[  471.940702][   T12] team0 (unregistering): Port device team_slave_1 removed
[  471.971154][   T12] team0 (unregistering): Port device team_slave_0 removed
Warning: Permanently added '10.128.1.212' (ED25519) to the list of known hosts.
executing program
[  477.404483][ T7722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  477.413728][ T7722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  477.434764][ T7722] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  477.442905][ T7722] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[  477.469423][ T7912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.493573][ T7913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.508142][ T7711] wlan1: No basic rates, using min rate instead
executing program
executing program
executing program
[  477.515994][ T7711] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  477.525770][ T7711] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  477.533983][ T7914] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.558954][ T7915] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  477.582930][ T7916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.607284][ T7917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  477.628645][ T7918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.638621][ T3554] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  477.663932][ T7919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  477.686003][ T7920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.707010][ T7921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  477.732485][ T7922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.756237][ T7923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  477.777969][ T7924] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.799962][ T7925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.820893][ T7926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  477.843208][ T7927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.867165][ T7928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  477.889126][ T7929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.911896][ T7930] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.933495][ T7931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  477.957435][ T7932] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  477.979298][ T7933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  478.000494][ T7934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.024606][ T7935] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.046145][ T7936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.070272][ T7937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.092567][ T7938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.114425][ T7939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.138720][ T7940] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.161207][ T7941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  478.184771][ T7942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.206532][ T7943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  478.231635][ T7944] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.253964][ T7945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.275270][ T7946] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.300101][ T7947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.323880][ T7948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.348307][ T7949] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.369862][ T7950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  478.393927][ T7951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.415303][ T7952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.437650][ T7953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.461444][ T7954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.485161][ T7955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.510533][ T7956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.532228][ T7957] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  478.554411][ T7958] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.575331][ T7959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.596643][ T7960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.618497][ T7961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.640288][ T7962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  478.662586][ T7963] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.683574][ T7964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.705615][ T7965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.732087][ T7966] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.754343][ T7967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  478.775715][ T7968] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.797466][ T7969] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.818677][ T7970] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.840436][ T7971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.862190][ T7972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.884018][ T7973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.905564][ T3554] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  478.905631][ T7974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.940823][ T7975] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.960576][ T7976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  478.984636][ T7977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.005822][ T7978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.029907][ T7979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  479.052826][ T7980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.077076][ T7981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.098293][ T7982] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.119985][ T7983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  479.144014][ T7984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.166158][ T7985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.190585][ T7986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[  479.212154][ T7987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.235824][ T7988] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
executing program
[  479.257931][ T7989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.279154][ T7990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.300815][ T7991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.324565][ T7992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.346507][ T7993] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.370863][ T7994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.394932][ T7995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[  479.416009][ T7996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.445812][ T7998] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.474725][ T7999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.496245][ T8000] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.529744][ T8001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.553732][ T8003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.575073][ T8004] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  479.600117][ T8005] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.621996][ T8006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.643736][ T8007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.668348][ T8008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.690391][ T8009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  479.714215][ T8010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.736221][ T8011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.758099][ T8012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.779286][ T8013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.801708][ T8014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  479.825835][ T8015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.849857][ T8016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[  479.874763][ T8017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.898583][ T7722] wlan1: authentication with 08:02:11:00:00:00 timed out
[  479.898656][ T8019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.917056][ T7722] ==================================================================
[  479.925231][ T7722] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[  479.932789][ T7722] Read of size 1 at addr ffff88805de08e08 by task kworker/u8:2/7722
[  479.940746][ T7722] 
[  479.943091][ T7722] CPU: 0 UID: 0 PID: 7722 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  479.943104][ T7722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  479.943112][ T7722] Workqueue: events_unbound cfg80211_wiphy_work
[  479.943140][ T7722] Call Trace:
[  479.943146][ T7722]  <TASK>
[  479.943151][ T7722]  dump_stack_lvl+0x189/0x250
[  479.943165][ T7722]  ? __virt_addr_valid+0x1c8/0x5c0
[  479.943177][ T7722]  ? rcu_is_watching+0x15/0xb0
[  479.943188][ T7722]  ? __pfx_dump_stack_lvl+0x10/0x10
[  479.943199][ T7722]  ? rcu_is_watching+0x15/0xb0
[  479.943209][ T7722]  ? lock_release+0x4b/0x3e0
[  479.943218][ T7722]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  479.943231][ T7722]  ? __virt_addr_valid+0x1c8/0x5c0
[  479.943242][ T7722]  ? __virt_addr_valid+0x4a5/0x5c0
[  479.943254][ T7722]  print_report+0xca/0x240
[  479.943265][ T7722]  ? _raw_spin_lock+0x2e/0x40
[  479.943275][ T7722]  kasan_report+0x118/0x150
[  479.943285][ T7722]  ? _raw_spin_lock+0x2e/0x40
[  479.943296][ T7722]  ? lockref_get+0x15/0x60
[  479.943307][ T7722]  __kasan_check_byte+0x2a/0x40
[  479.943316][ T7722]  lock_acquire+0x8d/0x360
[  479.943325][ T7722]  ? do_raw_spin_lock+0x121/0x290
[  479.943338][ T7722]  _raw_spin_lock+0x2e/0x40
[  479.943348][ T7722]  ? lockref_get+0x15/0x60
[  479.943357][ T7722]  lockref_get+0x15/0x60
[  479.943367][ T7722]  __simple_recursive_removal+0x33/0x510
[  479.943380][ T7722]  ? mntput+0x65/0xc0
[  479.943391][ T7722]  ? __pfx_remove_one+0x10/0x10
[  479.943406][ T7722]  debugfs_remove+0x5b/0x70
[  479.943418][ T7722]  ieee80211_sta_debugfs_remove+0x40/0x70
[  479.943432][ T7722]  __sta_info_destroy_part2+0x352/0x450
[  479.943447][ T7722]  sta_info_destroy_addr+0xf5/0x140
[  479.943460][ T7722]  ieee80211_destroy_auth_data+0x12d/0x260
[  479.943471][ T7722]  ieee80211_sta_work+0x11cf/0x3600
[  479.943482][ T7722]  ? kasan_save_track+0x4f/0x80
[  479.943494][ T7722]  ? kasan_save_track+0x3e/0x80
[  479.943505][ T7722]  ? __kasan_save_free_info+0x46/0x50
[  479.943516][ T7722]  ? ieee80211_iface_work+0xb30/0x12d0
[  479.943529][ T7722]  ? process_scheduled_works+0xae1/0x17b0
[  479.943539][ T7722]  ? worker_thread+0x8a0/0xda0
[  479.943548][ T7722]  ? kthread+0x711/0x8a0
[  479.943559][ T7722]  ? ret_from_fork+0x4bc/0x870
[  479.943568][ T7722]  ? ret_from_fork_asm+0x1a/0x30
[  479.943578][ T7722]  ? __lock_acquire+0xab9/0xd20
[  479.943587][ T7722]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  479.943597][ T7722]  ? do_raw_spin_lock+0x121/0x290
[  479.943610][ T7722]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  479.943622][ T7722]  ? lockdep_hardirqs_on+0x9c/0x150
[  479.943634][ T7722]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  479.943645][ T7722]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  479.943656][ T7722]  ? kcov_remote_stop+0x17e/0x6d0
[  479.943666][ T7722]  ? lockdep_hardirqs_on+0x9c/0x150
[  479.943678][ T7722]  ? skb_dequeue+0x10e/0x150
[  479.943690][ T7722]  ? ieee80211_iface_work+0xfbd/0x12d0
[  479.943702][ T7722]  ? ieee80211_iface_work+0x11d6/0x12d0
[  479.943716][ T7722]  cfg80211_wiphy_work+0x2bb/0x470
[  479.943729][ T7722]  ? process_scheduled_works+0x9ef/0x17b0
[  479.943738][ T7722]  process_scheduled_works+0xae1/0x17b0
[  479.943754][ T7722]  ? __pfx_process_scheduled_works+0x10/0x10
[  479.943766][ T7722]  worker_thread+0x8a0/0xda0
[  479.943777][ T7722]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  479.943793][ T7722]  ? __kthread_parkme+0x7b/0x200
[  479.943805][ T7722]  kthread+0x711/0x8a0
[  479.943817][ T7722]  ? __pfx_worker_thread+0x10/0x10
[  479.943827][ T7722]  ? __pfx_kthread+0x10/0x10
[  479.943838][ T7722]  ? _raw_spin_unlock_irq+0x23/0x50
[  479.943849][ T7722]  ? lockdep_hardirqs_on+0x9c/0x150
[  479.943860][ T7722]  ? __pfx_kthread+0x10/0x10
[  479.943871][ T7722]  ret_from_fork+0x4bc/0x870
[  479.943880][ T7722]  ? __pfx_ret_from_fork+0x10/0x10
[  479.943891][ T7722]  ? __switch_to_asm+0x39/0x70
[  479.943898][ T7722]  ? __switch_to_asm+0x33/0x70
[  479.943905][ T7722]  ? __pfx_kthread+0x10/0x10
[  479.943916][ T7722]  ret_from_fork_asm+0x1a/0x30
[  479.943928][ T7722]  </TASK>
[  479.943931][ T7722] 
[  480.327431][ T7722] Allocated by task 7711:
[  480.331917][ T7722]  kasan_save_track+0x3e/0x80
[  480.336667][ T7722]  __kasan_slab_alloc+0x6c/0x80
[  480.341497][ T7722]  kmem_cache_alloc_lru_noprof+0x35d/0x6d0
[  480.347281][ T7722]  __d_alloc+0x36/0x7a0
[  480.351412][ T7722]  d_alloc_parallel+0xe1/0x1610
[  480.356678][ T7722]  __lookup_slow+0x116/0x3d0
[  480.361341][ T7722]  simple_start_creating+0xfd/0x1e0
[  480.366519][ T7722]  debugfs_start_creating+0x10f/0x180
[  480.371886][ T7722]  debugfs_create_dir+0x28/0x420
[  480.376895][ T7722]  ieee80211_sta_debugfs_add+0x12c/0x850
[  480.382555][ T7722]  sta_info_insert_rcu+0x1c54/0x2840
[  480.387904][ T7722]  sta_info_insert+0x16/0xc0
[  480.392570][ T7722]  ieee80211_prep_connection+0xfce/0x13f0
[  480.398268][ T7722]  ieee80211_mgd_auth+0xee6/0x1770
[  480.403460][ T7722]  cfg80211_mlme_auth+0x632/0x9c0
[  480.408485][ T7722]  cfg80211_conn_do_work+0x501/0xd10
[  480.413752][ T7722]  cfg80211_conn_work+0x2c0/0x460
[  480.418785][ T7722]  process_scheduled_works+0xae1/0x17b0
[  480.424312][ T7722]  worker_thread+0x8a0/0xda0
[  480.428881][ T7722]  kthread+0x711/0x8a0
[  480.432942][ T7722]  ret_from_fork+0x4bc/0x870
[  480.437510][ T7722]  ret_from_fork_asm+0x1a/0x30
[  480.442246][ T7722] 
[  480.444548][ T7722] Freed by task 23:
[  480.448330][ T7722]  kasan_save_track+0x3e/0x80
[  480.453077][ T7722]  __kasan_save_free_info+0x46/0x50
[  480.458261][ T7722]  __kasan_slab_free+0x5c/0x80
[  480.463033][ T7722]  kmem_cache_free+0x19b/0x690
[  480.467791][ T7722]  rcu_core+0xcab/0x1770
[  480.472025][ T7722]  handle_softirqs+0x286/0x870
[  480.476767][ T7722]  run_ksoftirqd+0x9b/0x100
[  480.481249][ T7722]  smpboot_thread_fn+0x542/0xa60
[  480.486264][ T7722]  kthread+0x711/0x8a0
[  480.490323][ T7722]  ret_from_fork+0x4bc/0x870
[  480.494903][ T7722]  ret_from_fork_asm+0x1a/0x30
[  480.499651][ T7722] 
[  480.501989][ T7722] Last potentially related work creation:
[  480.507794][ T7722]  kasan_save_stack+0x3e/0x60
[  480.512463][ T7722]  kasan_record_aux_stack+0xbd/0xd0
[  480.517723][ T7722]  call_rcu+0x157/0x9c0
[  480.521883][ T7722]  __dentry_kill+0x4d2/0x660
[  480.526451][ T7722]  dput+0x19f/0x2b0
[  480.530232][ T7722]  find_next_child+0x1e5/0x250
[  480.535146][ T7722]  __simple_recursive_removal+0x10b/0x510
[  480.540841][ T7722]  debugfs_remove+0x5b/0x70
[  480.545319][ T7722]  ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[  480.551628][ T7722]  drv_remove_interface+0x1fa/0x590
[  480.556803][ T7722]  ieee80211_change_mac+0x912/0x12d0
[  480.562069][ T7722]  netif_set_mac_address+0x2fc/0x4c0
[  480.567331][ T7722]  dev_set_mac_address_user+0x137/0x270
[  480.572854][ T7722]  dev_ioctl+0x7b4/0x1150
[  480.577336][ T7722]  sock_do_ioctl+0x22c/0x300
[  480.581906][ T7722]  sock_ioctl+0x576/0x790
[  480.586210][ T7722]  __se_sys_ioctl+0xfc/0x170
[  480.590778][ T7722]  do_syscall_64+0xfa/0xfa0
[  480.595267][ T7722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.601134][ T7722] 
[  480.603459][ T7722] The buggy address belongs to the object at ffff88805de08d38
[  480.603459][ T7722]  which belongs to the cache dentry of size 312
[  480.617140][ T7722] The buggy address is located 208 bytes inside of
[  480.617140][ T7722]  freed 312-byte region [ffff88805de08d38, ffff88805de08e70)
[  480.631091][ T7722] 
[  480.633402][ T7722] The buggy address belongs to the physical page:
[  480.639801][ T7722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5de08
[  480.648544][ T7722] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  480.657039][ T7722] memcg:ffff88807d07f201
[  480.661262][ T7722] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  480.668795][ T7722] page_type: f5(slab)
[  480.672764][ T7722] raw: 00fff00000000040 ffff888140407780 ffffea0000462e00 dead000000000002
[  480.681324][ T7722] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff88807d07f201
[  480.689985][ T7722] head: 00fff00000000040 ffff888140407780 ffffea0000462e00 dead000000000002
[  480.698639][ T7722] head: 0000000000000000 0000000000150015 00000000f5000000 ffff88807d07f201
[  480.707303][ T7722] head: 00fff00000000001 ffffea0001778201 00000000ffffffff 00000000ffffffff
[  480.715948][ T7722] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  480.724589][ T7722] page dumped because: kasan: bad access detected
[  480.731011][ T7722] page_owner tracks the page as allocated
[  480.736718][ T7722] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 44, tgid 44 (kworker/u8:3), ts 91048671549, free_ts 22009324646
[  480.759687][ T7722]  post_alloc_hook+0x240/0x2a0
[  480.764456][ T7722]  get_page_from_freelist+0x2365/0x2440
[  480.769984][ T7722]  __alloc_frozen_pages_noprof+0x181/0x370
[  480.775768][ T7722]  alloc_pages_mpol+0x232/0x4a0
[  480.780699][ T7722]  allocate_slab+0x96/0x350
[  480.785268][ T7722]  ___slab_alloc+0xe94/0x18a0
[  480.789921][ T7722]  __slab_alloc+0x65/0x100
[  480.794343][ T7722]  kmem_cache_alloc_lru_noprof+0x3ef/0x6d0
[  480.800130][ T7722]  __d_alloc+0x36/0x7a0
[  480.804300][ T7722]  d_alloc_parallel+0xe1/0x1610
[  480.809180][ T7722]  __lookup_slow+0x116/0x3d0
[  480.813772][ T7722]  simple_start_creating+0xfd/0x1e0
[  480.818981][ T7722]  debugfs_start_creating+0x10f/0x180
[  480.824344][ T7722]  __debugfs_create_file+0x79/0x4f0
[  480.829538][ T7722]  debugfs_create_file_full+0x3f/0x60
[  480.834903][ T7722]  sta_info_insert_rcu+0x1d3d/0x2840
[  480.840184][ T7722] page last free pid 1 tgid 1 stack trace:
[  480.846050][ T7722]  __free_frozen_pages+0xbc4/0xd30
[  480.851140][ T7722]  free_contig_range+0x1bd/0x4a0
[  480.856228][ T7722]  destroy_args+0x69/0x660
[  480.860617][ T7722]  debug_vm_pgtable+0x39f/0x3b0
[  480.865444][ T7722]  do_one_initcall+0x236/0x820
[  480.870536][ T7722]  do_initcall_level+0x104/0x190
[  480.875451][ T7722]  do_initcalls+0x59/0xa0
[  480.879752][ T7722]  kernel_init_freeable+0x334/0x4b0
[  480.884928][ T7722]  kernel_init+0x1d/0x1d0
[  480.889230][ T7722]  ret_from_fork+0x4bc/0x870
[  480.893797][ T7722]  ret_from_fork_asm+0x1a/0x30
[  480.898532][ T7722] 
[  480.900833][ T7722] Memory state around the buggy address:
[  480.906439][ T7722]  ffff88805de08d00: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb
[  480.914490][ T7722]  ffff88805de08d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  480.922633][ T7722] >ffff88805de08e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  480.930704][ T7722]                       ^
[  480.935009][ T7722]  ffff88805de08e80: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[  480.943070][ T7722]  ffff88805de08f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  480.951118][ T7722] ==================================================================
[  480.960234][ T7722] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  480.967527][ T7722] CPU: 0 UID: 0 PID: 7722 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  480.977057][ T7722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  480.987103][ T7722] Workqueue: events_unbound cfg80211_wiphy_work
[  480.993339][ T7722] Call Trace:
[  480.996623][ T7722]  <TASK>
[  480.999542][ T7722]  dump_stack_lvl+0x99/0x250
[  481.004209][ T7722]  ? __asan_memcpy+0x40/0x70
[  481.008962][ T7722]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.014178][ T7722]  ? __pfx__printk+0x10/0x10
[  481.018759][ T7722]  vpanic+0x237/0x6d0
[  481.022729][ T7722]  ? __pfx_vpanic+0x10/0x10
[  481.027230][ T7722]  panic+0xb9/0xc0
[  481.030940][ T7722]  ? __pfx_panic+0x10/0x10
[  481.035343][ T7722]  ? _raw_spin_lock+0x2e/0x40
[  481.040011][ T7722]  ? __pfx_panic+0x10/0x10
[  481.044514][ T7722]  ? _raw_spin_lock+0x2e/0x40
[  481.049179][ T7722]  check_panic_on_warn+0x89/0xb0
[  481.054105][ T7722]  ? _raw_spin_lock+0x2e/0x40
[  481.058766][ T7722]  end_report+0x78/0x160
[  481.063008][ T7722]  kasan_report+0x129/0x150
[  481.067493][ T7722]  ? _raw_spin_lock+0x2e/0x40
[  481.072246][ T7722]  ? lockref_get+0x15/0x60
[  481.076645][ T7722]  __kasan_check_byte+0x2a/0x40
[  481.081649][ T7722]  lock_acquire+0x8d/0x360
[  481.086046][ T7722]  ? do_raw_spin_lock+0x121/0x290
[  481.091061][ T7722]  _raw_spin_lock+0x2e/0x40
[  481.095549][ T7722]  ? lockref_get+0x15/0x60
[  481.099952][ T7722]  lockref_get+0x15/0x60
[  481.104187][ T7722]  __simple_recursive_removal+0x33/0x510
[  481.109892][ T7722]  ? mntput+0x65/0xc0
[  481.113866][ T7722]  ? __pfx_remove_one+0x10/0x10
[  481.118711][ T7722]  debugfs_remove+0x5b/0x70
[  481.123208][ T7722]  ieee80211_sta_debugfs_remove+0x40/0x70
[  481.128925][ T7722]  __sta_info_destroy_part2+0x352/0x450
[  481.134469][ T7722]  sta_info_destroy_addr+0xf5/0x140
[  481.139658][ T7722]  ieee80211_destroy_auth_data+0x12d/0x260
[  481.145450][ T7722]  ieee80211_sta_work+0x11cf/0x3600
[  481.150636][ T7722]  ? kasan_save_track+0x4f/0x80
[  481.155472][ T7722]  ? kasan_save_track+0x3e/0x80
[  481.160308][ T7722]  ? __kasan_save_free_info+0x46/0x50
[  481.165667][ T7722]  ? ieee80211_iface_work+0xb30/0x12d0
[  481.171117][ T7722]  ? process_scheduled_works+0xae1/0x17b0
[  481.176821][ T7722]  ? worker_thread+0x8a0/0xda0
[  481.181579][ T7722]  ? kthread+0x711/0x8a0
[  481.185825][ T7722]  ? ret_from_fork+0x4bc/0x870
[  481.190576][ T7722]  ? ret_from_fork_asm+0x1a/0x30
[  481.195501][ T7722]  ? __lock_acquire+0xab9/0xd20
[  481.200333][ T7722]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  481.205890][ T7722]  ? do_raw_spin_lock+0x121/0x290
[  481.210914][ T7722]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  481.216797][ T7722]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.221986][ T7722]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  481.227865][ T7722]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  481.234300][ T7722]  ? kcov_remote_stop+0x17e/0x6d0
[  481.239363][ T7722]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.244554][ T7722]  ? skb_dequeue+0x10e/0x150
[  481.249142][ T7722]  ? ieee80211_iface_work+0xfbd/0x12d0
[  481.254589][ T7722]  ? ieee80211_iface_work+0x11d6/0x12d0
[  481.260122][ T7722]  cfg80211_wiphy_work+0x2bb/0x470
[  481.265226][ T7722]  ? process_scheduled_works+0x9ef/0x17b0
[  481.270980][ T7722]  process_scheduled_works+0xae1/0x17b0
[  481.276536][ T7722]  ? __pfx_process_scheduled_works+0x10/0x10
[  481.282519][ T7722]  worker_thread+0x8a0/0xda0
[  481.287131][ T7722]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  481.293464][ T7722]  ? __kthread_parkme+0x7b/0x200
[  481.298408][ T7722]  kthread+0x711/0x8a0
[  481.302468][ T7722]  ? __pfx_worker_thread+0x10/0x10
[  481.307565][ T7722]  ? __pfx_kthread+0x10/0x10
[  481.312140][ T7722]  ? _raw_spin_unlock_irq+0x23/0x50
[  481.317329][ T7722]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.322527][ T7722]  ? __pfx_kthread+0x10/0x10
[  481.327110][ T7722]  ret_from_fork+0x4bc/0x870
[  481.331688][ T7722]  ? __pfx_ret_from_fork+0x10/0x10
[  481.336784][ T7722]  ? __switch_to_asm+0x39/0x70
[  481.341530][ T7722]  ? __switch_to_asm+0x33/0x70
[  481.346286][ T7722]  ? __pfx_kthread+0x10/0x10
[  481.350965][ T7722]  ret_from_fork_asm+0x1a/0x30
[  481.355822][ T7722]  </TASK>
[  481.359185][ T7722] Kernel Offset: disabled
[  481.363521][ T7722] Rebooting in 86400 seconds..