][   T44]  __kasan_slab_free+0x64/0x8c
[   37.637670][   T44]  kmem_cache_free+0x198/0x554
[   37.638963][   T44]  __d_free+0x28/0x38
[   37.640001][   T44]  rcu_core+0x898/0x1b5c
[   37.641077][   T44]  rcu_core_si+0x10/0x1c
[   37.642208][   T44]  handle_softirqs+0x320/0xd34
[   37.643459][   T44]  run_ksoftirqd+0x70/0xc0
[   37.644606][   T44]  smpboot_thread_fn+0x4b0/0x90c
[   37.645926][   T44]  kthread+0x65c/0x7b0
[   37.647083][   T44]  ret_from_fork+0x10/0x20
[   37.648200][   T44] 
[   37.648795][   T44] Last potentially related work creation:
[   37.650351][   T44]  kasan_save_stack+0x40/0x6c
[   37.651626][   T44]  kasan_record_aux_stack+0xb4/0xcc
[   37.652995][   T44]  call_rcu+0x104/0xb9c
[   37.654030][   T44]  dentry_free+0xa8/0x174
[   37.655181][   T44]  __dentry_kill+0x44c/0x5e8
[   37.656426][   T44]  dput+0x1b8/0x290
[   37.657468][   T44]  simple_recursive_removal+0x254/0x744
[   37.658922][   T44]  debugfs_remove+0x60/0x88
[   37.660131][   T44]  ieee80211_debugfs_recreate_netdev+0xbc/0x1360
[   37.661823][   T44]  drv_remove_interface+0x1b0/0x5c0
[   37.663133][   T44]  ieee80211_change_mac+0x90c/0xf74
[   37.664440][   T44]  dev_set_mac_address+0x1f4/0x430
[   37.665736][   T44]  dev_set_mac_address_user+0x44/0x68
[   37.667184][   T44]  dev_ifsioc+0x764/0x9a0
[   37.668268][   T44]  dev_ioctl+0x4d8/0xd34
[   37.669402][   T44]  sock_do_ioctl+0x1d4/0x2d0
[   37.670612][   T44]  sock_ioctl+0x4ec/0x838
[   37.671731][   T44]  __arm64_sys_ioctl+0x14c/0x1cc
[   37.673022][   T44]  invoke_syscall+0x98/0x2b8
[   37.674303][   T44]  el0_svc_common+0x130/0x23c
[   37.675502][   T44]  do_el0_svc+0x48/0x58
[   37.676574][   T44]  el0_svc+0x54/0x168
[   37.677589][   T44]  el0t_64_sync_handler+0x84/0x108
[   37.678973][   T44]  el0t_64_sync+0x198/0x19c
[   37.680103][   T44] 
[   37.680680][   T44] The buggy address belongs to the object at ffff0000db1b1490
[   37.680680][   T44]  which belongs to the cache dentry of size 312
[   37.684171][   T44] The buggy address is located 208 bytes inside of
[   37.684171][   T44]  freed 312-byte region [ffff0000db1b1490, ffff0000db1b15c8)
[   37.687799][   T44] 
[   37.688381][   T44] The buggy address belongs to the physical page:
[   37.689949][   T44] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b1b0
[   37.692230][   T44] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   37.694425][   T44] ksm flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
[   37.696551][   T44] page_type: f5(slab)
[   37.697531][   T44] raw: 05ffc00000000040 ffff0000c18a8a00 fffffdffc32f6080 dead000000000003
[   37.699721][   T44] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[   37.701922][   T44] head: 05ffc00000000040 ffff0000c18a8a00 fffffdffc32f6080 dead000000000003
[   37.704109][   T44] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[   37.706366][   T44] head: 05ffc00000000001 fffffdffc36c6c01 ffffffffffffffff 0000000000000000
[   37.708574][   T44] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   37.710858][   T44] page dumped because: kasan: bad access detected
[   37.712529][   T44] 
[   37.713148][   T44] Memory state around the buggy address:
[   37.714681][   T44]  ffff0000db1b1400: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   37.716894][   T44]  ffff0000db1b1480: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.718928][   T44] >ffff0000db1b1500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.721031][   T44]                                                        ^
[   37.722869][   T44]  ffff0000db1b1580: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[   37.724944][   T44]  ffff0000db1b1600: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.726993][   T44] ==================================================================
[   37.729284][   T44] Disabling lock debugging due to kernel taint
[   37.731205][   T44] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d8
[   37.733681][   T44] Mem abort info:
[   37.734602][   T44]   ESR = 0x0000000096000004
[   37.735787][   T44]   EC = 0x25: DABT (current EL), IL = 32 bits
[   37.737405][   T44]   SET = 0, FnV = 0
[   37.738462][   T44]   EA = 0, S1PTW = 0
[   37.739472][   T44]   FSC = 0x04: level 0 translation fault
[   37.740920][   T44] Data abort info:
[   37.741780][   T44]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[   37.743555][   T44]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[   37.745125][   T44]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[   37.746728][   T44] user pgtable: 4k pages, 48-bit VAs, pgdp=000000011c14f000
[   37.748734][   T44] [00000000000000d8] pgd=0000000000000000, p4d=0000000000000000
[   37.750682][   T44] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[   37.752506][   T44] Modules linked in:
[   37.753478][   T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u8:3 Tainted: G    B              6.14.0-rc3-syzkaller-ga1c24ab82279 #0
[   37.756586][   T44] Tainted: [B]=BAD_PAGE
[   37.757653][   T44] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   37.760311][   T44] Workqueue: events_unbound cfg80211_wiphy_work
[   37.761961][   T44] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   37.764136][   T44] pc : rwsem_write_trylock+0xc8/0x420
[   37.765553][   T44] lr : rwsem_write_trylock+0xa8/0x420
[   37.766913][   T44] sp : ffff8000993b73a0
[   37.768024][   T44] x29: ffff8000993b7410 x28: dfff800000000000 x27: ffff0000c2f5d720
[   37.770250][   T44] x26: 1fffe0001b86d02f x25: dfff800000000000 x24: 0000000000000000
[   37.772262][   T44] x23: 0000000000000000 x22: 1ffff00013276e78 x21: dfff800000000000
[   37.774339][   T44] x20: ffff8000993b73e0 x19: 00000000000000d8 x18: 1fffe000366f1886
[   37.776370][   T44] x17: ffff80008fbbd000 x16: ffff8000804634c8 x15: 0000000000000001
[   37.778619][   T44] x14: 1ffff00013276e7c x13: 0000000000000000 x12: 0000000000000000
[   37.780743][   T44] x11: ffff700013276e7d x10: 1ffff00013276e7c x9 : dfff800000000000
[   37.782979][   T44] x8 : 0000000000000001 x7 : 1fffe000366f1887 x6 : ffff800080dafbec
[   37.785098][   T44] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080463570
[   37.787305][   T44] x2 : 0000000000000001 x1 : 0000000000000008 x0 : 0000000000000001
[   37.789454][   T44] Call trace:
[   37.790340][   T44]  rwsem_write_trylock+0xc8/0x420 (P)
[   37.791741][   T44]  down_write+0x60/0xc0
[   37.792888][   T44]  simple_recursive_removal+0x90/0x744
[   37.794453][   T44]  debugfs_remove+0x60/0x88
[   37.795629][   T44]  ieee80211_sta_debugfs_remove+0x44/0x6c
[   37.797176][   T44]  __sta_info_destroy_part2+0x31c/0x410
[   37.798760][   T44]  sta_info_destroy_addr+0x11c/0x150
[   37.800217][   T44]  ieee80211_destroy_auth_data+0x120/0x248
[   37.801894][   T44]  ieee80211_sta_work+0xe70/0x2e8c
[   37.803223][   T44]  ieee80211_iface_work+0xc38/0xcd4
[   37.804566][   T44]  cfg80211_wiphy_work+0x2cc/0x508
[   37.805984][   T44]  process_one_work+0x810/0x1638
[   37.807355][   T44]  worker_thread+0x97c/0xeec
[   37.808711][   T44]  kthread+0x65c/0x7b0
[   37.809860][   T44]  ret_from_fork+0x10/0x20
[   37.810985][   T44] Code: f94023f7 d503201f aa1703f8 52800028 (c8f87e68) 
[   37.812747][   T44] ---[ end trace 0000000000000000 ]---
[   38.204504][   T44] Kernel panic - not syncing: Oops: Fatal exception
[   38.206616][   T44] SMP: stopping secondary CPUs
[   38.207966][   T44] Kernel Offset: disabled
[   38.209086][   T44] CPU features: 0x200,00002070,00800250,82017203
[   38.210786][   T44] Memory Limit: none
[   38.560477][   T44] Rebooting in 86400 seconds..