Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts.
2025/08/02 10:19:37 ignoring optional flag "sandboxArg"="0"
2025/08/02 10:19:37 ignoring optional flag "type"="gce"
2025/08/02 10:19:37 parsed 1 programs
[ 130.554120][ T6323] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 132.953271][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.959774][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 134.345122][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 134.355571][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 134.366200][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 134.376719][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 134.384950][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 134.681245][ T969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.690031][ T969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 134.750278][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.758227][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 135.667454][ T6380] chnl_net:caif_netlink_parms(): no params data found
[ 135.749524][ T6380] bridge0: port 1(bridge_slave_0) entered blocking state
[ 135.757226][ T6380] bridge0: port 1(bridge_slave_0) entered disabled state
[ 135.764578][ T6380] bridge_slave_0: entered allmulticast mode
[ 135.772202][ T6380] bridge_slave_0: entered promiscuous mode
[ 135.782804][ T6380] bridge0: port 2(bridge_slave_1) entered blocking state
[ 135.790057][ T6380] bridge0: port 2(bridge_slave_1) entered disabled state
[ 135.797623][ T6380] bridge_slave_1: entered allmulticast mode
[ 135.804876][ T6380] bridge_slave_1: entered promiscuous mode
[ 135.843444][ T6380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 135.856480][ T6380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 135.887810][ T6380] team0: Port device team_slave_0 added
[ 135.896621][ T6380] team0: Port device team_slave_1 added
[ 135.926193][ T6380] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 135.933809][ T6380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 135.960752][ T6380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 135.975239][ T6380] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 135.982698][ T6380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 136.009093][ T6380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 136.054046][ T6380] hsr_slave_0: entered promiscuous mode
[ 136.060613][ T6380] hsr_slave_1: entered promiscuous mode
[ 136.742413][ T6380] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 136.755691][ T6380] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 136.769746][ T6380] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 136.784673][ T6380] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 136.917166][ T6380] 8021q: adding VLAN 0 to HW filter on device bond0
[ 136.952746][ T6380] 8021q: adding VLAN 0 to HW filter on device team0
[ 136.975705][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 136.982949][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 137.004297][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 137.011552][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 137.327843][ T6380] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 137.394730][ T6380] veth0_vlan: entered promiscuous mode
[ 137.409377][ T6380] veth1_vlan: entered promiscuous mode
[ 137.460137][ T6380] veth0_macvtap: entered promiscuous mode
[ 137.474178][ T6380] veth1_macvtap: entered promiscuous mode
[ 137.502648][ T6380] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 137.522162][ T6380] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 137.543780][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.562274][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.582482][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.600080][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.745316][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 137.843528][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 137.954571][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 138.052768][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/02 10:19:50 executed programs: 0
[ 138.957383][ T5161] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 138.967313][ T5161] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 138.977808][ T5161] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 138.990852][ T5161] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 138.999268][ T5161] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 139.289222][ T6471] chnl_net:caif_netlink_parms(): no params data found
[ 139.443177][ T6471] bridge0: port 1(bridge_slave_0) entered blocking state
[ 139.450485][ T6471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 139.459209][ T6471] bridge_slave_0: entered allmulticast mode
[ 139.468723][ T6471] bridge_slave_0: entered promiscuous mode
[ 139.478715][ T6471] bridge0: port 2(bridge_slave_1) entered blocking state
[ 139.487473][ T6471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 139.495088][ T6471] bridge_slave_1: entered allmulticast mode
[ 139.503784][ T6471] bridge_slave_1: entered promiscuous mode
[ 139.565017][ T6471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 139.605593][ T6471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 139.757089][ T6471] team0: Port device team_slave_0 added
[ 139.767300][ T6471] team0: Port device team_slave_1 added
[ 139.774628][ T12] bridge_slave_1: left allmulticast mode
[ 139.780306][ T12] bridge_slave_1: left promiscuous mode
[ 139.786977][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 139.799697][ T12] bridge_slave_0: left allmulticast mode
[ 139.807968][ T12] bridge_slave_0: left promiscuous mode
[ 139.814769][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 140.215877][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 140.229316][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 140.243336][ T12] bond0 (unregistering): Released all slaves
[ 140.352217][ T6471] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 140.359221][ T6471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 140.388907][ T6471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 140.408526][ T12] hsr_slave_0: left promiscuous mode
[ 140.415946][ T12] hsr_slave_1: left promiscuous mode
[ 140.423401][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 140.437530][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 140.446197][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 140.454069][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 140.473600][ T12] veth1_macvtap: left promiscuous mode
[ 140.479326][ T12] veth0_macvtap: left promiscuous mode
[ 140.487847][ T12] veth1_vlan: left promiscuous mode
[ 140.493523][ T12] veth0_vlan: left promiscuous mode
[ 141.031966][ T51] Bluetooth: hci0: command tx timeout
[ 141.057416][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 141.106007][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 141.473264][ T6471] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 141.480245][ T6471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 141.506567][ T6471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 141.632884][ T6471] hsr_slave_0: entered promiscuous mode
[ 141.648850][ T6471] hsr_slave_1: entered promiscuous mode
[ 142.535872][ T6471] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 142.550597][ T6471] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 142.568893][ T6471] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 142.583353][ T6471] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 142.697876][ T6471] 8021q: adding VLAN 0 to HW filter on device bond0
[ 142.725468][ T6471] 8021q: adding VLAN 0 to HW filter on device team0
[ 142.739414][ T969] bridge0: port 1(bridge_slave_0) entered blocking state
[ 142.746712][ T969] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 142.763475][ T969] bridge0: port 2(bridge_slave_1) entered blocking state
[ 142.770635][ T969] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 143.079053][ T6471] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 143.110910][ T51] Bluetooth: hci0: command tx timeout
[ 143.147611][ T6471] veth0_vlan: entered promiscuous mode
[ 143.165069][ T6471] veth1_vlan: entered promiscuous mode
[ 143.224052][ T6471] veth0_macvtap: entered promiscuous mode
[ 143.236746][ T6471] veth1_macvtap: entered promiscuous mode
[ 143.265785][ T6471] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 143.285597][ T6471] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 143.308610][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 143.339612][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 143.367092][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 143.386889][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 143.451718][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 143.459581][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 143.501148][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 143.509034][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 143.585024][ T6581] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 143.624438][ T1226] wlan1: No basic rates, using min rate instead
[ 143.633521][ T1226] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 143.645777][ T1226] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 143.761307][ T36] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 143.881257][ T36] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 143.992899][ T67] wlan1: authentication with 08:02:11:00:00:00 timed out
2025/08/02 10:19:56 executed programs: 3
[ 144.138025][ T6603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 144.173988][ T120] wlan1: No basic rates, using min rate instead
[ 144.183413][ T120] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 144.193542][ T120] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 144.311658][ T969] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 144.420925][ T969] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 144.530796][ T969] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 144.695900][ T6622] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 144.732176][ T1226] wlan1: No basic rates, using min rate instead
[ 144.743106][ T1226] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 144.753290][ T1226] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 144.861970][ T67] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 144.981742][ T67] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 145.091760][ T36] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 145.191397][ T51] Bluetooth: hci0: command tx timeout
[ 145.237206][ T6644] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 145.273445][ T120] wlan1: No basic rates, using min rate instead
[ 145.282044][ T120] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 145.293482][ T120] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 145.411139][ T969] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 145.520794][ T36] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 145.634928][ T36] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 145.790471][ T6664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 145.823065][ T120] wlan1: No basic rates, using min rate instead
[ 145.837900][ T120] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 145.847605][ T120] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 145.961326][ T36] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 146.080924][ T67] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 146.191144][ T67] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 146.335719][ T6687] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 146.371668][ T5885] wlan1: No basic rates, using min rate instead
[ 146.380004][ T5885] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 146.398670][ T5885] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 146.511038][ T67] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 146.620862][ T67] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 146.741055][ T67] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 146.915920][ T6706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 146.955790][ T1211] wlan1: No basic rates, using min rate instead
[ 146.973473][ T1211] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 146.991992][ T1211] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[ 147.102686][ T36] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[ 147.227197][ T67] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[ 147.271128][ T51] Bluetooth: hci0: command tx timeout
[ 147.342005][ T12] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 147.350768][ T12] ==================================================================
[ 147.358876][ T12] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[ 147.366464][ T12] Read of size 1 at addr ffff88805f52e248 by task kworker/u8:0/12
[ 147.374295][ T12]
[ 147.376644][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-syzkaller-gd9104cec3e8f #0 PREEMPT(full)
[ 147.376671][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 147.376684][ T12] Workqueue: events_unbound cfg80211_wiphy_work
[ 147.376716][ T12] Call Trace:
[ 147.376725][ T12]
[ 147.376732][ T12] dump_stack_lvl+0x189/0x250
[ 147.376754][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 147.376777][ T12] ? rcu_is_watching+0x15/0xb0
[ 147.376807][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 147.376825][ T12] ? rcu_is_watching+0x15/0xb0
[ 147.376852][ T12] ? lock_release+0x4b/0x3e0
[ 147.376876][ T12] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 147.376902][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 147.376923][ T12] ? __virt_addr_valid+0x4a5/0x5c0
[ 147.376945][ T12] print_report+0xca/0x240
[ 147.376971][ T12] ? _raw_spin_lock+0x2e/0x40
[ 147.376992][ T12] kasan_report+0x118/0x150
[ 147.377021][ T12] ? _raw_spin_lock+0x2e/0x40
[ 147.377046][ T12] ? lockref_get+0x15/0x60
[ 147.377069][ T12] __kasan_check_byte+0x2a/0x40
[ 147.377095][ T12] lock_acquire+0x8d/0x360
[ 147.377119][ T12] ? do_raw_spin_lock+0x121/0x290
[ 147.377142][ T12] _raw_spin_lock+0x2e/0x40
[ 147.377163][ T12] ? lockref_get+0x15/0x60
[ 147.377184][ T12] lockref_get+0x15/0x60
[ 147.377206][ T12] __simple_recursive_removal+0x33/0x510
[ 147.377233][ T12] ? mntput+0x65/0xc0
[ 147.377255][ T12] ? __pfx_remove_one+0x10/0x10
[ 147.377280][ T12] debugfs_remove+0x5b/0x70
[ 147.377303][ T12] ieee80211_sta_debugfs_remove+0x40/0x70
[ 147.377329][ T12] __sta_info_destroy_part2+0x352/0x450
[ 147.377359][ T12] sta_info_destroy_addr+0xf5/0x140
[ 147.377386][ T12] ieee80211_destroy_auth_data+0x12d/0x260
[ 147.377408][ T12] ieee80211_sta_work+0x11cf/0x3600
[ 147.377432][ T12] ? __lock_acquire+0xab9/0xd20
[ 147.377461][ T12] ? __lock_acquire+0xab9/0xd20
[ 147.377487][ T12] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 147.377507][ T12] ? do_raw_spin_lock+0x121/0x290
[ 147.377531][ T12] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 147.377554][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 147.377589][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 147.377613][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 147.377638][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 147.377662][ T12] ? skb_dequeue+0x10e/0x150
[ 147.377685][ T12] ? ieee80211_iface_work+0xfc4/0x12d0
[ 147.377712][ T12] ? ieee80211_iface_work+0x11d6/0x12d0
[ 147.377737][ T12] ? rcu_is_watching+0x15/0xb0
[ 147.377767][ T12] cfg80211_wiphy_work+0x2df/0x460
[ 147.377794][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 147.377821][ T12] process_scheduled_works+0xae1/0x17b0
[ 147.377868][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 147.377903][ T12] worker_thread+0x8a0/0xda0
[ 147.377943][ T12] kthread+0x70e/0x8a0
[ 147.377965][ T12] ? __pfx_worker_thread+0x10/0x10
[ 147.377992][ T12] ? __pfx_kthread+0x10/0x10
[ 147.378014][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 147.378038][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 147.378062][ T12] ? __pfx_kthread+0x10/0x10
[ 147.378083][ T12] ret_from_fork+0x3fc/0x770
[ 147.378112][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 147.378142][ T12] ? __switch_to_asm+0x39/0x70
[ 147.378162][ T12] ? __switch_to_asm+0x33/0x70
[ 147.378182][ T12] ? __pfx_kthread+0x10/0x10
[ 147.378202][ T12] ret_from_fork_asm+0x1a/0x30
[ 147.378230][ T12]
[ 147.378238][ T12]
[ 147.713354][ T12] Allocated by task 1211:
[ 147.717684][ T12] kasan_save_track+0x3e/0x80
[ 147.722367][ T12] __kasan_slab_alloc+0x6c/0x80
[ 147.727223][ T12] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 147.733036][ T12] __d_alloc+0x36/0x7a0
[ 147.737196][ T12] d_alloc_parallel+0xe5/0x15e0
[ 147.742046][ T12] __lookup_slow+0x116/0x3d0
[ 147.746640][ T12] simple_start_creating+0xfd/0x1e0
[ 147.751837][ T12] start_creating+0x10f/0x180
[ 147.756539][ T12] debugfs_create_dir+0x28/0x420
[ 147.761575][ T12] ieee80211_sta_debugfs_add+0x12c/0x850
[ 147.767219][ T12] sta_info_insert_rcu+0xfac/0x1940
[ 147.772424][ T12] sta_info_insert+0x16/0xc0
[ 147.777020][ T12] ieee80211_prep_connection+0xfce/0x13f0
[ 147.782740][ T12] ieee80211_mgd_auth+0xee3/0x1770
[ 147.787855][ T12] cfg80211_mlme_auth+0x62f/0x9c0
[ 147.792977][ T12] cfg80211_conn_do_work+0x501/0xd10
[ 147.798261][ T12] cfg80211_conn_work+0x2c0/0x440
[ 147.803284][ T12] process_scheduled_works+0xae1/0x17b0
[ 147.808839][ T12] worker_thread+0x8a0/0xda0
[ 147.813438][ T12] kthread+0x70e/0x8a0
[ 147.817508][ T12] ret_from_fork+0x3fc/0x770
[ 147.822106][ T12] ret_from_fork_asm+0x1a/0x30
[ 147.826870][ T12]
[ 147.829191][ T12] Freed by task 23:
[ 147.833003][ T12] kasan_save_track+0x3e/0x80
[ 147.837687][ T12] kasan_save_free_info+0x46/0x50
[ 147.842728][ T12] __kasan_slab_free+0x62/0x70
[ 147.847507][ T12] kmem_cache_free+0x18f/0x400
[ 147.852277][ T12] rcu_core+0xca8/0x1710
[ 147.856524][ T12] handle_softirqs+0x283/0x870
[ 147.861297][ T12] run_ksoftirqd+0x9b/0x100
[ 147.865842][ T12] smpboot_thread_fn+0x53f/0xa60
[ 147.870807][ T12] kthread+0x70e/0x8a0
[ 147.874896][ T12] ret_from_fork+0x3fc/0x770
[ 147.879506][ T12] ret_from_fork_asm+0x1a/0x30
[ 147.884280][ T12]
[ 147.886604][ T12] Last potentially related work creation:
[ 147.892311][ T12] kasan_save_stack+0x3e/0x60
[ 147.896992][ T12] kasan_record_aux_stack+0xbd/0xd0
[ 147.902186][ T12] call_rcu+0x157/0x9c0
[ 147.906342][ T12] __dentry_kill+0x4d2/0x660
[ 147.910930][ T12] dput+0x19f/0x2b0
[ 147.914734][ T12] find_next_child+0x1e5/0x250
[ 147.919511][ T12] __simple_recursive_removal+0x10b/0x510
[ 147.925241][ T12] debugfs_remove+0x5b/0x70
[ 147.929749][ T12] ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[ 147.936111][ T12] drv_remove_interface+0x1fa/0x590
[ 147.941313][ T12] ieee80211_change_mac+0x912/0x12c0
[ 147.946601][ T12] netif_set_mac_address+0x2fc/0x4c0
[ 147.951885][ T12] dev_set_mac_address_user+0x137/0x270
[ 147.957447][ T12] dev_ioctl+0x7b4/0x1150
[ 147.961787][ T12] sock_do_ioctl+0x22c/0x300
[ 147.966379][ T12] sock_ioctl+0x576/0x790
[ 147.970716][ T12] __se_sys_ioctl+0xf9/0x170
[ 147.975321][ T12] do_syscall_64+0xfa/0x3b0
[ 147.979844][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 147.985785][ T12]
[ 147.988123][ T12] The buggy address belongs to the object at ffff88805f52e178
[ 147.988123][ T12] which belongs to the cache dentry of size 312
[ 148.001745][ T12] The buggy address is located 208 bytes inside of
[ 148.001745][ T12] freed 312-byte region [ffff88805f52e178, ffff88805f52e2b0)
[ 148.015560][ T12]
[ 148.017892][ T12] The buggy address belongs to the physical page:
[ 148.024297][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f52e
[ 148.033057][ T12] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 148.041649][ T12] memcg:ffff888076281f01
[ 148.045882][ T12] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 148.053855][ T12] page_type: f5(slab)
[ 148.057840][ T12] raw: 00fff00000000040 ffff88801ba94780 0000000000000000 0000000000000001
[ 148.066428][ T12] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff888076281f01
[ 148.075098][ T12] head: 00fff00000000040 ffff88801ba94780 0000000000000000 0000000000000001
[ 148.083865][ T12] head: 0000000000000000 0000000000150015 00000000f5000000 ffff888076281f01
[ 148.092623][ T12] head: 00fff00000000001 ffffea00017d4b81 00000000ffffffff 00000000ffffffff
[ 148.101395][ T12] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 148.110335][ T12] page dumped because: kasan: bad access detected
[ 148.116753][ T12] page_owner tracks the page as allocated
[ 148.122476][ T12] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5944, tgid 5944 (syz-executor), ts 100408198086, free_ts 27978046735
[ 148.145750][ T12] post_alloc_hook+0x240/0x2a0
[ 148.150624][ T12] get_page_from_freelist+0x21e4/0x22c0
[ 148.156173][ T12] __alloc_frozen_pages_noprof+0x181/0x370
[ 148.161984][ T12] alloc_pages_mpol+0x232/0x4a0
[ 148.166854][ T12] allocate_slab+0x8a/0x3b0
[ 148.171365][ T12] ___slab_alloc+0xbfc/0x1480
[ 148.176046][ T12] kmem_cache_alloc_lru_noprof+0x288/0x3d0
[ 148.181859][ T12] __d_alloc+0x36/0x7a0
[ 148.186017][ T12] d_alloc_parallel+0xe5/0x15e0
[ 148.190869][ T12] __lookup_slow+0x116/0x3d0
[ 148.195466][ T12] simple_start_creating+0xfd/0x1e0
[ 148.200750][ T12] start_creating+0x10f/0x180
[ 148.205446][ T12] debugfs_create_dir+0x28/0x420
[ 148.210385][ T12] debugfs_hw_add+0x76/0x380
[ 148.214978][ T12] ieee80211_register_hw+0x3445/0x4080
[ 148.220437][ T12] mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 148.226183][ T12] page last free pid 1 tgid 1 stack trace:
[ 148.231987][ T12] __free_frozen_pages+0xc71/0xe70
[ 148.237107][ T12] free_contig_range+0x1bd/0x4a0
[ 148.242046][ T12] destroy_args+0x64/0x4a0
[ 148.246561][ T12] debug_vm_pgtable+0x3a7/0x3e0
[ 148.251414][ T12] do_one_initcall+0x233/0x820
[ 148.256177][ T12] do_initcall_level+0x104/0x190
[ 148.261119][ T12] do_initcalls+0x59/0xa0
[ 148.265576][ T12] kernel_init_freeable+0x334/0x4a0
[ 148.270792][ T12] kernel_init+0x1d/0x1d0
[ 148.275130][ T12] ret_from_fork+0x3fc/0x770
[ 148.279724][ T12] ret_from_fork_asm+0x1a/0x30
[ 148.284491][ T12]
[ 148.286816][ T12] Memory state around the buggy address:
[ 148.292644][ T12] ffff88805f52e100: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa
[ 148.300704][ T12] ffff88805f52e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 148.308763][ T12] >ffff88805f52e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 148.316823][ T12] ^
[ 148.323234][ T12] ffff88805f52e280: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb
[ 148.331292][ T12] ffff88805f52e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 148.339346][ T12] ==================================================================
[ 148.349046][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 148.356264][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-syzkaller-gd9104cec3e8f #0 PREEMPT(full)
[ 148.367471][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 148.377547][ T12] Workqueue: events_unbound cfg80211_wiphy_work
[ 148.383901][ T12] Call Trace:
[ 148.387183][ T12]
[ 148.390117][ T12] dump_stack_lvl+0x99/0x250
[ 148.394764][ T12] ? __asan_memcpy+0x40/0x70
[ 148.399394][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 148.404702][ T12] ? __pfx__printk+0x10/0x10
[ 148.409313][ T12] panic+0x2db/0x790
[ 148.413316][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 148.418526][ T12] ? __pfx_panic+0x10/0x10
[ 148.423208][ T12] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 148.429114][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 148.435035][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 148.441458][ T12] ? _raw_spin_lock+0x2e/0x40
[ 148.446157][ T12] check_panic_on_warn+0x89/0xb0
[ 148.451122][ T12] ? _raw_spin_lock+0x2e/0x40
[ 148.455809][ T12] end_report+0x78/0x160
[ 148.460060][ T12] kasan_report+0x129/0x150
[ 148.464573][ T12] ? _raw_spin_lock+0x2e/0x40
[ 148.469259][ T12] ? lockref_get+0x15/0x60
[ 148.473678][ T12] __kasan_check_byte+0x2a/0x40
[ 148.478626][ T12] lock_acquire+0x8d/0x360
[ 148.483145][ T12] ? do_raw_spin_lock+0x121/0x290
[ 148.488196][ T12] _raw_spin_lock+0x2e/0x40
[ 148.492718][ T12] ? lockref_get+0x15/0x60
[ 148.497144][ T12] lockref_get+0x15/0x60
[ 148.501486][ T12] __simple_recursive_removal+0x33/0x510
[ 148.507188][ T12] ? mntput+0x65/0xc0
[ 148.511183][ T12] ? __pfx_remove_one+0x10/0x10
[ 148.516066][ T12] debugfs_remove+0x5b/0x70
[ 148.520575][ T12] ieee80211_sta_debugfs_remove+0x40/0x70
[ 148.526404][ T12] __sta_info_destroy_part2+0x352/0x450
[ 148.531962][ T12] sta_info_destroy_addr+0xf5/0x140
[ 148.537180][ T12] ieee80211_destroy_auth_data+0x12d/0x260
[ 148.542991][ T12] ieee80211_sta_work+0x11cf/0x3600
[ 148.548202][ T12] ? __lock_acquire+0xab9/0xd20
[ 148.553162][ T12] ? __lock_acquire+0xab9/0xd20
[ 148.558111][ T12] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 148.563836][ T12] ? do_raw_spin_lock+0x121/0x290
[ 148.568869][ T12] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 148.574772][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 148.579983][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 148.585881][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 148.592217][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 148.597597][ T12] ? skb_dequeue+0x10e/0x150
[ 148.602191][ T12] ? ieee80211_iface_work+0xfc4/0x12d0
[ 148.607656][ T12] ? ieee80211_iface_work+0x11d6/0x12d0
[ 148.613210][ T12] ? rcu_is_watching+0x15/0xb0
[ 148.618071][ T12] cfg80211_wiphy_work+0x2df/0x460
[ 148.623190][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 148.628916][ T12] process_scheduled_works+0xae1/0x17b0
[ 148.634482][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 148.640480][ T12] worker_thread+0x8a0/0xda0
[ 148.645175][ T12] kthread+0x70e/0x8a0
[ 148.649251][ T12] ? __pfx_worker_thread+0x10/0x10
[ 148.654372][ T12] ? __pfx_kthread+0x10/0x10
[ 148.658977][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 148.664184][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 148.669392][ T12] ? __pfx_kthread+0x10/0x10
[ 148.673982][ T12] ret_from_fork+0x3fc/0x770
[ 148.678584][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 148.683706][ T12] ? __switch_to_asm+0x39/0x70
[ 148.688472][ T12] ? __switch_to_asm+0x33/0x70
[ 148.693246][ T12] ? __pfx_kthread+0x10/0x10
[ 148.697872][ T12] ret_from_fork_asm+0x1a/0x30
[ 148.702781][ T12]
[ 148.706101][ T12] Kernel Offset: disabled
[ 148.710422][ T12] Rebooting in 86400 seconds..