[  464.912853][ T3530] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  465.022747][ T3530] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  465.132879][ T3530] wlan1: authentication with 08:02:11:00:00:00 timed out
[  465.276679][ T8052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  465.314658][ T7783] wlan1: No basic rates, using min rate instead
[  465.322534][ T7783] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  465.332189][ T7783] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  465.442775][ T7936] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  465.552717][ T3530] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  465.672803][ T3530] wlan1: authentication with 08:02:11:00:00:00 timed out
[  465.739089][ T3530] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  465.793283][ T3530] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  465.842397][ T3530] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  465.894682][ T3530] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.040412][ T3530] bridge_slave_1: left allmulticast mode
[  466.047346][ T3530] bridge_slave_1: left promiscuous mode
[  466.053963][ T3530] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.064028][ T3530] bridge_slave_0: left allmulticast mode
[  466.069701][ T3530] bridge_slave_0: left promiscuous mode
[  466.077449][ T3530] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.380399][ T3530] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  466.391660][ T3530] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  466.402420][ T3530] bond0 (unregistering): Released all slaves
[  466.655066][ T3530] hsr_slave_0: left promiscuous mode
[  466.661126][ T3530] hsr_slave_1: left promiscuous mode
[  466.675653][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  466.683350][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_0
[  466.691406][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  466.699247][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_1
[  466.718057][ T3530] veth1_macvtap: left promiscuous mode
[  466.723835][ T3530] veth0_macvtap: left promiscuous mode
[  466.730099][ T3530] veth1_vlan: left promiscuous mode
[  466.736004][ T3530] veth0_vlan: left promiscuous mode
[  467.155911][ T3530] team0 (unregistering): Port device team_slave_1 removed
[  467.187520][ T3530] team0 (unregistering): Port device team_slave_0 removed
Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts.
[  470.284181][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.292187][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  470.322393][ T7936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
executing program
[  470.331383][ T7936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
executing program
[  470.357332][ T8185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.374189][ T8186] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.393695][ T7783] wlan1: No basic rates, using min rate instead
executing program
executing program
[  470.401332][ T7783] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  470.413183][ T7783] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  470.420741][ T8187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.445034][ T8188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.469323][ T8189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.490936][ T8190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.513120][ T8191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.523030][ T7936] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  470.545000][ T8192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.570659][ T8193] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.602209][ T8195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.628116][ T8196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.637922][ T3530] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  470.660502][ T8197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.681942][ T8198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.707373][ T8199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.728722][ T8200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.761242][ T8201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.782375][ T8202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.806678][ T8203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.828147][ T8204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.859758][ T8205] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.881351][ T8206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.906469][ T8207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  470.929986][ T8208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.951455][ T8209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  470.975569][ T8210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.998647][ T8211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.022337][ T8212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.045990][ T8213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.069814][ T8214] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.091182][ T8215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.112501][ T8216] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.136869][ T8217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  471.163823][ T8219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.187582][ T8220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.208890][ T8221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.233302][ T8222] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  471.254984][ T8223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.278158][ T8224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.302317][ T8226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.323766][ T8227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.347645][ T8228] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.371540][ T8229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.396079][ T8231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  471.418013][ T8232] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.440199][ T8233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.464115][ T8234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.486309][ T8235] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.507186][ T8236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  471.531292][ T8237] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.553289][ T8238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.576601][ T8239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.603817][ T8241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.629136][ T8242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  471.650834][ T8243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.672082][ T8244] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.694211][ T8245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
[  471.715683][ T8246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.739516][ T8247] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.760913][ T8248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  471.786670][ T8249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.806830][ T8250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
executing program
executing program
[  471.830498][ T8251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.852538][ T8252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.873677][ T8253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
executing program
[  471.895158][ T8254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.916552][ T3530] wlan1: authentication with 08:02:11:00:00:00 timed out
[  471.916622][ T8255] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.935182][ T3530] ==================================================================
[  471.943709][ T3530] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[  471.951280][ T3530] Read of size 1 at addr ffff888071d87cb8 by task kworker/u8:9/3530
[  471.959247][ T3530] 
[  471.961593][ T3530] CPU: 0 UID: 0 PID: 3530 Comm: kworker/u8:9 Not tainted 6.16.0-syzkaller-gd9104cec3e8f #0 PREEMPT(full) 
[  471.961617][ T3530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  471.961630][ T3530] Workqueue: events_unbound cfg80211_wiphy_work
[  471.961670][ T3530] Call Trace:
[  471.961679][ T3530]  <TASK>
[  471.961690][ T3530]  dump_stack_lvl+0x189/0x250
[  471.961709][ T3530]  ? __virt_addr_valid+0x1c8/0x5c0
[  471.961727][ T3530]  ? rcu_is_watching+0x15/0xb0
[  471.961751][ T3530]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.961767][ T3530]  ? rcu_is_watching+0x15/0xb0
[  471.961790][ T3530]  ? lock_release+0x4b/0x3e0
[  471.961810][ T3530]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  471.961831][ T3530]  ? __virt_addr_valid+0x1c8/0x5c0
[  471.961849][ T3530]  ? __virt_addr_valid+0x4a5/0x5c0
[  471.961869][ T3530]  print_report+0xca/0x240
[  471.961890][ T3530]  ? _raw_spin_lock+0x2e/0x40
[  471.961908][ T3530]  kasan_report+0x118/0x150
[  471.961933][ T3530]  ? _raw_spin_lock+0x2e/0x40
[  471.961953][ T3530]  ? lockref_get+0x15/0x60
[  471.961972][ T3530]  __kasan_check_byte+0x2a/0x40
[  471.961994][ T3530]  lock_acquire+0x8d/0x360
[  471.962015][ T3530]  ? do_raw_spin_lock+0x121/0x290
[  471.962037][ T3530]  _raw_spin_lock+0x2e/0x40
[  471.962055][ T3530]  ? lockref_get+0x15/0x60
[  471.962073][ T3530]  lockref_get+0x15/0x60
[  471.962092][ T3530]  __simple_recursive_removal+0x33/0x510
[  471.962114][ T3530]  ? mntput+0x65/0xc0
[  471.962133][ T3530]  ? __pfx_remove_one+0x10/0x10
[  471.962155][ T3530]  debugfs_remove+0x5b/0x70
[  471.962174][ T3530]  ieee80211_sta_debugfs_remove+0x40/0x70
[  471.962196][ T3530]  __sta_info_destroy_part2+0x352/0x450
[  471.962221][ T3530]  sta_info_destroy_addr+0xf5/0x140
[  471.962244][ T3530]  ieee80211_destroy_auth_data+0x12d/0x260
[  471.962263][ T3530]  ieee80211_sta_work+0x11cf/0x3600
[  471.962282][ T3530]  ? kasan_save_track+0x3e/0x80
[  471.962302][ T3530]  ? __kasan_slab_free+0x62/0x70
[  471.962323][ T3530]  ? kmem_cache_free+0x18f/0x400
[  471.962345][ T3530]  ? ieee80211_iface_work+0xb30/0x12d0
[  471.962365][ T3530]  ? cfg80211_wiphy_work+0x2df/0x460
[  471.962385][ T3530]  ? process_scheduled_works+0xae1/0x17b0
[  471.962407][ T3530]  ? worker_thread+0x8a0/0xda0
[  471.962428][ T3530]  ? kthread+0x70e/0x8a0
[  471.962444][ T3530]  ? ret_from_fork+0x3fc/0x770
[  471.962466][ T3530]  ? ret_from_fork_asm+0x1a/0x30
[  471.962488][ T3530]  ? __lock_acquire+0xab9/0xd20
[  471.962509][ T3530]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  471.962526][ T3530]  ? do_raw_spin_lock+0x121/0x290
[  471.962548][ T3530]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  471.962575][ T3530]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.962596][ T3530]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  471.962616][ T3530]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  471.962635][ T3530]  ? kcov_remote_stop+0x17e/0x6d0
[  471.962656][ T3530]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.962679][ T3530]  ? skb_dequeue+0x10e/0x150
[  471.962699][ T3530]  ? ieee80211_iface_work+0xfbd/0x12d0
[  471.962728][ T3530]  ? ieee80211_iface_work+0x11d6/0x12d0
[  471.962752][ T3530]  cfg80211_wiphy_work+0x2df/0x460
[  471.962775][ T3530]  ? process_scheduled_works+0x9ef/0x17b0
[  471.962798][ T3530]  process_scheduled_works+0xae1/0x17b0
[  471.962832][ T3530]  ? __pfx_process_scheduled_works+0x10/0x10
[  471.962861][ T3530]  worker_thread+0x8a0/0xda0
[  471.962885][ T3530]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  471.962908][ T3530]  ? __kthread_parkme+0x7b/0x200
[  471.962927][ T3530]  kthread+0x70e/0x8a0
[  471.962945][ T3530]  ? __pfx_worker_thread+0x10/0x10
[  471.962968][ T3530]  ? __pfx_kthread+0x10/0x10
[  471.962986][ T3530]  ? _raw_spin_unlock_irq+0x23/0x50
[  471.963005][ T3530]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.963038][ T3530]  ? __pfx_kthread+0x10/0x10
[  471.963056][ T3530]  ret_from_fork+0x3fc/0x770
[  471.963079][ T3530]  ? __pfx_ret_from_fork+0x10/0x10
[  471.963103][ T3530]  ? __switch_to_asm+0x39/0x70
[  471.963121][ T3530]  ? __switch_to_asm+0x33/0x70
[  471.963138][ T3530]  ? __pfx_kthread+0x10/0x10
[  471.963155][ T3530]  ret_from_fork_asm+0x1a/0x30
[  471.963179][ T3530]  </TASK>
[  471.963195][ T3530] 
[  472.354499][ T3530] Allocated by task 7783:
[  472.358828][ T3530]  kasan_save_track+0x3e/0x80
[  472.363493][ T3530]  __kasan_slab_alloc+0x6c/0x80
[  472.368330][ T3530]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  472.374218][ T3530]  __d_alloc+0x36/0x7a0
[  472.378370][ T3530]  d_alloc_parallel+0xe5/0x15e0
[  472.383202][ T3530]  __lookup_slow+0x116/0x3d0
[  472.387772][ T3530]  simple_start_creating+0xfd/0x1e0
[  472.392998][ T3530]  start_creating+0x10f/0x180
[  472.397655][ T3530]  debugfs_create_dir+0x28/0x420
[  472.402659][ T3530]  ieee80211_sta_debugfs_add+0x12c/0x850
[  472.408300][ T3530]  sta_info_insert_rcu+0xfac/0x1940
[  472.413494][ T3530]  sta_info_insert+0x16/0xc0
[  472.418064][ T3530]  ieee80211_prep_connection+0xfce/0x13f0
[  472.423762][ T3530]  ieee80211_mgd_auth+0xee3/0x1770
[  472.428848][ T3530]  cfg80211_mlme_auth+0x62f/0x9c0
[  472.433864][ T3530]  cfg80211_conn_do_work+0x501/0xd10
[  472.439223][ T3530]  cfg80211_conn_work+0x2c0/0x440
[  472.444230][ T3530]  process_scheduled_works+0xae1/0x17b0
[  472.449754][ T3530]  worker_thread+0x8a0/0xda0
[  472.454337][ T3530]  kthread+0x70e/0x8a0
[  472.458398][ T3530]  ret_from_fork+0x3fc/0x770
[  472.462973][ T3530]  ret_from_fork_asm+0x1a/0x30
[  472.467717][ T3530] 
[  472.470042][ T3530] Freed by task 23:
[  472.473828][ T3530]  kasan_save_track+0x3e/0x80
[  472.478486][ T3530]  kasan_save_free_info+0x46/0x50
[  472.483574][ T3530]  __kasan_slab_free+0x62/0x70
[  472.488320][ T3530]  kmem_cache_free+0x18f/0x400
[  472.493064][ T3530]  rcu_core+0xca8/0x1710
[  472.497309][ T3530]  handle_softirqs+0x283/0x870
[  472.502050][ T3530]  run_ksoftirqd+0x9b/0x100
[  472.506524][ T3530]  smpboot_thread_fn+0x53f/0xa60
[  472.511530][ T3530]  kthread+0x70e/0x8a0
[  472.515579][ T3530]  ret_from_fork+0x3fc/0x770
[  472.520157][ T3530]  ret_from_fork_asm+0x1a/0x30
[  472.524990][ T3530] 
[  472.527292][ T3530] Last potentially related work creation:
[  472.533179][ T3530]  kasan_save_stack+0x3e/0x60
[  472.537840][ T3530]  kasan_record_aux_stack+0xbd/0xd0
[  472.543011][ T3530]  call_rcu+0x157/0x9c0
[  472.547142][ T3530]  __dentry_kill+0x4d2/0x660
[  472.551703][ T3530]  dput+0x19f/0x2b0
[  472.555484][ T3530]  find_next_child+0x1e5/0x250
[  472.560223][ T3530]  __simple_recursive_removal+0x10b/0x510
[  472.565919][ T3530]  debugfs_remove+0x5b/0x70
[  472.570420][ T3530]  ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[  472.576730][ T3530]  drv_remove_interface+0x1fa/0x590
[  472.582168][ T3530]  ieee80211_change_mac+0x912/0x12c0
[  472.587431][ T3530]  netif_set_mac_address+0x2fc/0x4c0
[  472.592692][ T3530]  dev_set_mac_address_user+0x137/0x270
[  472.598218][ T3530]  dev_ioctl+0x7b4/0x1150
[  472.602524][ T3530]  sock_do_ioctl+0x22c/0x300
[  472.607089][ T3530]  sock_ioctl+0x576/0x790
[  472.611485][ T3530]  __se_sys_ioctl+0xf9/0x170
[  472.616056][ T3530]  do_syscall_64+0xfa/0x3b0
[  472.620551][ T3530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.626521][ T3530] 
[  472.628835][ T3530] The buggy address belongs to the object at ffff888071d87be8
[  472.628835][ T3530]  which belongs to the cache dentry of size 312
[  472.642543][ T3530] The buggy address is located 208 bytes inside of
[  472.642543][ T3530]  freed 312-byte region [ffff888071d87be8, ffff888071d87d20)
[  472.656440][ T3530] 
[  472.658764][ T3530] The buggy address belongs to the physical page:
[  472.665163][ T3530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71d86
[  472.673912][ T3530] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  472.682494][ T3530] memcg:ffff888031341201
[  472.686847][ T3530] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  472.694831][ T3530] page_type: f5(slab)
[  472.698801][ T3530] raw: 00fff00000000040 ffff88801ba94780 0000000000000000 dead000000000001
[  472.707363][ T3530] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff888031341201
[  472.715941][ T3530] head: 00fff00000000040 ffff88801ba94780 0000000000000000 dead000000000001
[  472.724685][ T3530] head: 0000000000000000 0000000000150015 00000000f5000000 ffff888031341201
[  472.733424][ T3530] head: 00fff00000000001 ffffea0001c76181 00000000ffffffff 00000000ffffffff
[  472.742074][ T3530] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  472.750728][ T3530] page dumped because: kasan: bad access detected
[  472.757147][ T3530] page_owner tracks the page as allocated
[  472.762844][ T3530] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5911, tgid 5911 (syz-executor), ts 83173582011, free_ts 22632765347
[  472.786118][ T3530]  post_alloc_hook+0x240/0x2a0
[  472.791050][ T3530]  get_page_from_freelist+0x21e4/0x22c0
[  472.796918][ T3530]  __alloc_frozen_pages_noprof+0x181/0x370
[  472.802787][ T3530]  alloc_pages_mpol+0x232/0x4a0
[  472.807628][ T3530]  allocate_slab+0x8a/0x3b0
[  472.812110][ T3530]  ___slab_alloc+0xbfc/0x1480
[  472.816764][ T3530]  kmem_cache_alloc_lru_noprof+0x288/0x3d0
[  472.822566][ T3530]  __d_alloc+0x36/0x7a0
[  472.826701][ T3530]  d_alloc_pseudo+0x21/0xc0
[  472.831203][ T3530]  alloc_file_pseudo+0xcc/0x210
[  472.836032][ T3530]  sock_alloc_file+0xb8/0x2e0
[  472.840691][ T3530]  __sys_socket+0x13d/0x1b0
[  472.845173][ T3530]  __x64_sys_socket+0x7a/0x90
[  472.849917][ T3530]  do_syscall_64+0xfa/0x3b0
[  472.854400][ T3530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.860274][ T3530] page last free pid 1 tgid 1 stack trace:
[  472.866050][ T3530]  __free_frozen_pages+0xc71/0xe70
[  472.871139][ T3530]  free_contig_range+0x1bd/0x4a0
[  472.876092][ T3530]  destroy_args+0x64/0x4a0
[  472.880663][ T3530]  debug_vm_pgtable+0x3a7/0x3e0
[  472.885581][ T3530]  do_one_initcall+0x233/0x820
[  472.890350][ T3530]  do_initcall_level+0x104/0x190
[  472.895423][ T3530]  do_initcalls+0x59/0xa0
[  472.899842][ T3530]  kernel_init_freeable+0x334/0x4a0
[  472.905047][ T3530]  kernel_init+0x1d/0x1d0
[  472.909356][ T3530]  ret_from_fork+0x3fc/0x770
[  472.913927][ T3530]  ret_from_fork_asm+0x1a/0x30
[  472.918676][ T3530] 
[  472.920997][ T3530] Memory state around the buggy address:
[  472.926691][ T3530]  ffff888071d87b80: fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb
[  472.934730][ T3530]  ffff888071d87c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  472.942775][ T3530] >ffff888071d87c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  472.950813][ T3530]                                         ^
[  472.956680][ T3530]  ffff888071d87d00: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb
[  472.964736][ T3530]  ffff888071d87d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  472.972859][ T3530] ==================================================================
[  472.981473][ T3530] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  472.988975][ T3530] CPU: 0 UID: 0 PID: 3530 Comm: kworker/u8:9 Not tainted 6.16.0-syzkaller-gd9104cec3e8f #0 PREEMPT(full) 
[  473.000356][ T3530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  473.010489][ T3530] Workqueue: events_unbound cfg80211_wiphy_work
[  473.016737][ T3530] Call Trace:
[  473.020096][ T3530]  <TASK>
[  473.023016][ T3530]  dump_stack_lvl+0x99/0x250
[  473.027604][ T3530]  ? __asan_memcpy+0x40/0x70
[  473.032364][ T3530]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.037576][ T3530]  ? __pfx__printk+0x10/0x10
[  473.042165][ T3530]  panic+0x2db/0x790
[  473.046044][ T3530]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.051231][ T3530]  ? __pfx_panic+0x10/0x10
[  473.055808][ T3530]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  473.061777][ T3530]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  473.067655][ T3530]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  473.073971][ T3530]  ? _raw_spin_lock+0x2e/0x40
[  473.078723][ T3530]  check_panic_on_warn+0x89/0xb0
[  473.083645][ T3530]  ? _raw_spin_lock+0x2e/0x40
[  473.088314][ T3530]  end_report+0x78/0x160
[  473.092552][ T3530]  kasan_report+0x129/0x150
[  473.097045][ T3530]  ? _raw_spin_lock+0x2e/0x40
[  473.101710][ T3530]  ? lockref_get+0x15/0x60
[  473.106122][ T3530]  __kasan_check_byte+0x2a/0x40
[  473.111046][ T3530]  lock_acquire+0x8d/0x360
[  473.115469][ T3530]  ? do_raw_spin_lock+0x121/0x290
[  473.120587][ T3530]  _raw_spin_lock+0x2e/0x40
[  473.125081][ T3530]  ? lockref_get+0x15/0x60
[  473.129488][ T3530]  lockref_get+0x15/0x60
[  473.133807][ T3530]  __simple_recursive_removal+0x33/0x510
[  473.139430][ T3530]  ? mntput+0x65/0xc0
[  473.143499][ T3530]  ? __pfx_remove_one+0x10/0x10
[  473.148337][ T3530]  debugfs_remove+0x5b/0x70
[  473.152830][ T3530]  ieee80211_sta_debugfs_remove+0x40/0x70
[  473.158539][ T3530]  __sta_info_destroy_part2+0x352/0x450
[  473.164076][ T3530]  sta_info_destroy_addr+0xf5/0x140
[  473.169273][ T3530]  ieee80211_destroy_auth_data+0x12d/0x260
[  473.175069][ T3530]  ieee80211_sta_work+0x11cf/0x3600
[  473.180252][ T3530]  ? kasan_save_track+0x3e/0x80
[  473.185089][ T3530]  ? __kasan_slab_free+0x62/0x70
[  473.190014][ T3530]  ? kmem_cache_free+0x18f/0x400
[  473.194942][ T3530]  ? ieee80211_iface_work+0xb30/0x12d0
[  473.200488][ T3530]  ? cfg80211_wiphy_work+0x2df/0x460
[  473.205769][ T3530]  ? process_scheduled_works+0xae1/0x17b0
[  473.211480][ T3530]  ? worker_thread+0x8a0/0xda0
[  473.216233][ T3530]  ? kthread+0x70e/0x8a0
[  473.220465][ T3530]  ? ret_from_fork+0x3fc/0x770
[  473.225216][ T3530]  ? ret_from_fork_asm+0x1a/0x30
[  473.230152][ T3530]  ? __lock_acquire+0xab9/0xd20
[  473.234995][ T3530]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  473.240536][ T3530]  ? do_raw_spin_lock+0x121/0x290
[  473.245550][ T3530]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  473.251430][ T3530]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.256636][ T3530]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  473.262520][ T3530]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  473.268920][ T3530]  ? kcov_remote_stop+0x17e/0x6d0
[  473.273934][ T3530]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.279125][ T3530]  ? skb_dequeue+0x10e/0x150
[  473.283708][ T3530]  ? ieee80211_iface_work+0xfbd/0x12d0
[  473.289159][ T3530]  ? ieee80211_iface_work+0x11d6/0x12d0
[  473.294697][ T3530]  cfg80211_wiphy_work+0x2df/0x460
[  473.299798][ T3530]  ? process_scheduled_works+0x9ef/0x17b0
[  473.305507][ T3530]  process_scheduled_works+0xae1/0x17b0
[  473.311052][ T3530]  ? __pfx_process_scheduled_works+0x10/0x10
[  473.317036][ T3530]  worker_thread+0x8a0/0xda0
[  473.321705][ T3530]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  473.328024][ T3530]  ? __kthread_parkme+0x7b/0x200
[  473.332953][ T3530]  kthread+0x70e/0x8a0
[  473.337015][ T3530]  ? __pfx_worker_thread+0x10/0x10
[  473.342115][ T3530]  ? __pfx_kthread+0x10/0x10
[  473.346703][ T3530]  ? _raw_spin_unlock_irq+0x23/0x50
[  473.351888][ T3530]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.357072][ T3530]  ? __pfx_kthread+0x10/0x10
[  473.361649][ T3530]  ret_from_fork+0x3fc/0x770
[  473.366229][ T3530]  ? __pfx_ret_from_fork+0x10/0x10
[  473.371514][ T3530]  ? __switch_to_asm+0x39/0x70
[  473.376270][ T3530]  ? __switch_to_asm+0x33/0x70
[  473.381022][ T3530]  ? __pfx_kthread+0x10/0x10
[  473.385604][ T3530]  ret_from_fork_asm+0x1a/0x30
[  473.390373][ T3530]  </TASK>
[  473.393644][ T3530] Kernel Offset: disabled
[  473.397968][ T3530] Rebooting in 86400 seconds..