Warning: Permanently added '[localhost]:6644' (ED25519) to the list of known hosts.
2025/07/24 02:38:29 ignoring optional flag "sandboxArg"="0"
2025/07/24 02:38:30 parsed 1 programs
[  137.345618][ T5648] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  138.000810][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  138.003893][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  144.423996][ T5372] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  144.429185][ T5372] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  144.434559][ T5372] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  144.458622][ T5372] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  144.462950][ T5372] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  144.889473][ T3039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.893163][ T3039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.927877][ T3039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.931543][ T3039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.607006][ T5720] chnl_net:caif_netlink_parms(): no params data found
[  145.690191][ T5720] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.693338][ T5720] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.697963][ T5720] bridge_slave_0: entered allmulticast mode
[  145.702255][ T5720] bridge_slave_0: entered promiscuous mode
[  145.708096][ T5720] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.711369][ T5720] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.714421][ T5720] bridge_slave_1: entered allmulticast mode
[  145.719508][ T5720] bridge_slave_1: entered promiscuous mode
[  145.744042][ T5720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.750954][ T5720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.773700][ T5720] team0: Port device team_slave_0 added
[  145.780395][ T5720] team0: Port device team_slave_1 added
[  145.801685][ T5720] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.804795][ T5720] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.819989][ T5720] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.826052][ T5720] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.829618][ T5720] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.842097][ T5720] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.876260][ T5720] hsr_slave_0: entered promiscuous mode
[  145.880250][ T5720] hsr_slave_1: entered promiscuous mode
[  146.520536][ T5720] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  146.539277][ T5720] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  146.561014][ T5720] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  146.568577][ T5720] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  146.726338][ T5720] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.768588][ T5720] 8021q: adding VLAN 0 to HW filter on device team0
[  146.799987][ T3039] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.803470][ T3039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.815295][ T3039] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.819023][ T3039] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.203266][ T5720] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.279882][ T5720] veth0_vlan: entered promiscuous mode
[  147.291958][ T5720] veth1_vlan: entered promiscuous mode
[  147.349489][ T5720] veth0_macvtap: entered promiscuous mode
[  147.355536][ T5720] veth1_macvtap: entered promiscuous mode
[  147.390071][ T5720] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.409000][ T5720] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.429794][ T5720] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.433796][ T5720] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.448442][ T5720] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.452769][ T5720] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.720796][ T3013] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.805002][ T3013] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.890520][ T3013] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.041159][ T3013] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/24 02:38:46 executed programs: 0
[  148.668120][ T4685] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  148.673019][ T4685] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  148.678842][ T4685] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  148.683825][ T4685] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  148.690033][ T4685] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  149.036341][ T5779] chnl_net:caif_netlink_parms(): no params data found
[  149.189678][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.193711][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.208851][ T5779] bridge_slave_0: entered allmulticast mode
[  149.219398][ T5779] bridge_slave_0: entered promiscuous mode
[  149.229952][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.233197][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.236438][ T5779] bridge_slave_1: entered allmulticast mode
[  149.259576][ T5779] bridge_slave_1: entered promiscuous mode
[  149.310754][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.328244][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.426724][ T5779] team0: Port device team_slave_0 added
[  149.466520][ T5779] team0: Port device team_slave_1 added
[  149.540898][ T3013] bridge_slave_1: left allmulticast mode
[  149.544272][ T3013] bridge_slave_1: left promiscuous mode
[  149.564267][ T3013] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.575520][ T3013] bridge_slave_0: left allmulticast mode
[  149.590092][ T3013] bridge_slave_0: left promiscuous mode
[  149.593537][ T3013] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.140210][ T3013] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  150.149401][ T3013] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  150.164944][ T3013] bond0 (unregistering): Released all slaves
[  150.209091][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  150.212329][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.244801][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  150.255078][ T3013] hsr_slave_0: left promiscuous mode
[  150.261470][ T3013] hsr_slave_1: left promiscuous mode
[  150.278813][ T3013] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.281985][ T3013] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.285897][ T3013] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.298449][ T3013] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.310635][ T3013] veth1_macvtap: left promiscuous mode
[  150.313340][ T3013] veth0_macvtap: left promiscuous mode
[  150.316103][ T3013] veth1_vlan: left promiscuous mode
[  150.332254][ T3013] veth0_vlan: left promiscuous mode
[  150.720696][ T4685] Bluetooth: hci0: command tx timeout
[  150.975196][ T3013] team0 (unregistering): Port device team_slave_1 removed
[  151.033618][ T3013] team0 (unregistering): Port device team_slave_0 removed
[  151.456279][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.460935][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.490470][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  151.606998][ T5779] hsr_slave_0: entered promiscuous mode
[  151.615975][ T5779] hsr_slave_1: entered promiscuous mode
[  152.211594][ T5779] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  152.230862][ T5779] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  152.240195][ T5779] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  152.259795][ T5779] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  152.413484][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.459611][ T5779] 8021q: adding VLAN 0 to HW filter on device team0
[  152.472141][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.475373][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.510460][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.513654][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.572210][ T5779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  152.798402][ T4685] Bluetooth: hci0: command tx timeout
[  152.902048][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.982198][ T5779] veth0_vlan: entered promiscuous mode
[  153.013277][ T5779] veth1_vlan: entered promiscuous mode
[  153.061832][ T5779] veth0_macvtap: entered promiscuous mode
[  153.076874][ T5779] veth1_macvtap: entered promiscuous mode
[  153.111447][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0
[  153.131995][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1
[  153.151404][ T5779] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  153.155498][ T5779] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  153.165882][ T5779] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  153.177471][ T5779] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  153.296110][ T3039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.318036][ T3039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.382073][ T3039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.385650][ T3039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.508355][ T5860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  153.548244][ T5860] wlan1: No basic rates, using min rate instead
[  153.564602][ T5860] wlan1: authenticate with aa:09:b7:99:c0:d7 (local address=08:02:11:00:00:01)
[  153.572023][ T5860] wlan1: send auth to aa:09:b7:99:c0:d7 (try 1/3)
[  153.582776][  T169] wlan1: send auth to aa:09:b7:99:c0:d7 (try 2/3)
[  153.588237][  T169] wlan1: send auth to aa:09:b7:99:c0:d7 (try 3/3)
[  153.607746][  T169] wlan1: authentication with aa:09:b7:99:c0:d7 timed out
[  153.628082][  T169] ==================================================================
[  153.631666][  T169] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[  153.635046][  T169] Read of size 1 at addr ffff888042a47b40 by task kworker/u4:4/169
[  153.639459][  T169] 
[  153.640631][  T169] CPU: 0 UID: 0 PID: 169 Comm: kworker/u4:4 Not tainted 6.16.0-rc7-syzkaller-gf9af7b5d9349-dirty #0 PREEMPT(full) 
[  153.640648][  T169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  153.640656][  T169] Workqueue: events_unbound cfg80211_wiphy_work
[  153.640732][  T169] Call Trace:
[  153.640741][  T169]  <TASK>
[  153.640747][  T169]  dump_stack_lvl+0x189/0x250
[  153.640762][  T169]  ? __virt_addr_valid+0x1c8/0x5c0
[  153.640777][  T169]  ? rcu_is_watching+0x15/0xb0
[  153.640819][  T169]  ? __kasan_check_byte+0x12/0x40
[  153.640833][  T169]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.640845][  T169]  ? rcu_is_watching+0x15/0xb0
[  153.640857][  T169]  ? lock_release+0x4b/0x3e0
[  153.640870][  T169]  ? __virt_addr_valid+0x1c8/0x5c0
[  153.640883][  T169]  ? __virt_addr_valid+0x4a5/0x5c0
[  153.640896][  T169]  print_report+0xca/0x230
[  153.640907][  T169]  ? _raw_spin_lock+0x2e/0x40
[  153.640922][  T169]  kasan_report+0x118/0x150
[  153.640935][  T169]  ? _raw_spin_lock+0x2e/0x40
[  153.640949][  T169]  ? lockref_get+0x15/0x60
[  153.640962][  T169]  __kasan_check_byte+0x2a/0x40
[  153.640975][  T169]  lock_acquire+0x8d/0x360
[  153.640989][  T169]  _raw_spin_lock+0x2e/0x40
[  153.641004][  T169]  ? lockref_get+0x15/0x60
[  153.641015][  T169]  lockref_get+0x15/0x60
[  153.641027][  T169]  simple_recursive_removal+0x35/0x690
[  153.641041][  T169]  ? mntput+0x65/0xc0
[  153.641053][  T169]  ? __pfx_remove_one+0x10/0x10
[  153.641067][  T169]  debugfs_remove+0x5b/0x70
[  153.641077][  T169]  ieee80211_sta_debugfs_remove+0x4f/0x80
[  153.641093][  T169]  __sta_info_destroy_part2+0x352/0x450
[  153.641108][  T169]  sta_info_destroy_addr+0xf5/0x140
[  153.641121][  T169]  ieee80211_destroy_auth_data+0x12d/0x260
[  153.641139][  T169]  ieee80211_sta_work+0x11cf/0x3600
[  153.641157][  T169]  ? __lock_acquire+0xab9/0xd20
[  153.641170][  T169]  ? __lock_acquire+0xab9/0xd20
[  153.641180][  T169]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  153.641194][  T169]  ? do_raw_spin_lock+0x121/0x290
[  153.641212][  T169]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  153.641228][  T169]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.641239][  T169]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  153.641255][  T169]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  153.641270][  T169]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  153.641287][  T169]  ? skb_dequeue+0x10e/0x150
[  153.641299][  T169]  ? ieee80211_iface_work+0xcdb/0xfe0
[  153.641312][  T169]  ? ieee80211_iface_work+0xeef/0xfe0
[  153.641324][  T169]  ? rcu_is_watching+0x15/0xb0
[  153.641336][  T169]  cfg80211_wiphy_work+0x2dc/0x460
[  153.641349][  T169]  ? process_scheduled_works+0x9ef/0x17b0
[  153.641361][  T169]  process_scheduled_works+0xae1/0x17b0
[  153.641382][  T169]  ? __pfx_process_scheduled_works+0x10/0x10
[  153.641399][  T169]  worker_thread+0x8a0/0xda0
[  153.641413][  T169]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  153.641431][  T169]  ? __kthread_parkme+0x7b/0x200
[  153.641447][  T169]  kthread+0x70e/0x8a0
[  153.641493][  T169]  ? __pfx_worker_thread+0x10/0x10
[  153.641507][  T169]  ? __pfx_kthread+0x10/0x10
[  153.641523][  T169]  ? _raw_spin_unlock_irq+0x23/0x50
[  153.641539][  T169]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.641549][  T169]  ? __pfx_kthread+0x10/0x10
[  153.641564][  T169]  ret_from_fork+0x3fc/0x770
[  153.641578][  T169]  ? __pfx_ret_from_fork+0x10/0x10
[  153.641591][  T169]  ? __pfx_kthread+0x10/0x10
[  153.641607][  T169]  ret_from_fork_asm+0x1a/0x30
[  153.641627][  T169]  </TASK>
[  153.641631][  T169] 
[  153.791204][  T169] Allocated by task 5860:
[  153.793114][  T169]  kasan_save_track+0x3e/0x80
[  153.795158][  T169]  __kasan_slab_alloc+0x6c/0x80
[  153.797328][  T169]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  153.799985][  T169]  __d_alloc+0x31/0x6f0
[  153.802119][  T169]  d_alloc_parallel+0xe0/0x14e0
[  153.804542][  T169]  __lookup_slow+0x116/0x3d0
[  153.806669][  T169]  start_creating+0x22e/0x3c0
[  153.808762][  T169]  debugfs_create_dir+0x28/0x420
[  153.810987][  T169]  ieee80211_sta_debugfs_add+0x12c/0x850
[  153.813620][  T169]  sta_info_insert_rcu+0xfac/0x1940
[  153.816102][  T169]  sta_info_insert+0x16/0xc0
[  153.818353][  T169]  ieee80211_prep_connection+0x10cd/0x1600
[  153.821055][  T169]  ieee80211_mgd_auth+0xee3/0x1770
[  153.823514][  T169]  cfg80211_mlme_auth+0x62f/0x9c0
[  153.826230][  T169]  cfg80211_conn_do_work+0x501/0xd10
[  153.828971][  T169]  cfg80211_connect+0x1862/0x21a0
[  153.831228][  T169]  nl80211_connect+0x17bc/0x1cd0
[  153.833403][  T169]  genl_family_rcv_msg_doit+0x215/0x300
[  153.835819][  T169]  genl_rcv_msg+0x60e/0x790
[  153.837924][  T169]  netlink_rcv_skb+0x205/0x470
[  153.839972][  T169]  genl_rcv+0x28/0x40
[  153.841887][  T169]  netlink_unicast+0x75c/0x8e0
[  153.843898][  T169]  netlink_sendmsg+0x805/0xb30
[  153.846332][  T169]  __sock_sendmsg+0x219/0x270
[  153.848700][  T169]  ____sys_sendmsg+0x505/0x830
[  153.850869][  T169]  ___sys_sendmsg+0x21f/0x2a0
[  153.853008][  T169]  __x64_sys_sendmsg+0x19b/0x260
[  153.855477][  T169]  do_syscall_64+0xfa/0x3b0
[  153.857539][  T169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.860136][  T169] 
[  153.861321][  T169] Freed by task 15:
[  153.863275][  T169]  kasan_save_track+0x3e/0x80
[  153.865450][  T169]  kasan_save_free_info+0x46/0x50
[  153.867733][  T169]  __kasan_slab_free+0x62/0x70
[  153.869922][  T169]  kmem_cache_free+0x18f/0x400
[  153.872183][  T169]  rcu_core+0xca5/0x1710
[  153.874158][  T169]  handle_softirqs+0x286/0x870
[  153.876358][  T169]  run_ksoftirqd+0x9b/0x100
[  153.878349][  T169]  smpboot_thread_fn+0x53f/0xa60
[  153.880569][  T169]  kthread+0x70e/0x8a0
[  153.882366][  T169]  ret_from_fork+0x3fc/0x770
[  153.884450][  T169]  ret_from_fork_asm+0x1a/0x30
[  153.886779][  T169] 
[  153.887916][  T169] Last potentially related work creation:
[  153.890413][  T169]  kasan_save_stack+0x3e/0x60
[  153.892499][  T169]  kasan_record_aux_stack+0xbd/0xd0
[  153.894848][  T169]  call_rcu+0x157/0x9c0
[  153.896962][  T169]  __dentry_kill+0x4d2/0x660
[  153.899252][  T169]  dput+0x19f/0x2b0
[  153.901093][  T169]  find_next_child+0x1e5/0x250
[  153.903245][  T169]  simple_recursive_removal+0xf4/0x690
[  153.905749][  T169]  debugfs_remove+0x5b/0x70
[  153.907822][  T169]  ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[  153.910582][  T169]  drv_remove_interface+0x1fa/0x590
[  153.912930][  T169]  ieee80211_change_mac+0x912/0x12c0
[  153.915458][  T169]  netif_set_mac_address+0x2fc/0x4c0
[  153.917883][  T169]  do_setlink+0x88c/0x41c0
[  153.920044][  T169]  rtnl_newlink+0x160b/0x1c70
[  153.922383][  T169]  rtnetlink_rcv_msg+0x7cc/0xb70
[  153.924710][  T169]  netlink_rcv_skb+0x205/0x470
[  153.927061][  T169]  netlink_unicast+0x75c/0x8e0
[  153.929256][  T169]  netlink_sendmsg+0x805/0xb30
[  153.931359][  T169]  __sock_sendmsg+0x219/0x270
[  153.933515][  T169]  ____sys_sendmsg+0x505/0x830
[  153.936202][  T169]  ___sys_sendmsg+0x21f/0x2a0
[  153.938903][  T169]  __x64_sys_sendmsg+0x19b/0x260
[  153.941722][  T169]  do_syscall_64+0xfa/0x3b0
[  153.943885][  T169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.946667][  T169] 
[  153.947834][  T169] The buggy address belongs to the object at ffff888042a47a70
[  153.947834][  T169]  which belongs to the cache dentry of size 312
[  153.953994][  T169] The buggy address is located 208 bytes inside of
[  153.953994][  T169]  freed 312-byte region [ffff888042a47a70, ffff888042a47ba8)
[  153.960003][  T169] 
[  153.961098][  T169] The buggy address belongs to the physical page:
[  153.964050][  T169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42a46
[  153.968250][  T169] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  153.972095][  T169] memcg:ffff88803ff67101
[  153.974001][  T169] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  153.977391][  T169] page_type: f5(slab)
[  153.979176][  T169] raw: 04fff00000000040 ffff88801b6db780 dead000000000100 dead000000000122
[  153.982981][  T169] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff88803ff67101
[  153.986764][  T169] head: 04fff00000000040 ffff88801b6db780 dead000000000100 dead000000000122
[  153.990785][  T169] head: 0000000000000000 0000000000150015 00000000f5000000 ffff88803ff67101
[  153.994689][  T169] head: 04fff00000000001 ffffea00010a9181 00000000ffffffff 00000000ffffffff
[  153.998611][  T169] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  154.002447][  T169] page dumped because: kasan: bad access detected
[  154.005343][  T169] page_owner tracks the page as allocated
[  154.007963][  T169] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4739, tgid 4739 (udevd), ts 37957937697, free_ts 0
[  154.017553][  T169]  post_alloc_hook+0x240/0x2a0
[  154.019821][  T169]  get_page_from_freelist+0x21e4/0x22c0
[  154.022498][  T169]  __alloc_frozen_pages_noprof+0x181/0x370
[  154.025171][  T169]  alloc_pages_mpol+0x232/0x4a0
[  154.027368][  T169]  allocate_slab+0x8a/0x3b0
[  154.029409][  T169]  ___slab_alloc+0xbfc/0x1480
[  154.031542][  T169]  kmem_cache_alloc_lru_noprof+0x288/0x3d0
[  154.034353][  T169]  __d_alloc+0x31/0x6f0
[  154.036431][  T169]  d_alloc_parallel+0xe0/0x14e0
[  154.039124][  T169]  path_openat+0xa3b/0x3830
[  154.041241][  T169]  do_filp_open+0x1fa/0x410
[  154.043346][  T169]  do_sys_openat2+0x121/0x1c0
[  154.045470][  T169]  __x64_sys_openat+0x138/0x170
[  154.047789][  T169]  do_syscall_64+0xfa/0x3b0
[  154.049986][  T169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.052867][  T169] page_owner free stack trace missing
[  154.055521][  T169] 
[  154.056690][  T169] Memory state around the buggy address:
[  154.059250][  T169]  ffff888042a47a00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fa fb
[  154.063003][  T169]  ffff888042a47a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  154.066607][  T169] >ffff888042a47b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  154.070345][  T169]                                            ^
[  154.073124][  T169]  ffff888042a47b80: fb fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00
[  154.076653][  T169]  ffff888042a47c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  154.080092][  T169] ==================================================================
[  154.085870][  T169] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  154.089149][  T169] CPU: 0 UID: 0 PID: 169 Comm: kworker/u4:4 Not tainted 6.16.0-rc7-syzkaller-gf9af7b5d9349-dirty #0 PREEMPT(full) 
[  154.094983][  T169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  154.099923][  T169] Workqueue: events_unbound cfg80211_wiphy_work
[  154.102878][  T169] Call Trace:
[  154.104391][  T169]  <TASK>
[  154.105780][  T169]  dump_stack_lvl+0x99/0x250
[  154.107864][  T169]  ? __asan_memcpy+0x40/0x70
[  154.110244][  T169]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.112890][  T169]  ? __pfx__printk+0x10/0x10
[  154.114932][  T169]  panic+0x2db/0x790
[  154.116858][  T169]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.119081][  T169]  ? __pfx_panic+0x10/0x10
[  154.121084][  T169]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  154.123885][  T169]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  154.126753][  T169]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  154.129736][  T169]  ? _raw_spin_lock+0x2e/0x40
[  154.131813][  T169]  check_panic_on_warn+0x89/0xb0
[  154.134022][  T169]  ? _raw_spin_lock+0x2e/0x40
[  154.136380][  T169]  end_report+0x78/0x160
[  154.138328][  T169]  kasan_report+0x129/0x150
[  154.140492][  T169]  ? _raw_spin_lock+0x2e/0x40
[  154.142860][  T169]  ? lockref_get+0x15/0x60
[  154.145248][  T169]  __kasan_check_byte+0x2a/0x40
[  154.147575][  T169]  lock_acquire+0x8d/0x360
[  154.149568][  T169]  _raw_spin_lock+0x2e/0x40
[  154.151633][  T169]  ? lockref_get+0x15/0x60
[  154.153674][  T169]  lockref_get+0x15/0x60
[  154.156053][  T169]  simple_recursive_removal+0x35/0x690
[  154.158804][  T169]  ? mntput+0x65/0xc0
[  154.160781][  T169]  ? __pfx_remove_one+0x10/0x10
[  154.163177][  T169]  debugfs_remove+0x5b/0x70
[  154.165325][  T169]  ieee80211_sta_debugfs_remove+0x4f/0x80
[  154.167885][  T169]  __sta_info_destroy_part2+0x352/0x450
[  154.170369][  T169]  sta_info_destroy_addr+0xf5/0x140
[  154.172839][  T169]  ieee80211_destroy_auth_data+0x12d/0x260
[  154.175964][  T169]  ieee80211_sta_work+0x11cf/0x3600
[  154.178398][  T169]  ? __lock_acquire+0xab9/0xd20
[  154.180748][  T169]  ? __lock_acquire+0xab9/0xd20
[  154.183109][  T169]  ? __pfx_ieee80211_sta_work+0x10/0x10
[  154.185589][  T169]  ? do_raw_spin_lock+0x121/0x290
[  154.187787][  T169]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  154.190425][  T169]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.192698][  T169]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  154.195467][  T169]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  154.198531][  T169]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  154.200844][  T169]  ? skb_dequeue+0x10e/0x150
[  154.203009][  T169]  ? ieee80211_iface_work+0xcdb/0xfe0
[  154.205366][  T169]  ? ieee80211_iface_work+0xeef/0xfe0
[  154.207685][  T169]  ? rcu_is_watching+0x15/0xb0
[  154.209871][  T169]  cfg80211_wiphy_work+0x2dc/0x460
[  154.212453][  T169]  ? process_scheduled_works+0x9ef/0x17b0
[  154.215382][  T169]  process_scheduled_works+0xae1/0x17b0
[  154.217835][  T169]  ? __pfx_process_scheduled_works+0x10/0x10
[  154.220481][  T169]  worker_thread+0x8a0/0xda0
[  154.222621][  T169]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  154.225449][  T169]  ? __kthread_parkme+0x7b/0x200
[  154.227506][  T169]  kthread+0x70e/0x8a0
[  154.229440][  T169]  ? __pfx_worker_thread+0x10/0x10
[  154.231885][  T169]  ? __pfx_kthread+0x10/0x10
[  154.234136][  T169]  ? _raw_spin_unlock_irq+0x23/0x50
[  154.236425][  T169]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.238873][  T169]  ? __pfx_kthread+0x10/0x10
[  154.241001][  T169]  ret_from_fork+0x3fc/0x770
[  154.243140][  T169]  ? __pfx_ret_from_fork+0x10/0x10
[  154.245469][  T169]  ? __pfx_kthread+0x10/0x10
[  154.247627][  T169]  ret_from_fork_asm+0x1a/0x30
[  154.249911][  T169]  </TASK>
[  154.251590][  T169] Kernel Offset: disabled
[  154.253557][  T169] Rebooting in 86400 seconds..