[  462.642848][ T2858] wlan1: authentication with 08:02:11:00:00:00 timed out
[  462.781129][ T7255] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  462.816175][   T25] wlan1: No basic rates, using min rate instead
[  462.823772][   T25] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  462.832787][   T25] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  462.942983][   T35] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  463.053008][  T145] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  463.162914][ T2858] wlan1: authentication with 08:02:11:00:00:00 timed out
[  463.318286][ T7257] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  463.355035][ T1150] wlan1: No basic rates, using min rate instead
[  463.362185][ T1150] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  463.372249][ T1150] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  463.482873][ T2858] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  463.593045][ T2858] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  463.702838][  T145] wlan1: authentication with 08:02:11:00:00:00 timed out
[  463.853491][ T7259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  463.885468][ T7172] wlan1: No basic rates, using min rate instead
[  463.893085][ T7172] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  463.902225][ T7172] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  464.012917][   T35] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  464.123090][   T35] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  464.232936][   T35] wlan1: authentication with 08:02:11:00:00:00 timed out
[  464.389580][ T7261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.423843][ T1150] wlan1: No basic rates, using min rate instead
[  464.431552][ T1150] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  464.441223][ T1150] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  464.552917][   T35] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  464.663065][   T35] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  464.773050][ T2858] wlan1: authentication with 08:02:11:00:00:00 timed out
[  464.927180][ T7263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  464.963925][   T25] wlan1: No basic rates, using min rate instead
[  464.971153][   T25] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  464.980308][   T25] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  465.093008][ T2858] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  465.202968][ T2858] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  465.313093][   T35] wlan1: authentication with 08:02:11:00:00:00 timed out
[  465.465083][ T7265] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  465.503846][   T25] wlan1: No basic rates, using min rate instead
[  465.511833][   T25] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  465.523625][   T25] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  465.642950][   T35] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  465.755529][ T2858] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  465.862919][ T2858] wlan1: authentication with 08:02:11:00:00:00 timed out
[  465.945630][ T2858] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  465.995827][ T2858] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.084244][ T2858] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.177424][ T2858] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.310012][ T2858] bridge_slave_1: left allmulticast mode
[  466.318391][ T2858] bridge_slave_1: left promiscuous mode
[  466.324351][ T2858] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.333173][ T2858] bridge_slave_0: left allmulticast mode
[  466.338842][ T2858] bridge_slave_0: left promiscuous mode
[  466.345068][ T2858] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.586517][ T2858] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  466.598292][ T2858] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  466.609639][ T2858] bond0 (unregistering): Released all slaves
[  466.904252][ T2858] hsr_slave_0: left promiscuous mode
[  466.910802][ T2858] hsr_slave_1: left promiscuous mode
[  466.917614][ T2858] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  466.926516][ T2858] batman_adv: batadv0: Removing interface: batadv_slave_0
[  466.935152][ T2858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  466.942587][ T2858] batman_adv: batadv0: Removing interface: batadv_slave_1
[  466.964459][ T2858] veth1_macvtap: left promiscuous mode
[  466.970114][ T2858] veth0_macvtap: left promiscuous mode
[  466.975985][ T2858] veth1_vlan: left promiscuous mode
[  466.981416][ T2858] veth0_vlan: left promiscuous mode
[  467.235579][ T2858] team0 (unregistering): Port device team_slave_1 removed
[  467.264468][ T2858] team0 (unregistering): Port device team_slave_0 removed
Warning: Permanently added '10.128.1.77' (ED25519) to the list of known hosts.
[  468.156279][ T2858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  468.169750][ T2858] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[  468.201609][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  468.209657][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[  468.249074][ T7314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.277391][ T7316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.290445][ T5176] wlan1: No basic rates, using min rate instead
executing program
[  468.298514][ T5176] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  468.309064][ T5176] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
executing program
executing program
[  468.341856][ T7317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.380543][ T7319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[  468.408535][ T7321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.428616][ T2858] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
executing program
executing program
[  468.456214][ T7325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.482954][ T7326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[  468.519540][ T7329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.554690][ T2858] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
executing program
executing program
[  468.566984][ T7333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.599329][ T7335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[  468.630304][ T7337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.662089][ T7339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.672045][ T2858] wlan1: authentication with 08:02:11:00:00:00 timed out
[  468.681350][ T2858] ==================================================================
[  468.689550][ T2858] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x1fd0
[  468.697294][ T2858] Read of size 8 at addr ffff88807aa2ade8 by task kworker/u8:9/2858
[  468.705390][ T2858] 
[  468.707839][ T2858] CPU: 0 PID: 2858 Comm: kworker/u8:9 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a-dirty #0
[  468.718693][ T2858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  468.728752][ T2858] Workqueue: events_unbound cfg80211_wiphy_work
[  468.735019][ T2858] Call Trace:
[  468.738332][ T2858]  <TASK>
[  468.741301][ T2858]  dump_stack_lvl+0x241/0x360
[  468.745991][ T2858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  468.751190][ T2858]  ? __pfx__printk+0x10/0x10
[  468.755865][ T2858]  ? _printk+0xd5/0x120
[  468.760013][ T2858]  ? __virt_addr_valid+0x183/0x520
[  468.765128][ T2858]  ? __virt_addr_valid+0x183/0x520
[  468.770231][ T2858]  print_report+0x169/0x550
[  468.774727][ T2858]  ? __virt_addr_valid+0x183/0x520
[  468.779827][ T2858]  ? __virt_addr_valid+0x183/0x520
[  468.784927][ T2858]  ? __virt_addr_valid+0x44e/0x520
[  468.790022][ T2858]  ? __phys_addr+0xba/0x170
[  468.794510][ T2858]  ? __lock_acquire+0x78/0x1fd0
[  468.799350][ T2858]  kasan_report+0x143/0x180
[  468.803847][ T2858]  ? __lock_acquire+0x78/0x1fd0
[  468.808684][ T2858]  __lock_acquire+0x78/0x1fd0
[  468.813348][ T2858]  lock_acquire+0x1ed/0x550
[  468.817841][ T2858]  ? lockref_get+0x15/0x60
[  468.822239][ T2858]  ? __pfx_lock_acquire+0x10/0x10
[  468.827251][ T2858]  ? simple_pin_fs+0x91/0x160
[  468.831931][ T2858]  ? do_raw_spin_lock+0x14f/0x370
[  468.836941][ T2858]  ? __pfx_lock_release+0x10/0x10
[  468.842034][ T2858]  _raw_spin_lock+0x2e/0x40
[  468.846532][ T2858]  ? lockref_get+0x15/0x60
[  468.850936][ T2858]  lockref_get+0x15/0x60
[  468.855256][ T2858]  simple_recursive_removal+0x35/0x8e0
[  468.860716][ T2858]  ? mntput+0x65/0xc0
[  468.864684][ T2858]  ? __pfx_remove_one+0x10/0x10
[  468.869528][ T2858]  debugfs_remove+0x49/0x70
[  468.874056][ T2858]  ieee80211_sta_debugfs_remove+0x40/0x60
[  468.879771][ T2858]  __sta_info_destroy_part2+0x3b2/0x4c0
[  468.885314][ T2858]  sta_info_destroy_addr+0xf4/0x140
[  468.890503][ T2858]  ieee80211_destroy_auth_data+0x139/0x270
[  468.896301][ T2858]  ieee80211_sta_work+0x1256/0x3850
[  468.901581][ T2858]  ? mark_lock+0x9a/0x350
[  468.905909][ T2858]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  468.911455][ T2858]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  468.917770][ T2858]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  468.923656][ T2858]  ? lockdep_hardirqs_on+0x99/0x150
[  468.928845][ T2858]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  468.934731][ T2858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  468.941169][ T2858]  ? skb_dequeue+0x113/0x150
[  468.945843][ T2858]  ? ieee80211_iface_work+0xc0d/0xf20
[  468.951382][ T2858]  ? ieee80211_iface_work+0xe29/0xf20
[  468.957094][ T2858]  ? rcu_is_watching+0x15/0xb0
[  468.961847][ T2858]  cfg80211_wiphy_work+0x2db/0x490
[  468.966954][ T2858]  ? process_scheduled_works+0x945/0x1830
[  468.972662][ T2858]  process_scheduled_works+0xa2c/0x1830
[  468.978206][ T2858]  ? __pfx_process_scheduled_works+0x10/0x10
[  468.984262][ T2858]  ? assign_work+0x364/0x3d0
[  468.988854][ T2858]  worker_thread+0x86d/0xd50
[  468.993525][ T2858]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  468.999409][ T2858]  ? __kthread_parkme+0x169/0x1d0
[  469.004431][ T2858]  ? __pfx_worker_thread+0x10/0x10
[  469.009617][ T2858]  kthread+0x2f0/0x390
[  469.013678][ T2858]  ? __pfx_worker_thread+0x10/0x10
[  469.018886][ T2858]  ? __pfx_kthread+0x10/0x10
[  469.023465][ T2858]  ret_from_fork+0x4b/0x80
[  469.027884][ T2858]  ? __pfx_kthread+0x10/0x10
[  469.032566][ T2858]  ret_from_fork_asm+0x1a/0x30
[  469.037630][ T2858]  </TASK>
[  469.040649][ T2858] 
[  469.043059][ T2858] Allocated by task 5176:
[  469.047373][ T2858]  kasan_save_track+0x3f/0x80
[  469.052076][ T2858]  __kasan_slab_alloc+0x66/0x80
[  469.056923][ T2858]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[  469.062721][ T2858]  __d_alloc+0x31/0x700
[  469.066863][ T2858]  d_alloc_parallel+0xdf/0x1600
[  469.071788][ T2858]  __lookup_slow+0x117/0x3f0
[  469.076372][ T2858]  lookup_one_len+0x18b/0x2d0
[  469.081064][ T2858]  start_creating+0x187/0x310
[  469.085835][ T2858]  debugfs_create_dir+0x25/0x430
[  469.090791][ T2858]  ieee80211_sta_debugfs_add+0x132/0x820
[  469.096541][ T2858]  sta_info_insert_rcu+0xecf/0x1900
[  469.101736][ T2858]  sta_info_insert+0x16/0xc0
[  469.106314][ T2858]  ieee80211_prep_connection+0xecd/0x12d0
[  469.112132][ T2858]  ieee80211_mgd_auth+0xd42/0x14c0
[  469.117232][ T2858]  cfg80211_mlme_auth+0x59f/0x980
[  469.122242][ T2858]  cfg80211_conn_do_work+0x5ed/0xe60
[  469.127517][ T2858]  cfg80211_conn_work+0x27c/0x4d0
[  469.132559][ T2858]  process_scheduled_works+0xa2c/0x1830
[  469.138110][ T2858]  worker_thread+0x86d/0xd50
[  469.142699][ T2858]  kthread+0x2f0/0x390
[  469.146758][ T2858]  ret_from_fork+0x4b/0x80
[  469.151162][ T2858]  ret_from_fork_asm+0x1a/0x30
[  469.155943][ T2858] 
[  469.158255][ T2858] Freed by task 25:
[  469.162042][ T2858]  kasan_save_track+0x3f/0x80
[  469.166796][ T2858]  kasan_save_free_info+0x40/0x50
[  469.171804][ T2858]  poison_slab_object+0xe0/0x150
[  469.176746][ T2858]  __kasan_slab_free+0x37/0x60
[  469.181504][ T2858]  kmem_cache_free+0x145/0x350
[  469.186265][ T2858]  rcu_core+0xafd/0x1830
[  469.190536][ T2858]  handle_softirqs+0x2c4/0x970
[  469.195406][ T2858]  do_softirq+0x11b/0x1e0
[  469.199744][ T2858]  __local_bh_enable_ip+0x1bb/0x200
[  469.204947][ T2858]  nsim_dev_trap_report_work+0x75d/0xaa0
[  469.210575][ T2858]  process_scheduled_works+0xa2c/0x1830
[  469.216231][ T2858]  worker_thread+0x86d/0xd50
[  469.220815][ T2858]  kthread+0x2f0/0x390
[  469.224870][ T2858]  ret_from_fork+0x4b/0x80
[  469.229276][ T2858]  ret_from_fork_asm+0x1a/0x30
[  469.234159][ T2858] 
[  469.236465][ T2858] Last potentially related work creation:
[  469.242165][ T2858]  kasan_save_stack+0x3f/0x60
[  469.246829][ T2858]  __kasan_record_aux_stack+0xac/0xc0
[  469.252287][ T2858]  call_rcu+0x167/0xa70
[  469.256438][ T2858]  __dentry_kill+0x497/0x630
[  469.261046][ T2858]  dput+0x19f/0x2b0
[  469.264867][ T2858]  simple_recursive_removal+0x2bd/0x8e0
[  469.270421][ T2858]  debugfs_remove+0x49/0x70
[  469.274923][ T2858]  ieee80211_debugfs_recreate_netdev+0xc4/0x1400
[  469.281255][ T2858]  drv_remove_interface+0x1e1/0x590
[  469.286447][ T2858]  ieee80211_change_mac+0xaf5/0x11e0
[  469.291723][ T2858]  dev_set_mac_address+0x327/0x510
[  469.296826][ T2858]  dev_set_mac_address_user+0x31/0x50
[  469.302193][ T2858]  dev_ifsioc+0xbd9/0xe70
[  469.306602][ T2858]  dev_ioctl+0x719/0x1340
[  469.310920][ T2858]  sock_do_ioctl+0x240/0x460
[  469.315499][ T2858]  sock_ioctl+0x629/0x8e0
[  469.319814][ T2858]  __se_sys_ioctl+0xfc/0x170
[  469.324390][ T2858]  do_syscall_64+0xf3/0x230
[  469.328880][ T2858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.334767][ T2858] 
[  469.337077][ T2858] The buggy address belongs to the object at ffff88807aa2ad38
[  469.337077][ T2858]  which belongs to the cache dentry of size 312
[  469.350868][ T2858] The buggy address is located 176 bytes inside of
[  469.350868][ T2858]  freed 312-byte region [ffff88807aa2ad38, ffff88807aa2ae70)
[  469.364659][ T2858] 
[  469.367058][ T2858] The buggy address belongs to the physical page:
[  469.373488][ T2858] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7aa2a
[  469.382254][ T2858] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  469.390830][ T2858] memcg:ffff888022de1f01
[  469.395059][ T2858] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  469.403035][ T2858] page_type: 0xffffefff(slab)
[  469.407726][ T2858] raw: 00fff00000000040 ffff888015ef98c0 0000000000000000 dead000000000001
[  469.416386][ T2858] raw: 0000000000000000 0000000000150015 00000001ffffefff ffff888022de1f01
[  469.424957][ T2858] head: 00fff00000000040 ffff888015ef98c0 0000000000000000 dead000000000001
[  469.433625][ T2858] head: 0000000000000000 0000000000150015 00000001ffffefff ffff888022de1f01
[  469.442285][ T2858] head: 00fff00000000001 ffffea0001ea8a81 ffffffffffffffff 0000000000000000
[  469.451047][ T2858] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[  469.459735][ T2858] page dumped because: kasan: bad access detected
[  469.466189][ T2858] page_owner tracks the page as allocated
[  469.471913][ T2858] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5900, tgid 5900 (udevd), ts 118723483735, free_ts 96879687479
[  469.496072][ T2858]  post_alloc_hook+0x1f3/0x230
[  469.500836][ T2858]  get_page_from_freelist+0x2e4c/0x2f10
[  469.506370][ T2858]  __alloc_pages_noprof+0x256/0x6c0
[  469.511556][ T2858]  alloc_slab_page+0x5f/0x120
[  469.516222][ T2858]  allocate_slab+0x5a/0x2f0
[  469.520731][ T2858]  ___slab_alloc+0xcd1/0x14b0
[  469.525432][ T2858]  __slab_alloc+0x58/0xa0
[  469.529870][ T2858]  kmem_cache_alloc_lru_noprof+0x1c5/0x2b0
[  469.535697][ T2858]  __d_alloc+0x31/0x700
[  469.539951][ T2858]  d_alloc_parallel+0xdf/0x1600
[  469.544812][ T2858]  path_openat+0x92f/0x35f0
[  469.549334][ T2858]  do_filp_open+0x235/0x490
[  469.553968][ T2858]  do_sys_openat2+0x13e/0x1d0
[  469.558645][ T2858]  __x64_sys_openat+0x247/0x2a0
[  469.563752][ T2858]  do_syscall_64+0xf3/0x230
[  469.568350][ T2858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.574233][ T2858] page last free pid 4761 tgid 4761 stack trace:
[  469.580551][ T2858]  free_unref_page+0xd22/0xea0
[  469.585409][ T2858]  __slab_free+0x31b/0x3d0
[  469.589819][ T2858]  qlist_free_all+0x9e/0x140
[  469.594604][ T2858]  kasan_quarantine_reduce+0x14f/0x170
[  469.600079][ T2858]  __kasan_slab_alloc+0x23/0x80
[  469.604930][ T2858]  kmem_cache_alloc_node_noprof+0x16b/0x320
[  469.610817][ T2858]  __alloc_skb+0x1c3/0x440
[  469.615225][ T2858]  alloc_skb_with_frags+0xc3/0x770
[  469.620414][ T2858]  sock_alloc_send_pskb+0x91a/0xa60
[  469.625601][ T2858]  unix_dgram_sendmsg+0x6d3/0x1f80
[  469.630703][ T2858]  __sock_sendmsg+0x221/0x270
[  469.635373][ T2858]  sock_write_iter+0x2dd/0x400
[  469.640555][ T2858]  vfs_write+0xa72/0xc90
[  469.644793][ T2858]  ksys_write+0x1a0/0x2c0
[  469.649121][ T2858]  do_syscall_64+0xf3/0x230
[  469.653623][ T2858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.659512][ T2858] 
[  469.662017][ T2858] Memory state around the buggy address:
[  469.667631][ T2858]  ffff88807aa2ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[  469.675677][ T2858]  ffff88807aa2ad00: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb
[  469.683921][ T2858] >ffff88807aa2ad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  469.692050][ T2858]                                                           ^
[  469.699528][ T2858]  ffff88807aa2ae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  469.707855][ T2858]  ffff88807aa2ae80: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[  469.715906][ T2858] ==================================================================
[  469.723980][ T2858] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  469.731161][ T2858] CPU: 0 PID: 2858 Comm: kworker/u8:9 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a-dirty #0
[  469.741904][ T2858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  469.752068][ T2858] Workqueue: events_unbound cfg80211_wiphy_work
[  469.758328][ T2858] Call Trace:
[  469.761603][ T2858]  <TASK>
[  469.764534][ T2858]  dump_stack_lvl+0x241/0x360
[  469.769211][ T2858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.774497][ T2858]  ? __pfx__printk+0x10/0x10
[  469.779077][ T2858]  ? rcu_is_watching+0x15/0xb0
[  469.783855][ T2858]  ? lock_release+0xbf/0x9f0
[  469.788435][ T2858]  ? vscnprintf+0x5d/0x90
[  469.792772][ T2858]  panic+0x349/0x860
[  469.796768][ T2858]  ? check_panic_on_warn+0x21/0xb0
[  469.802046][ T2858]  ? __pfx_panic+0x10/0x10
[  469.806459][ T2858]  ? do_raw_spin_unlock+0x13c/0x8b0
[  469.811924][ T2858]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  469.817897][ T2858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  469.824228][ T2858]  ? print_report+0x502/0x550
[  469.828914][ T2858]  check_panic_on_warn+0x86/0xb0
[  469.833856][ T2858]  ? __lock_acquire+0x78/0x1fd0
[  469.838704][ T2858]  end_report+0x77/0x160
[  469.843028][ T2858]  kasan_report+0x154/0x180
[  469.847522][ T2858]  ? __lock_acquire+0x78/0x1fd0
[  469.852365][ T2858]  __lock_acquire+0x78/0x1fd0
[  469.857277][ T2858]  lock_acquire+0x1ed/0x550
[  469.861773][ T2858]  ? lockref_get+0x15/0x60
[  469.866205][ T2858]  ? __pfx_lock_acquire+0x10/0x10
[  469.871226][ T2858]  ? simple_pin_fs+0x91/0x160
[  469.875890][ T2858]  ? do_raw_spin_lock+0x14f/0x370
[  469.880905][ T2858]  ? __pfx_lock_release+0x10/0x10
[  469.885933][ T2858]  _raw_spin_lock+0x2e/0x40
[  469.890430][ T2858]  ? lockref_get+0x15/0x60
[  469.894852][ T2858]  lockref_get+0x15/0x60
[  469.899228][ T2858]  simple_recursive_removal+0x35/0x8e0
[  469.904686][ T2858]  ? mntput+0x65/0xc0
[  469.908666][ T2858]  ? __pfx_remove_one+0x10/0x10
[  469.913511][ T2858]  debugfs_remove+0x49/0x70
[  469.918091][ T2858]  ieee80211_sta_debugfs_remove+0x40/0x60
[  469.923804][ T2858]  __sta_info_destroy_part2+0x3b2/0x4c0
[  469.929360][ T2858]  sta_info_destroy_addr+0xf4/0x140
[  469.934552][ T2858]  ieee80211_destroy_auth_data+0x139/0x270
[  469.940351][ T2858]  ieee80211_sta_work+0x1256/0x3850
[  469.945547][ T2858]  ? mark_lock+0x9a/0x350
[  469.949868][ T2858]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  469.955404][ T2858]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  469.961743][ T2858]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  469.967673][ T2858]  ? lockdep_hardirqs_on+0x99/0x150
[  469.972959][ T2858]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  469.978872][ T2858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  469.985279][ T2858]  ? skb_dequeue+0x113/0x150
[  469.989858][ T2858]  ? ieee80211_iface_work+0xc0d/0xf20
[  469.995254][ T2858]  ? ieee80211_iface_work+0xe29/0xf20
[  470.000755][ T2858]  ? rcu_is_watching+0x15/0xb0
[  470.005688][ T2858]  cfg80211_wiphy_work+0x2db/0x490
[  470.010861][ T2858]  ? process_scheduled_works+0x945/0x1830
[  470.016623][ T2858]  process_scheduled_works+0xa2c/0x1830
[  470.022193][ T2858]  ? __pfx_process_scheduled_works+0x10/0x10
[  470.028313][ T2858]  ? assign_work+0x364/0x3d0
[  470.032919][ T2858]  worker_thread+0x86d/0xd50
[  470.037505][ T2858]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  470.043414][ T2858]  ? __kthread_parkme+0x169/0x1d0
[  470.048527][ T2858]  ? __pfx_worker_thread+0x10/0x10
[  470.053636][ T2858]  kthread+0x2f0/0x390
[  470.057710][ T2858]  ? __pfx_worker_thread+0x10/0x10
[  470.062812][ T2858]  ? __pfx_kthread+0x10/0x10
[  470.067482][ T2858]  ret_from_fork+0x4b/0x80
[  470.071986][ T2858]  ? __pfx_kthread+0x10/0x10
[  470.076654][ T2858]  ret_from_fork_asm+0x1a/0x30
[  470.081419][ T2858]  </TASK>
[  470.084672][ T2858] Kernel Offset: disabled
[  470.088991][ T2858] Rebooting in 86400 seconds..