Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts.
2025/08/02 10:41:56 ignoring optional flag "sandboxArg"="0"
2025/08/02 10:41:56 ignoring optional flag "type"="gce"
2025/08/02 10:41:56 parsed 1 programs
[ 132.969513][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.977085][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 137.538490][ T6330] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 140.930458][ T3454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 140.944720][ T3454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 140.975203][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 140.983891][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 142.325323][ T6378] chnl_net:caif_netlink_parms(): no params data found
[ 142.425901][ T6378] bridge0: port 1(bridge_slave_0) entered blocking state
[ 142.433459][ T6378] bridge0: port 1(bridge_slave_0) entered disabled state
[ 142.440853][ T6378] bridge_slave_0: entered allmulticast mode
[ 142.449711][ T6378] bridge_slave_0: entered promiscuous mode
[ 142.459718][ T6378] bridge0: port 2(bridge_slave_1) entered blocking state
[ 142.467053][ T6378] bridge0: port 2(bridge_slave_1) entered disabled state
[ 142.474337][ T6378] bridge_slave_1: entered allmulticast mode
[ 142.481907][ T6378] bridge_slave_1: entered promiscuous mode
[ 142.517770][ T6378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 142.531288][ T6378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 142.565482][ T6378] team0: Port device team_slave_0 added
[ 142.574812][ T6378] team0: Port device team_slave_1 added
[ 142.605961][ T6378] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 142.613021][ T6378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 142.639213][ T6378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 142.651462][ T6378] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 142.659475][ T6378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 142.685534][ T6378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 142.733360][ T6378] hsr_slave_0: entered promiscuous mode
[ 142.739810][ T6378] hsr_slave_1: entered promiscuous mode
[ 143.339456][ T6378] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 143.351583][ T6378] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 143.369004][ T6378] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 143.383828][ T6378] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 143.494640][ T6378] 8021q: adding VLAN 0 to HW filter on device bond0
[ 143.523778][ T6378] 8021q: adding VLAN 0 to HW filter on device team0
[ 143.541634][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[ 143.548877][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 143.569202][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 143.576954][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 143.874089][ T6378] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 143.943267][ T6378] veth0_vlan: entered promiscuous mode
[ 143.962418][ T6378] veth1_vlan: entered promiscuous mode
[ 144.002203][ T6378] veth0_macvtap: entered promiscuous mode
[ 144.014277][ T6378] veth1_macvtap: entered promiscuous mode
[ 144.043193][ T6378] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 144.059844][ T6378] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 144.075592][ T1088] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.088087][ T1088] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.105765][ T1088] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.123198][ T1088] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.285082][ T1088] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.377274][ T1088] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.469903][ T1088] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.581911][ T1088] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 144.601153][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 144.616304][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 144.624550][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 144.633716][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 144.641778][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/08/02 10:42:10 executed programs: 0
[ 145.938724][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 145.948811][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 145.957979][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 145.967549][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 145.975368][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 146.294306][ T1088] bridge_slave_1: left allmulticast mode
[ 146.300163][ T1088] bridge_slave_1: left promiscuous mode
[ 146.307031][ T1088] bridge0: port 2(bridge_slave_1) entered disabled state
[ 146.322000][ T1088] bridge_slave_0: left allmulticast mode
[ 146.329053][ T1088] bridge_slave_0: left promiscuous mode
[ 146.335065][ T1088] bridge0: port 1(bridge_slave_0) entered disabled state
[ 146.679436][ T1088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 146.692813][ T1088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 146.703842][ T1088] bond0 (unregistering): Released all slaves
[ 146.730088][ T6486] chnl_net:caif_netlink_parms(): no params data found
[ 146.840423][ T1088] hsr_slave_0: left promiscuous mode
[ 146.849048][ T1088] hsr_slave_1: left promiscuous mode
[ 146.855239][ T1088] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 146.863768][ T1088] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 146.874761][ T1088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 146.882323][ T1088] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 146.904472][ T1088] veth1_macvtap: left promiscuous mode
[ 146.913119][ T1088] veth0_macvtap: left promiscuous mode
[ 146.919254][ T1088] veth1_vlan: left promiscuous mode
[ 146.924621][ T1088] veth0_vlan: left promiscuous mode
[ 147.420014][ T1088] team0 (unregistering): Port device team_slave_1 removed
[ 147.461336][ T1088] team0 (unregistering): Port device team_slave_0 removed
[ 147.874924][ T6486] bridge0: port 1(bridge_slave_0) entered blocking state
[ 147.882402][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state
[ 147.889770][ T6486] bridge_slave_0: entered allmulticast mode
[ 147.897722][ T6486] bridge_slave_0: entered promiscuous mode
[ 147.906989][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state
[ 147.914265][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state
[ 147.931455][ T6486] bridge_slave_1: entered allmulticast mode
[ 147.943946][ T6486] bridge_slave_1: entered promiscuous mode
[ 147.999124][ T6486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 148.008973][ T51] Bluetooth: hci0: command tx timeout
[ 148.022827][ T6486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 148.087980][ T6486] team0: Port device team_slave_0 added
[ 148.101036][ T6486] team0: Port device team_slave_1 added
[ 148.159340][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 148.167435][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 148.201618][ T6486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 148.223467][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 148.230654][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 148.258166][ T6486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 148.637686][ T6486] hsr_slave_0: entered promiscuous mode
[ 148.644433][ T6486] hsr_slave_1: entered promiscuous mode
[ 149.474993][ T6486] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 149.518748][ T6486] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 149.593063][ T6486] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 149.616393][ T6486] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 149.731473][ T6486] 8021q: adding VLAN 0 to HW filter on device bond0
[ 149.759406][ T6486] 8021q: adding VLAN 0 to HW filter on device team0
[ 149.774950][ T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 149.782302][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 149.811077][ T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 149.818323][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 150.098640][ T51] Bluetooth: hci0: command tx timeout
[ 150.126549][ T6486] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 150.175960][ T6486] veth0_vlan: entered promiscuous mode
[ 150.193367][ T6486] veth1_vlan: entered promiscuous mode
[ 150.238026][ T6486] veth0_macvtap: entered promiscuous mode
[ 150.249058][ T6486] veth1_macvtap: entered promiscuous mode
[ 150.272073][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 150.290017][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 150.310443][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.320272][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.330339][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.340507][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 150.425115][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 150.438434][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 150.485917][ T3454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 150.498074][ T3454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 150.583539][ T6596] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 150.619463][ T24] wlan1: No basic rates, using min rate instead
[ 150.631219][ T24] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 150.640727][ T24] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 150.757065][ T3454] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 150.870759][ T3454] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 150.996878][ T3454] wlan1: authentication with 08:02:11:00:00:00 timed out
2025/08/02 10:42:15 executed programs: 3
[ 151.141653][ T6616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 151.179770][ T5832] wlan1: No basic rates, using min rate instead
[ 151.189062][ T5832] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 151.198859][ T5832] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 151.307839][ T3454] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 151.424963][ T3454] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 151.536284][ T1143] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 151.689414][ T6636] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 151.736768][ T24] wlan1: No basic rates, using min rate instead
[ 151.744593][ T24] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 151.755983][ T24] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 151.866336][ T3454] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 151.976238][ T49] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 152.089150][ T49] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 152.166426][ T51] Bluetooth: hci0: command tx timeout
[ 152.238486][ T6655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.269055][ T24] wlan1: No basic rates, using min rate instead
[ 152.279839][ T24] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 152.290383][ T24] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 152.412363][ T1143] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 152.536915][ T49] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 152.647025][ T49] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 152.779355][ T6674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 152.819724][ T10] wlan1: No basic rates, using min rate instead
[ 152.832210][ T10] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 152.841595][ T10] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 152.962580][ T1143] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 153.076246][ T3454] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 153.186127][ T3454] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 153.343521][ T6695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 153.367641][ T10] wlan1: No basic rates, using min rate instead
[ 153.375220][ T10] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 153.389507][ T10] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 153.516267][ T49] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 153.626176][ T3454] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 153.746170][ T49] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 153.753817][ T49] ==================================================================
[ 153.761922][ T49] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[ 153.769439][ T49] Read of size 1 at addr ffff888071f20538 by task kworker/u8:3/49
[ 153.777284][ T49]
[ 153.779671][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller-gd9104cec3e8f #0 PREEMPT(full)
[ 153.779699][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 153.779713][ T49] Workqueue: events_unbound cfg80211_wiphy_work
[ 153.779759][ T49] Call Trace:
[ 153.779769][ T49]
[ 153.779781][ T49] dump_stack_lvl+0x189/0x250
[ 153.779804][ T49] ? __virt_addr_valid+0x1c8/0x5c0
[ 153.779828][ T49] ? rcu_is_watching+0x15/0xb0
[ 153.779861][ T49] ? __pfx_dump_stack_lvl+0x10/0x10
[ 153.779882][ T49] ? rcu_is_watching+0x15/0xb0
[ 153.779913][ T49] ? lock_release+0x4b/0x3e0
[ 153.779941][ T49] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 153.779970][ T49] ? __virt_addr_valid+0x1c8/0x5c0
[ 153.779993][ T49] ? __virt_addr_valid+0x4a5/0x5c0
[ 153.780018][ T49] print_report+0xca/0x240
[ 153.780048][ T49] ? _raw_spin_lock+0x2e/0x40
[ 153.780071][ T49] kasan_report+0x118/0x150
[ 153.780104][ T49] ? _raw_spin_lock+0x2e/0x40
[ 153.780130][ T49] ? lockref_get+0x15/0x60
[ 153.780154][ T49] __kasan_check_byte+0x2a/0x40
[ 153.780191][ T49] lock_acquire+0x8d/0x360
[ 153.780218][ T49] ? do_raw_spin_lock+0x121/0x290
[ 153.780244][ T49] _raw_spin_lock+0x2e/0x40
[ 153.780268][ T49] ? lockref_get+0x15/0x60
[ 153.780292][ T49] lockref_get+0x15/0x60
[ 153.780317][ T49] __simple_recursive_removal+0x33/0x510
[ 153.780358][ T49] ? mntput+0x65/0xc0
[ 153.780384][ T49] ? __pfx_remove_one+0x10/0x10
[ 153.780413][ T49] debugfs_remove+0x5b/0x70
[ 153.780440][ T49] ieee80211_sta_debugfs_remove+0x40/0x70
[ 153.780470][ T49] __sta_info_destroy_part2+0x352/0x450
[ 153.780504][ T49] sta_info_destroy_addr+0xf5/0x140
[ 153.780536][ T49] ieee80211_destroy_auth_data+0x12d/0x260
[ 153.780561][ T49] ieee80211_sta_work+0x11cf/0x3600
[ 153.780587][ T49] ? __lock_acquire+0xab9/0xd20
[ 153.780621][ T49] ? __lock_acquire+0xab9/0xd20
[ 153.780651][ T49] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 153.780673][ T49] ? do_raw_spin_lock+0x121/0x290
[ 153.780701][ T49] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 153.780729][ T49] ? lockdep_hardirqs_on+0x9c/0x150
[ 153.780759][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 153.780786][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 153.780814][ T49] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 153.780841][ T49] ? skb_dequeue+0x10e/0x150
[ 153.780867][ T49] ? ieee80211_iface_work+0xfc4/0x12d0
[ 153.780897][ T49] ? ieee80211_iface_work+0x11d6/0x12d0
[ 153.780926][ T49] ? rcu_is_watching+0x15/0xb0
[ 153.780961][ T49] cfg80211_wiphy_work+0x2df/0x460
[ 153.780992][ T49] ? process_scheduled_works+0x9ef/0x17b0
[ 153.781024][ T49] process_scheduled_works+0xae1/0x17b0
[ 153.781071][ T49] ? __pfx_process_scheduled_works+0x10/0x10
[ 153.781112][ T49] worker_thread+0x8a0/0xda0
[ 153.781159][ T49] kthread+0x70e/0x8a0
[ 153.781184][ T49] ? __pfx_worker_thread+0x10/0x10
[ 153.781216][ T49] ? __pfx_kthread+0x10/0x10
[ 153.781241][ T49] ? _raw_spin_unlock_irq+0x23/0x50
[ 153.781267][ T49] ? lockdep_hardirqs_on+0x9c/0x150
[ 153.781295][ T49] ? __pfx_kthread+0x10/0x10
[ 153.781319][ T49] ret_from_fork+0x3fc/0x770
[ 153.781362][ T49] ? __pfx_ret_from_fork+0x10/0x10
[ 153.781398][ T49] ? __switch_to_asm+0x39/0x70
[ 153.781422][ T49] ? __switch_to_asm+0x33/0x70
[ 153.781445][ T49] ? __pfx_kthread+0x10/0x10
[ 153.781468][ T49] ret_from_fork_asm+0x1a/0x30
[ 153.781501][ T49]
[ 153.781509][ T49]
[ 154.116074][ T49] Allocated by task 10:
[ 154.120233][ T49] kasan_save_track+0x3e/0x80
[ 154.125053][ T49] __kasan_slab_alloc+0x6c/0x80
[ 154.129939][ T49] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 154.135791][ T49] __d_alloc+0x36/0x7a0
[ 154.139976][ T49] d_alloc_parallel+0xe5/0x15e0
[ 154.144937][ T49] __lookup_slow+0x116/0x3d0
[ 154.149543][ T49] simple_start_creating+0xfd/0x1e0
[ 154.154783][ T49] start_creating+0x10f/0x180
[ 154.159512][ T49] debugfs_create_dir+0x28/0x420
[ 154.164564][ T49] ieee80211_sta_debugfs_add+0x12c/0x850
[ 154.170210][ T49] sta_info_insert_rcu+0xfac/0x1940
[ 154.175426][ T49] sta_info_insert+0x16/0xc0
[ 154.180029][ T49] ieee80211_prep_connection+0xfce/0x13f0
[ 154.185769][ T49] ieee80211_mgd_auth+0xee3/0x1770
[ 154.190890][ T49] cfg80211_mlme_auth+0x62f/0x9c0
[ 154.195938][ T49] cfg80211_conn_do_work+0x501/0xd10
[ 154.201243][ T49] cfg80211_conn_work+0x2c0/0x440
[ 154.206293][ T49] process_scheduled_works+0xae1/0x17b0
[ 154.211882][ T49] worker_thread+0x8a0/0xda0
[ 154.216680][ T49] kthread+0x70e/0x8a0
[ 154.220765][ T49] ret_from_fork+0x3fc/0x770
[ 154.225477][ T49] ret_from_fork_asm+0x1a/0x30
[ 154.230262][ T49]
[ 154.232598][ T49] Freed by task 23:
[ 154.236406][ T49] kasan_save_track+0x3e/0x80
[ 154.241104][ T49] kasan_save_free_info+0x46/0x50
[ 154.246157][ T49] __kasan_slab_free+0x62/0x70
[ 154.250940][ T49] kmem_cache_free+0x18f/0x400
[ 154.255718][ T49] rcu_core+0xca8/0x1710
[ 154.259981][ T49] handle_softirqs+0x283/0x870
[ 154.264757][ T49] run_ksoftirqd+0x9b/0x100
[ 154.269263][ T49] smpboot_thread_fn+0x53f/0xa60
[ 154.274223][ T49] kthread+0x70e/0x8a0
[ 154.278299][ T49] ret_from_fork+0x3fc/0x770
[ 154.282999][ T49] ret_from_fork_asm+0x1a/0x30
[ 154.287884][ T49]
[ 154.290238][ T49] Last potentially related work creation:
[ 154.295954][ T49] kasan_save_stack+0x3e/0x60
[ 154.300648][ T49] kasan_record_aux_stack+0xbd/0xd0
[ 154.305862][ T49] call_rcu+0x157/0x9c0
[ 154.310059][ T49] __dentry_kill+0x4d2/0x660
[ 154.314662][ T49] dput+0x19f/0x2b0
[ 154.318489][ T49] find_next_child+0x1e5/0x250
[ 154.323265][ T49] __simple_recursive_removal+0x10b/0x510
[ 154.328992][ T49] debugfs_remove+0x5b/0x70
[ 154.333507][ T49] ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[ 154.339854][ T49] drv_remove_interface+0x1fa/0x590
[ 154.345065][ T49] ieee80211_change_mac+0x912/0x12c0
[ 154.350457][ T49] netif_set_mac_address+0x2fc/0x4c0
[ 154.355751][ T49] dev_set_mac_address_user+0x137/0x270
[ 154.361312][ T49] dev_ioctl+0x7b4/0x1150
[ 154.365655][ T49] sock_do_ioctl+0x22c/0x300
[ 154.370256][ T49] sock_ioctl+0x576/0x790
[ 154.374611][ T49] __se_sys_ioctl+0xf9/0x170
[ 154.379210][ T49] do_syscall_64+0xfa/0x3b0
[ 154.383727][ T49] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.389625][ T49]
[ 154.392119][ T49] The buggy address belongs to the object at ffff888071f20468
[ 154.392119][ T49] which belongs to the cache dentry of size 312
[ 154.405742][ T49] The buggy address is located 208 bytes inside of
[ 154.405742][ T49] freed 312-byte region [ffff888071f20468, ffff888071f205a0)
[ 154.419725][ T49]
[ 154.422059][ T49] The buggy address belongs to the physical page:
[ 154.428476][ T49] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71f20
[ 154.437272][ T49] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 154.445773][ T49] memcg:ffff8880734de801
[ 154.450015][ T49] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 154.458017][ T49] page_type: f5(slab)
[ 154.462004][ T49] raw: 00fff00000000040 ffff88801ba94780 0000000000000000 dead000000000001
[ 154.470596][ T49] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff8880734de801
[ 154.479185][ T49] head: 00fff00000000040 ffff88801ba94780 0000000000000000 dead000000000001
[ 154.487875][ T49] head: 0000000000000000 0000000000150015 00000000f5000000 ffff8880734de801
[ 154.496646][ T49] head: 00fff00000000001 ffffea0001c7c801 00000000ffffffff 00000000ffffffff
[ 154.505332][ T49] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 154.514117][ T49] page dumped because: kasan: bad access detected
[ 154.520554][ T49] page_owner tracks the page as allocated
[ 154.526272][ T49] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5942, tgid 5942 (syz-executor), ts 101530829983, free_ts 30889795261
[ 154.549475][ T49] post_alloc_hook+0x240/0x2a0
[ 154.554260][ T49] get_page_from_freelist+0x21e4/0x22c0
[ 154.559825][ T49] __alloc_frozen_pages_noprof+0x181/0x370
[ 154.565635][ T49] alloc_pages_mpol+0x232/0x4a0
[ 154.570512][ T49] allocate_slab+0x8a/0x3b0
[ 154.575039][ T49] ___slab_alloc+0xbfc/0x1480
[ 154.579728][ T49] kmem_cache_alloc_lru_noprof+0x288/0x3d0
[ 154.585557][ T49] __d_alloc+0x36/0x7a0
[ 154.589725][ T49] d_alloc_pseudo+0x21/0xc0
[ 154.594248][ T49] alloc_file_pseudo+0xcc/0x210
[ 154.599126][ T49] sock_alloc_file+0xb8/0x2e0
[ 154.603837][ T49] __sys_socket+0x13d/0x1b0
[ 154.608528][ T49] __x64_sys_socket+0x7a/0x90
[ 154.613220][ T49] do_syscall_64+0xfa/0x3b0
[ 154.617822][ T49] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.623722][ T49] page last free pid 1 tgid 1 stack trace:
[ 154.629524][ T49] __free_frozen_pages+0xc71/0xe70
[ 154.634638][ T49] free_contig_range+0x1bd/0x4a0
[ 154.639583][ T49] destroy_args+0x64/0x4a0
[ 154.644011][ T49] debug_vm_pgtable+0x3a7/0x3e0
[ 154.648872][ T49] do_one_initcall+0x233/0x820
[ 154.653641][ T49] do_initcall_level+0x104/0x190
[ 154.658578][ T49] do_initcalls+0x59/0xa0
[ 154.662922][ T49] kernel_init_freeable+0x334/0x4a0
[ 154.668139][ T49] kernel_init+0x1d/0x1d0
[ 154.672523][ T49] ret_from_fork+0x3fc/0x770
[ 154.677128][ T49] ret_from_fork_asm+0x1a/0x30
[ 154.681913][ T49]
[ 154.684239][ T49] Memory state around the buggy address:
[ 154.689867][ T49] ffff888071f20400: fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb
[ 154.697931][ T49] ffff888071f20480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 154.706004][ T49] >ffff888071f20500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 154.714072][ T49] ^
[ 154.719966][ T49] ffff888071f20580: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[ 154.728120][ T49] ffff888071f20600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 154.736189][ T49] ==================================================================
[ 154.745724][ T49] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 154.752955][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller-gd9104cec3e8f #0 PREEMPT(full)
[ 154.764093][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 154.774189][ T49] Workqueue: events_unbound cfg80211_wiphy_work
[ 154.780507][ T49] Call Trace:
[ 154.783797][ T49]
[ 154.786741][ T49] dump_stack_lvl+0x99/0x250
[ 154.791347][ T49] ? __asan_memcpy+0x40/0x70
[ 154.795952][ T49] ? __pfx_dump_stack_lvl+0x10/0x10
[ 154.801167][ T49] ? __pfx__printk+0x10/0x10
[ 154.805781][ T49] panic+0x2db/0x790
[ 154.809782][ T49] ? lockdep_hardirqs_on+0x9c/0x150
[ 154.815018][ T49] ? __pfx_panic+0x10/0x10
[ 154.819462][ T49] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 154.825392][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 154.831311][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 154.837669][ T49] ? _raw_spin_lock+0x2e/0x40
[ 154.842360][ T49] check_panic_on_warn+0x89/0xb0
[ 154.847309][ T49] ? _raw_spin_lock+0x2e/0x40
[ 154.852003][ T49] end_report+0x78/0x160
[ 154.856265][ T49] kasan_report+0x129/0x150
[ 154.860795][ T49] ? _raw_spin_lock+0x2e/0x40
[ 154.865494][ T49] ? lockref_get+0x15/0x60
[ 154.869921][ T49] __kasan_check_byte+0x2a/0x40
[ 154.874787][ T49] lock_acquire+0x8d/0x360
[ 154.879223][ T49] ? do_raw_spin_lock+0x121/0x290
[ 154.884268][ T49] _raw_spin_lock+0x2e/0x40
[ 154.888790][ T49] ? lockref_get+0x15/0x60
[ 154.893231][ T49] lockref_get+0x15/0x60
[ 154.897499][ T49] __simple_recursive_removal+0x33/0x510
[ 154.903158][ T49] ? mntput+0x65/0xc0
[ 154.907166][ T49] ? __pfx_remove_one+0x10/0x10
[ 154.912034][ T49] debugfs_remove+0x5b/0x70
[ 154.916552][ T49] ieee80211_sta_debugfs_remove+0x40/0x70
[ 154.922393][ T49] __sta_info_destroy_part2+0x352/0x450
[ 154.927960][ T49] sta_info_destroy_addr+0xf5/0x140
[ 154.933173][ T49] ieee80211_destroy_auth_data+0x12d/0x260
[ 154.938989][ T49] ieee80211_sta_work+0x11cf/0x3600
[ 154.944199][ T49] ? __lock_acquire+0xab9/0xd20
[ 154.949064][ T49] ? __lock_acquire+0xab9/0xd20
[ 154.953945][ T49] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 154.959499][ T49] ? do_raw_spin_lock+0x121/0x290
[ 154.964540][ T49] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 154.970442][ T49] ? lockdep_hardirqs_on+0x9c/0x150
[ 154.975651][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 154.981558][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 154.987984][ T49] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 154.993393][ T49] ? skb_dequeue+0x10e/0x150
[ 154.997994][ T49] ? ieee80211_iface_work+0xfc4/0x12d0
[ 155.003488][ T49] ? ieee80211_iface_work+0x11d6/0x12d0
[ 155.009047][ T49] ? rcu_is_watching+0x15/0xb0
[ 155.013832][ T49] cfg80211_wiphy_work+0x2df/0x460
[ 155.018960][ T49] ? process_scheduled_works+0x9ef/0x17b0
[ 155.024695][ T49] process_scheduled_works+0xae1/0x17b0
[ 155.030276][ T49] ? __pfx_process_scheduled_works+0x10/0x10
[ 155.036284][ T49] worker_thread+0x8a0/0xda0
[ 155.040899][ T49] kthread+0x70e/0x8a0
[ 155.044980][ T49] ? __pfx_worker_thread+0x10/0x10
[ 155.050105][ T49] ? __pfx_kthread+0x10/0x10
[ 155.054792][ T49] ? _raw_spin_unlock_irq+0x23/0x50
[ 155.060012][ T49] ? lockdep_hardirqs_on+0x9c/0x150
[ 155.065235][ T49] ? __pfx_kthread+0x10/0x10
[ 155.069852][ T49] ret_from_fork+0x3fc/0x770
[ 155.074485][ T49] ? __pfx_ret_from_fork+0x10/0x10
[ 155.079641][ T49] ? __switch_to_asm+0x39/0x70
[ 155.084513][ T49] ? __switch_to_asm+0x33/0x70
[ 155.089290][ T49] ? __pfx_kthread+0x10/0x10
[ 155.093894][ T49] ret_from_fork_asm+0x1a/0x30
[ 155.098699][ T49]
[ 155.102032][ T49] Kernel Offset: disabled
[ 155.106358][ T49] Rebooting in 86400 seconds..