Warning: Permanently added '10.128.0.208' (ED25519) to the list of known hosts.
2024/07/30 07:15:01 ignoring optional flag "sandboxArg"="0"
2024/07/30 07:15:02 parsed 1 programs
[  100.694711][ T5570] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  103.256809][ T5580] chnl_net:caif_netlink_parms(): no params data found
[  103.311769][ T5580] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.318850][ T5580] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.326229][ T5580] bridge_slave_0: entered allmulticast mode
[  103.333089][ T5580] bridge_slave_0: entered promiscuous mode
[  103.340850][ T5580] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.348250][ T5580] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.356235][ T5580] bridge_slave_1: entered allmulticast mode
[  103.363786][ T5580] bridge_slave_1: entered promiscuous mode
[  103.388910][ T5580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.400025][ T5580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.427588][ T5580] team0: Port device team_slave_0 added
[  103.435445][ T5580] team0: Port device team_slave_1 added
[  103.457309][ T5580] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.465074][ T5580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.491154][ T5580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.503128][ T5580] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.510416][ T5580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.536503][ T5580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.572309][ T5580] hsr_slave_0: entered promiscuous mode
[  103.578676][ T5580] hsr_slave_1: entered promiscuous mode
[  104.193961][ T5580] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.206679][ T5580] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.218861][ T5580] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.229962][ T5580] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.327859][ T5580] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.356080][ T5580] 8021q: adding VLAN 0 to HW filter on device team0
[  104.369585][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.376807][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.393529][ T5133] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.400730][ T5133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.607480][ T5580] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.667932][ T5580] veth0_vlan: entered promiscuous mode
[  104.685378][ T5580] veth1_vlan: entered promiscuous mode
[  104.728775][ T5580] veth0_macvtap: entered promiscuous mode
[  104.743084][ T5580] veth1_macvtap: entered promiscuous mode
[  104.767282][ T5580] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.784893][ T5580] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.799688][ T5580] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.809257][ T5580] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.823093][ T5580] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.832687][ T5580] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.038979][ T1106] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.123279][ T1106] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.186007][ T1106] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.265086][ T1106] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.826631][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.837830][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.846428][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.856123][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.865713][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  106.874323][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.054605][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.067558][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.104651][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.113763][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/07/30 07:15:13 executed programs: 0
[  108.235523][ T4501] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.247232][ T4501] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  108.257149][ T4501] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  108.266043][ T4501] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  108.274883][ T4501] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  108.282358][ T4501] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.508387][ T5803] chnl_net:caif_netlink_parms(): no params data found
[  108.600071][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.608571][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.617562][ T5803] bridge_slave_0: entered allmulticast mode
[  108.625308][ T5803] bridge_slave_0: entered promiscuous mode
[  108.634706][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.643450][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.651326][ T5803] bridge_slave_1: entered allmulticast mode
[  108.659862][ T5803] bridge_slave_1: entered promiscuous mode
[  108.695445][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.708207][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.752721][ T5803] team0: Port device team_slave_0 added
[  108.767728][ T5803] team0: Port device team_slave_1 added
[  108.807711][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.814801][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.844101][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.858417][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.866019][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.892576][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.952623][ T5803] hsr_slave_0: entered promiscuous mode
[  108.959317][ T5803] hsr_slave_1: entered promiscuous mode
[  108.967763][ T5803] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  108.975833][ T5803] Cannot create hsr debugfs directory
[  109.646468][ T1106] bridge_slave_1: left allmulticast mode
[  109.653071][ T1106] bridge_slave_1: left promiscuous mode
[  109.658877][ T1106] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.675683][ T1106] bridge_slave_0: left allmulticast mode
[  109.681571][ T1106] bridge_slave_0: left promiscuous mode
[  109.687365][ T1106] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.969465][ T1106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.984631][ T1106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  109.995660][ T1106] bond0 (unregistering): Released all slaves
[  110.146891][ T1106] hsr_slave_0: left promiscuous mode
[  110.159091][ T1106] hsr_slave_1: left promiscuous mode
[  110.168154][ T1106] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.177172][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.186116][ T1106] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.194090][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_1
[  110.216376][ T1106] veth1_macvtap: left promiscuous mode
[  110.222164][ T1106] veth0_macvtap: left promiscuous mode
[  110.227821][ T1106] veth1_vlan: left promiscuous mode
[  110.234065][ T1106] veth0_vlan: left promiscuous mode
[  110.310818][ T4501] Bluetooth: hci0: command tx timeout
[  110.682540][ T1106] team0 (unregistering): Port device team_slave_1 removed
[  110.716678][ T1106] team0 (unregistering): Port device team_slave_0 removed
[  111.244813][ T5803] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  111.266833][ T5803] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  111.278365][ T5803] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.289039][ T5803] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  111.423208][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.464625][ T5803] 8021q: adding VLAN 0 to HW filter on device team0
[  111.991721][  T927] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.998898][  T927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.014471][ T4749] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.021768][ T4749] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.272558][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.363552][ T5803] veth0_vlan: entered promiscuous mode
[  112.390806][ T5803] veth1_vlan: entered promiscuous mode
[  112.396817][ T4501] Bluetooth: hci0: command tx timeout
[  112.445933][ T5803] veth0_macvtap: entered promiscuous mode
[  112.457254][ T5803] veth1_macvtap: entered promiscuous mode
[  112.482785][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.504488][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.518580][ T5803] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.530064][ T5803] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.541657][ T5803] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.551644][ T5803] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.648915][ T1283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.669386][ T1283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.739313][ T3837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.747314][ T3837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.905246][ T5981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  112.934086][  T927] wlan1: No basic rates, using min rate instead
[  112.953273][  T927] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  112.981465][  T927] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  113.101246][ T1283] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  113.231785][ T1283] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  113.363004][ T1106] wlan1: authentication with 08:02:11:00:00:00 timed out
[  113.371358][ T1106] ==================================================================
[  113.379580][ T1106] BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2040
[  113.387424][ T1106] Read of size 8 at addr ffff8880739e73e8 by task kworker/u8:6/1106
[  113.395422][ T1106] 
[  113.397763][ T1106] CPU: 0 UID: 0 PID: 1106 Comm: kworker/u8:6 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0
[  113.408384][ T1106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  113.418461][ T1106] Workqueue: events_unbound cfg80211_wiphy_work
[  113.424745][ T1106] Call Trace:
[  113.428055][ T1106]  <TASK>
[  113.430998][ T1106]  dump_stack_lvl+0x241/0x360
[  113.435707][ T1106]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.440938][ T1106]  ? __pfx__printk+0x10/0x10
[  113.445725][ T1106]  ? _printk+0xd5/0x120
[  113.449914][ T1106]  ? __virt_addr_valid+0x183/0x530
[  113.455040][ T1106]  ? __virt_addr_valid+0x183/0x530
[  113.460172][ T1106]  print_report+0x169/0x550
[  113.464699][ T1106]  ? __virt_addr_valid+0x183/0x530
[  113.469838][ T1106]  ? __virt_addr_valid+0x183/0x530
[  113.474969][ T1106]  ? __virt_addr_valid+0x45f/0x530
[  113.480097][ T1106]  ? __phys_addr+0xba/0x170
[  113.484619][ T1106]  ? __lock_acquire+0x77/0x2040
[  113.489497][ T1106]  kasan_report+0x143/0x180
[  113.494027][ T1106]  ? __lock_acquire+0x77/0x2040
[  113.498907][ T1106]  __lock_acquire+0x77/0x2040
[  113.503607][ T1106]  ? mark_lock+0x9a/0x350
[  113.507964][ T1106]  ? __lock_acquire+0x137a/0x2040
[  113.513009][ T1106]  lock_acquire+0x1ed/0x550
[  113.517532][ T1106]  ? lockref_get+0x15/0x60
[  113.521968][ T1106]  ? __pfx_lock_acquire+0x10/0x10
[  113.527022][ T1106]  ? simple_pin_fs+0x91/0x160
[  113.531722][ T1106]  ? do_raw_spin_lock+0x14f/0x370
[  113.536778][ T1106]  ? __pfx_lock_release+0x10/0x10
[  113.541829][ T1106]  _raw_spin_lock+0x2e/0x40
[  113.546353][ T1106]  ? lockref_get+0x15/0x60
[  113.550787][ T1106]  lockref_get+0x15/0x60
[  113.555044][ T1106]  simple_recursive_removal+0x35/0x8f0
[  113.560523][ T1106]  ? mntput+0x65/0xc0
[  113.564529][ T1106]  ? __pfx_remove_one+0x10/0x10
[  113.569408][ T1106]  debugfs_remove+0x49/0x70
[  113.573935][ T1106]  ieee80211_sta_debugfs_remove+0x40/0x60
[  113.579684][ T1106]  __sta_info_destroy_part2+0x35e/0x450
[  113.585262][ T1106]  sta_info_destroy_addr+0xf4/0x140
[  113.590482][ T1106]  ieee80211_destroy_auth_data+0x139/0x270
[  113.596304][ T1106]  ieee80211_sta_work+0x1256/0x3850
[  113.601505][ T1106]  ? mark_lock+0x9a/0x350
[  113.605830][ T1106]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  113.611363][ T1106]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  113.617683][ T1106]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  113.623567][ T1106]  ? lockdep_hardirqs_on+0x99/0x150
[  113.628755][ T1106]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  113.634638][ T1106]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  113.640955][ T1106]  ? skb_dequeue+0x113/0x150
[  113.645541][ T1106]  ? ieee80211_iface_work+0xc0d/0xf20
[  113.650906][ T1106]  ? ieee80211_iface_work+0xe29/0xf20
[  113.656263][ T1106]  ? rcu_is_watching+0x15/0xb0
[  113.661022][ T1106]  cfg80211_wiphy_work+0x2db/0x490
[  113.666122][ T1106]  ? process_scheduled_works+0x945/0x1830
[  113.671829][ T1106]  process_scheduled_works+0xa2c/0x1830
[  113.677373][ T1106]  ? __pfx_process_scheduled_works+0x10/0x10
[  113.683357][ T1106]  ? assign_work+0x364/0x3d0
[  113.687935][ T1106]  worker_thread+0x86d/0xd40
[  113.692518][ T1106]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  113.698396][ T1106]  ? __kthread_parkme+0x169/0x1d0
[  113.703414][ T1106]  ? __pfx_worker_thread+0x10/0x10
[  113.708513][ T1106]  kthread+0x2f0/0x390
[  113.712565][ T1106]  ? __pfx_worker_thread+0x10/0x10
[  113.717664][ T1106]  ? __pfx_kthread+0x10/0x10
[  113.722238][ T1106]  ret_from_fork+0x4b/0x80
[  113.726644][ T1106]  ? __pfx_kthread+0x10/0x10
[  113.731217][ T1106]  ret_from_fork_asm+0x1a/0x30
[  113.735977][ T1106]  </TASK>
[  113.738982][ T1106] 
[  113.741287][ T1106] Allocated by task 927:
[  113.745507][ T1106]  kasan_save_track+0x3f/0x80
[  113.750178][ T1106]  __kasan_slab_alloc+0x66/0x80
[  113.755023][ T1106]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[  113.760813][ T1106]  __d_alloc+0x31/0x700
[  113.764953][ T1106]  d_alloc_parallel+0xdf/0x1600
[  113.769787][ T1106]  __lookup_slow+0x117/0x3f0
[  113.774365][ T1106]  lookup_one_len+0x18b/0x2d0
[  113.779026][ T1106]  start_creating+0x187/0x310
[  113.783694][ T1106]  debugfs_create_dir+0x25/0x430
[  113.788621][ T1106]  ieee80211_sta_debugfs_add+0x132/0x820
[  113.794255][ T1106]  sta_info_insert_rcu+0xecf/0x1900
[  113.799439][ T1106]  sta_info_insert+0x16/0xc0
[  113.804016][ T1106]  ieee80211_prep_connection+0xecd/0x12d0
[  113.809735][ T1106]  ieee80211_mgd_auth+0xd42/0x14c0
[  113.814834][ T1106]  cfg80211_mlme_auth+0x59f/0x980
[  113.819847][ T1106]  cfg80211_conn_do_work+0x5ed/0xe60
[  113.825120][ T1106]  cfg80211_conn_work+0x27c/0x4d0
[  113.830225][ T1106]  process_scheduled_works+0xa2c/0x1830
[  113.835768][ T1106]  worker_thread+0x86d/0xd40
[  113.840350][ T1106]  kthread+0x2f0/0x390
[  113.844404][ T1106]  ret_from_fork+0x4b/0x80
[  113.848811][ T1106]  ret_from_fork_asm+0x1a/0x30
[  113.853576][ T1106] 
[  113.855896][ T1106] Freed by task 24:
[  113.859684][ T1106]  kasan_save_track+0x3f/0x80
[  113.864385][ T1106]  kasan_save_free_info+0x40/0x50
[  113.869395][ T1106]  poison_slab_object+0xe0/0x150
[  113.874323][ T1106]  __kasan_slab_free+0x37/0x60
[  113.879075][ T1106]  kmem_cache_free+0x145/0x350
[  113.883829][ T1106]  rcu_core+0xafd/0x1830
[  113.888066][ T1106]  handle_softirqs+0x2c4/0x970
[  113.892818][ T1106]  run_ksoftirqd+0xca/0x130
[  113.897320][ T1106]  smpboot_thread_fn+0x544/0xa30
[  113.902334][ T1106]  kthread+0x2f0/0x390
[  113.906387][ T1106]  ret_from_fork+0x4b/0x80
[  113.910801][ T1106]  ret_from_fork_asm+0x1a/0x30
[  113.915646][ T1106] 
[  113.917963][ T1106] Last potentially related work creation:
[  113.923745][ T1106]  kasan_save_stack+0x3f/0x60
[  113.928494][ T1106]  __kasan_record_aux_stack+0xac/0xc0
[  113.933851][ T1106]  call_rcu+0x167/0xa70
[  113.937994][ T1106]  __dentry_kill+0x497/0x630
[  113.942569][ T1106]  dput+0x19f/0x2b0
[  113.946387][ T1106]  simple_recursive_removal+0x2bd/0x8f0
[  113.951919][ T1106]  debugfs_remove+0x49/0x70
[  113.956408][ T1106]  ieee80211_debugfs_recreate_netdev+0xc4/0x1400
[  113.962730][ T1106]  drv_remove_interface+0x1e1/0x590
[  113.967915][ T1106]  ieee80211_change_mac+0xaf5/0x11e0
[  113.973195][ T1106]  dev_set_mac_address+0x327/0x510
[  113.978384][ T1106]  dev_set_mac_address_user+0x31/0x50
[  113.983744][ T1106]  dev_ifsioc+0xbd9/0xe70
[  113.988057][ T1106]  dev_ioctl+0x719/0x1340
[  113.992380][ T1106]  sock_do_ioctl+0x240/0x460
[  113.996993][ T1106]  sock_ioctl+0x629/0x8e0
[  114.001311][ T1106]  __se_sys_ioctl+0xfc/0x170
[  114.005894][ T1106]  do_syscall_64+0xf3/0x230
[  114.010388][ T1106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.016270][ T1106] 
[  114.018579][ T1106] The buggy address belongs to the object at ffff8880739e7318
[  114.018579][ T1106]  which belongs to the cache dentry of size 312
[  114.032190][ T1106] The buggy address is located 208 bytes inside of
[  114.032190][ T1106]  freed 312-byte region [ffff8880739e7318, ffff8880739e7450)
[  114.045984][ T1106] 
[  114.048291][ T1106] The buggy address belongs to the physical page:
[  114.054691][ T1106] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x739e6
[  114.063450][ T1106] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  114.071933][ T1106] memcg:ffff888049532e01
[  114.076242][ T1106] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  114.083783][ T1106] page_type: 0xfdffffff(slab)
[  114.088457][ T1106] raw: 00fff00000000040 ffff888015ef48c0 ffffea0001ff6300 dead000000000004
[  114.097199][ T1106] raw: 0000000000000000 0000000000150015 00000001fdffffff ffff888049532e01
[  114.105863][ T1106] head: 00fff00000000040 ffff888015ef48c0 ffffea0001ff6300 dead000000000004
[  114.114640][ T1106] head: 0000000000000000 0000000000150015 00000001fdffffff ffff888049532e01
[  114.123308][ T1106] head: 00fff00000000001 ffffea0001ce7981 ffffffffffffffff 0000000000000000
[  114.131969][ T1106] head: 0000000700000002 0000000000000000 00000000ffffffff 0000000000000000
[  114.140617][ T1106] page dumped because: kasan: bad access detected
[  114.147025][ T1106] page_owner tracks the page as allocated
[  114.152761][ T1106] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 1106, tgid 1106 (kworker/u8:6), ts 77901600927, free_ts 62679524448
[  114.177237][ T1106]  post_alloc_hook+0x1f3/0x230
[  114.182002][ T1106]  get_page_from_freelist+0x2e4c/0x2f10
[  114.187534][ T1106]  __alloc_pages_noprof+0x256/0x6c0
[  114.192720][ T1106]  alloc_slab_page+0x5f/0x120
[  114.197403][ T1106]  allocate_slab+0x5a/0x2f0
[  114.201946][ T1106]  ___slab_alloc+0xcd1/0x14b0
[  114.206622][ T1106]  __slab_alloc+0x58/0xa0
[  114.210940][ T1106]  kmem_cache_alloc_lru_noprof+0x1c5/0x2b0
[  114.216771][ T1106]  __d_alloc+0x31/0x700
[  114.220928][ T1106]  d_alloc_parallel+0xdf/0x1600
[  114.225773][ T1106]  __lookup_slow+0x117/0x3f0
[  114.230366][ T1106]  lookup_one_len+0x18b/0x2d0
[  114.235050][ T1106]  start_creating+0x187/0x310
[  114.239728][ T1106]  __debugfs_create_file+0x73/0x4b0
[  114.244931][ T1106]  ieee80211_debugfs_recreate_netdev+0x2ab/0x1400
[  114.251687][ T1106]  drv_remove_interface+0x1e1/0x590
[  114.256875][ T1106] page last free pid 5102 tgid 5102 stack trace:
[  114.263271][ T1106]  free_unref_folios+0x103a/0x1b00
[  114.268375][ T1106]  folios_put_refs+0x76e/0x860
[  114.273126][ T1106]  free_pages_and_swap_cache+0x2ea/0x690
[  114.278752][ T1106]  tlb_flush_mmu+0x3a3/0x680
[  114.283328][ T1106]  tlb_finish_mmu+0xd4/0x200
[  114.287903][ T1106]  unmap_region+0x2df/0x350
[  114.292391][ T1106]  do_vmi_align_munmap+0x1122/0x18c0
[  114.297661][ T1106]  do_vmi_munmap+0x261/0x2f0
[  114.302233][ T1106]  __vm_munmap+0x1fc/0x400
[  114.306645][ T1106]  __x64_sys_munmap+0x68/0x80
[  114.311308][ T1106]  do_syscall_64+0xf3/0x230
[  114.315800][ T1106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.321692][ T1106] 
[  114.324002][ T1106] Memory state around the buggy address:
[  114.329642][ T1106]  ffff8880739e7280: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[  114.337689][ T1106]  ffff8880739e7300: fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb
[  114.345737][ T1106] >ffff8880739e7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.353870][ T1106]                                                           ^
[  114.361399][ T1106]  ffff8880739e7400: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[  114.369470][ T1106]  ffff8880739e7480: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.377710][ T1106] ==================================================================
[  114.385765][ T1106] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  114.392953][ T1106] CPU: 0 UID: 0 PID: 1106 Comm: kworker/u8:6 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0
[  114.403451][ T1106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  114.413494][ T1106] Workqueue: events_unbound cfg80211_wiphy_work
[  114.419743][ T1106] Call Trace:
[  114.423013][ T1106]  <TASK>
[  114.425935][ T1106]  dump_stack_lvl+0x241/0x360
[  114.430699][ T1106]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.436407][ T1106]  ? __pfx__printk+0x10/0x10
[  114.440991][ T1106]  ? rcu_is_watching+0x15/0xb0
[  114.445764][ T1106]  ? lock_release+0xbf/0xa30
[  114.450358][ T1106]  ? vscnprintf+0x5d/0x90
[  114.454681][ T1106]  panic+0x349/0x860
[  114.458597][ T1106]  ? check_panic_on_warn+0x21/0xb0
[  114.463706][ T1106]  ? __pfx_panic+0x10/0x10
[  114.468109][ T1106]  ? do_raw_spin_unlock+0x13c/0x8b0
[  114.473472][ T1106]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  114.479350][ T1106]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  114.485665][ T1106]  ? print_report+0x502/0x550
[  114.490335][ T1106]  check_panic_on_warn+0x86/0xb0
[  114.495258][ T1106]  ? __lock_acquire+0x77/0x2040
[  114.500129][ T1106]  end_report+0x77/0x160
[  114.504364][ T1106]  kasan_report+0x154/0x180
[  114.508865][ T1106]  ? __lock_acquire+0x77/0x2040
[  114.513707][ T1106]  __lock_acquire+0x77/0x2040
[  114.518383][ T1106]  ? mark_lock+0x9a/0x350
[  114.522794][ T1106]  ? __lock_acquire+0x137a/0x2040
[  114.527810][ T1106]  lock_acquire+0x1ed/0x550
[  114.532303][ T1106]  ? lockref_get+0x15/0x60
[  114.536711][ T1106]  ? __pfx_lock_acquire+0x10/0x10
[  114.541729][ T1106]  ? simple_pin_fs+0x91/0x160
[  114.546572][ T1106]  ? do_raw_spin_lock+0x14f/0x370
[  114.551589][ T1106]  ? __pfx_lock_release+0x10/0x10
[  114.556699][ T1106]  _raw_spin_lock+0x2e/0x40
[  114.561199][ T1106]  ? lockref_get+0x15/0x60
[  114.565603][ T1106]  lockref_get+0x15/0x60
[  114.570012][ T1106]  simple_recursive_removal+0x35/0x8f0
[  114.575461][ T1106]  ? mntput+0x65/0xc0
[  114.579430][ T1106]  ? __pfx_remove_one+0x10/0x10
[  114.584264][ T1106]  debugfs_remove+0x49/0x70
[  114.588862][ T1106]  ieee80211_sta_debugfs_remove+0x40/0x60
[  114.594681][ T1106]  __sta_info_destroy_part2+0x35e/0x450
[  114.600227][ T1106]  sta_info_destroy_addr+0xf4/0x140
[  114.605417][ T1106]  ieee80211_destroy_auth_data+0x139/0x270
[  114.611299][ T1106]  ieee80211_sta_work+0x1256/0x3850
[  114.616489][ T1106]  ? mark_lock+0x9a/0x350
[  114.620812][ T1106]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  114.626347][ T1106]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.632667][ T1106]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  114.638554][ T1106]  ? lockdep_hardirqs_on+0x99/0x150
[  114.643738][ T1106]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  114.649614][ T1106]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  114.655936][ T1106]  ? skb_dequeue+0x113/0x150
[  114.660516][ T1106]  ? ieee80211_iface_work+0xc0d/0xf20
[  114.665876][ T1106]  ? ieee80211_iface_work+0xe29/0xf20
[  114.671236][ T1106]  ? rcu_is_watching+0x15/0xb0
[  114.675991][ T1106]  cfg80211_wiphy_work+0x2db/0x490
[  114.681180][ T1106]  ? process_scheduled_works+0x945/0x1830
[  114.686886][ T1106]  process_scheduled_works+0xa2c/0x1830
[  114.692444][ T1106]  ? __pfx_process_scheduled_works+0x10/0x10
[  114.698414][ T1106]  ? assign_work+0x364/0x3d0
[  114.702994][ T1106]  worker_thread+0x86d/0xd40
[  114.707578][ T1106]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  114.713457][ T1106]  ? __kthread_parkme+0x169/0x1d0
[  114.718471][ T1106]  ? __pfx_worker_thread+0x10/0x10
[  114.723568][ T1106]  kthread+0x2f0/0x390
[  114.727621][ T1106]  ? __pfx_worker_thread+0x10/0x10
[  114.732843][ T1106]  ? __pfx_kthread+0x10/0x10
[  114.737416][ T1106]  ret_from_fork+0x4b/0x80
[  114.741909][ T1106]  ? __pfx_kthread+0x10/0x10
[  114.746483][ T1106]  ret_from_fork_asm+0x1a/0x30
[  114.751243][ T1106]  </TASK>
[  114.754573][ T1106] Kernel Offset: disabled
[  114.758890][ T1106] Rebooting in 86400 seconds..