Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts. [ 36.956099][ T95] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.958471][ T95] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.969739][ T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.971870][ T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 37.091911][ T6440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.107215][ T6441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.117961][ T6442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.159321][ T27] wlan1: No basic rates, using min rate instead [ 37.159515][ T6443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 37.161891][ T27] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 37.166067][ T27] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) executing program [ 37.181022][ T6444] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.191970][ T6445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.202763][ T6446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.213922][ T6447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.224386][ T6448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.235199][ T6449] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.257166][ T6450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.267880][ T6451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.278342][ T44] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 37.281015][ T6452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.289673][ T6453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.300863][ T6454] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.311218][ T6455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.322071][ T6456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.332905][ T6457] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.344518][ T6458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.355354][ T6459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.366257][ T6460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.377011][ T6461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.387909][ T6462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 37.394354][ T44] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) executing program [ 37.399361][ T6463] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.411177][ T6464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.420504][ T6465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.431321][ T6466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.442232][ T6467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.453054][ T6468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.463787][ T6469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.475252][ T6470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.485704][ T6471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium executing program [ 37.496290][ T6472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 37.499245][ T44] wlan1: authentication with 08:02:11:00:00:00 timed out [ 37.558421][ T44] ================================================================== [ 37.560495][ T44] BUG: KASAN: slab-use-after-free in __lock_acquire+0x10c/0x7904 [ 37.562563][ T44] Read of size 8 at addr ffff0000db1b1560 by task kworker/u8:3/44 [ 37.564663][ T44] [ 37.565281][ T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u8:3 Not tainted 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 37.565295][ T44] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 37.565303][ T44] Workqueue: events_unbound cfg80211_wiphy_work [ 37.565321][ T44] Call trace: [ 37.565325][ T44] show_stack+0x2c/0x3c (C) [ 37.565356][ T44] dump_stack_lvl+0xe4/0x150 [ 37.565370][ T44] print_report+0x198/0x538 [ 37.565382][ T44] kasan_report+0xd8/0x138 [ 37.565393][ T44] __asan_report_load8_noabort+0x20/0x2c [ 37.565407][ T44] __lock_acquire+0x10c/0x7904 [ 37.565418][ T44] lock_acquire+0x23c/0x724 [ 37.565429][ T44] _raw_spin_lock+0x48/0x60 [ 37.565440][ T44] lockref_get+0x20/0x74 [ 37.565454][ T44] simple_recursive_removal+0x40/0x744 [ 37.565467][ T44] debugfs_remove+0x60/0x88 [ 37.565481][ T44] ieee80211_sta_debugfs_remove+0x44/0x6c [ 37.565495][ T44] __sta_info_destroy_part2+0x31c/0x410 [ 37.565508][ T44] sta_info_destroy_addr+0x11c/0x150 [ 37.565520][ T44] ieee80211_destroy_auth_data+0x120/0x248 [ 37.565531][ T44] ieee80211_sta_work+0xe70/0x2e8c [ 37.565542][ T44] ieee80211_iface_work+0xc38/0xcd4 [ 37.565554][ T44] cfg80211_wiphy_work+0x2cc/0x508 [ 37.565566][ T44] process_one_work+0x810/0x1638 [ 37.565579][ T44] worker_thread+0x97c/0xeec [ 37.565590][ T44] kthread+0x65c/0x7b0 [ 37.565601][ T44] ret_from_fork+0x10/0x20 [ 37.565613][ T44] [ 37.601796][ T44] Allocated by task 27: [ 37.602865][ T44] kasan_save_track+0x40/0x78 [ 37.604093][ T44] kasan_save_alloc_info+0x40/0x50 [ 37.605469][ T44] __kasan_slab_alloc+0x74/0x8c [ 37.606773][ T44] kmem_cache_alloc_lru_noprof+0x258/0x414 [ 37.608326][ T44] __d_alloc+0x44/0x68c [ 37.609383][ T44] d_alloc_parallel+0xc4/0x11bc [ 37.610622][ T44] __lookup_slow+0x108/0x37c [ 37.611883][ T44] lookup_one_len+0x17c/0x2b0 [ 37.613033][ T44] start_creating+0x19c/0x2e0 [ 37.614221][ T44] debugfs_create_dir+0x30/0x3cc [ 37.615484][ T44] ieee80211_sta_debugfs_add+0x118/0x6e4 [ 37.616949][ T44] sta_info_insert_rcu+0xf3c/0x181c [ 37.618270][ T44] sta_info_insert+0x20/0xcc [ 37.619471][ T44] ieee80211_prep_connection+0xd60/0x1110 [ 37.620981][ T44] ieee80211_mgd_auth+0xc74/0x1438 [ 37.622367][ T44] ieee80211_auth+0x28/0x38 [ 37.623509][ T44] cfg80211_mlme_auth+0x4a4/0x8e4 [ 37.624771][ T44] cfg80211_conn_do_work+0x3c8/0xba8 [ 37.626141][ T44] cfg80211_conn_work+0x248/0x44c [ 37.627500][ T44] process_one_work+0x810/0x1638 [ 37.628928][ T44] worker_thread+0x97c/0xeec [ 37.630053][ T44] kthread+0x65c/0x7b0 [ 37.631135][ T44] ret_from_fork+0x10/0x20 [ 37.632306][ T44] [ 37.632903][ T44] Freed by task 24: [ 37.633898][ T44] kasan_save_track+0x40/0x78 [ 37.635094][ T44] kasan_save_free_info+0x54/0x6c [ 37.636454][ T44] __kasan_slab_free+0x64/0x8c [ 37.637670][ T44] kmem_cache_free+0x198/0x554 [ 37.638963][ T44] __d_free+0x28/0x38 [ 37.640001][ T44] rcu_core+0x898/0x1b5c [ 37.641077][ T44] rcu_core_si+0x10/0x1c [ 37.642208][ T44] handle_softirqs+0x320/0xd34 [ 37.643459][ T44] run_ksoftirqd+0x70/0xc0 [ 37.644606][ T44] smpboot_thread_fn+0x4b0/0x90c [ 37.645926][ T44] kthread+0x65c/0x7b0 [ 37.647083][ T44] ret_from_fork+0x10/0x20 [ 37.648200][ T44] [ 37.648795][ T44] Last potentially related work creation: [ 37.650351][ T44] kasan_save_stack+0x40/0x6c [ 37.651626][ T44] kasan_record_aux_stack+0xb4/0xcc [ 37.652995][ T44] call_rcu+0x104/0xb9c [ 37.654030][ T44] dentry_free+0xa8/0x174 [ 37.655181][ T44] __dentry_kill+0x44c/0x5e8 [ 37.656426][ T44] dput+0x1b8/0x290 [ 37.657468][ T44] simple_recursive_removal+0x254/0x744 [ 37.658922][ T44] debugfs_remove+0x60/0x88 [ 37.660131][ T44] ieee80211_debugfs_recreate_netdev+0xbc/0x1360 [ 37.661823][ T44] drv_remove_interface+0x1b0/0x5c0 [ 37.663133][ T44] ieee80211_change_mac+0x90c/0xf74 [ 37.664440][ T44] dev_set_mac_address+0x1f4/0x430 [ 37.665736][ T44] dev_set_mac_address_user+0x44/0x68 [ 37.667184][ T44] dev_ifsioc+0x764/0x9a0 [ 37.668268][ T44] dev_ioctl+0x4d8/0xd34 [ 37.669402][ T44] sock_do_ioctl+0x1d4/0x2d0 [ 37.670612][ T44] sock_ioctl+0x4ec/0x838 [ 37.671731][ T44] __arm64_sys_ioctl+0x14c/0x1cc [ 37.673022][ T44] invoke_syscall+0x98/0x2b8 [ 37.674303][ T44] el0_svc_common+0x130/0x23c [ 37.675502][ T44] do_el0_svc+0x48/0x58 [ 37.676574][ T44] el0_svc+0x54/0x168 [ 37.677589][ T44] el0t_64_sync_handler+0x84/0x108 [ 37.678973][ T44] el0t_64_sync+0x198/0x19c [ 37.680103][ T44] [ 37.680680][ T44] The buggy address belongs to the object at ffff0000db1b1490 [ 37.680680][ T44] which belongs to the cache dentry of size 312 [ 37.684171][ T44] The buggy address is located 208 bytes inside of [ 37.684171][ T44] freed 312-byte region [ffff0000db1b1490, ffff0000db1b15c8) [ 37.687799][ T44] [ 37.688381][ T44] The buggy address belongs to the physical page: [ 37.689949][ T44] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b1b0 [ 37.692230][ T44] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 37.694425][ T44] ksm flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 37.696551][ T44] page_type: f5(slab) [ 37.697531][ T44] raw: 05ffc00000000040 ffff0000c18a8a00 fffffdffc32f6080 dead000000000003 [ 37.699721][ T44] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 37.701922][ T44] head: 05ffc00000000040 ffff0000c18a8a00 fffffdffc32f6080 dead000000000003 [ 37.704109][ T44] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 37.706366][ T44] head: 05ffc00000000001 fffffdffc36c6c01 ffffffffffffffff 0000000000000000 [ 37.708574][ T44] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 37.710858][ T44] page dumped because: kasan: bad access detected [ 37.712529][ T44] [ 37.713148][ T44] Memory state around the buggy address: [ 37.714681][ T44] ffff0000db1b1400: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 37.716894][ T44] ffff0000db1b1480: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.718928][ T44] >ffff0000db1b1500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.721031][ T44] ^ [ 37.722869][ T44] ffff0000db1b1580: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 37.724944][ T44] ffff0000db1b1600: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.726993][ T44] ================================================================== [ 37.729284][ T44] Disabling lock debugging due to kernel taint [ 37.731205][ T44] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d8 [ 37.733681][ T44] Mem abort info: [ 37.734602][ T44] ESR = 0x0000000096000004 [ 37.735787][ T44] EC = 0x25: DABT (current EL), IL = 32 bits [ 37.737405][ T44] SET = 0, FnV = 0 [ 37.738462][ T44] EA = 0, S1PTW = 0 [ 37.739472][ T44] FSC = 0x04: level 0 translation fault [ 37.740920][ T44] Data abort info: [ 37.741780][ T44] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 37.743555][ T44] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 37.745125][ T44] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 37.746728][ T44] user pgtable: 4k pages, 48-bit VAs, pgdp=000000011c14f000 [ 37.748734][ T44] [00000000000000d8] pgd=0000000000000000, p4d=0000000000000000 [ 37.750682][ T44] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 37.752506][ T44] Modules linked in: [ 37.753478][ T44] CPU: 0 UID: 0 PID: 44 Comm: kworker/u8:3 Tainted: G B 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 37.756586][ T44] Tainted: [B]=BAD_PAGE [ 37.757653][ T44] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 37.760311][ T44] Workqueue: events_unbound cfg80211_wiphy_work [ 37.761961][ T44] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.764136][ T44] pc : rwsem_write_trylock+0xc8/0x420 [ 37.765553][ T44] lr : rwsem_write_trylock+0xa8/0x420 [ 37.766913][ T44] sp : ffff8000993b73a0 [ 37.768024][ T44] x29: ffff8000993b7410 x28: dfff800000000000 x27: ffff0000c2f5d720 [ 37.770250][ T44] x26: 1fffe0001b86d02f x25: dfff800000000000 x24: 0000000000000000 [ 37.772262][ T44] x23: 0000000000000000 x22: 1ffff00013276e78 x21: dfff800000000000 [ 37.774339][ T44] x20: ffff8000993b73e0 x19: 00000000000000d8 x18: 1fffe000366f1886 [ 37.776370][ T44] x17: ffff80008fbbd000 x16: ffff8000804634c8 x15: 0000000000000001 [ 37.778619][ T44] x14: 1ffff00013276e7c x13: 0000000000000000 x12: 0000000000000000 [ 37.780743][ T44] x11: ffff700013276e7d x10: 1ffff00013276e7c x9 : dfff800000000000 [ 37.782979][ T44] x8 : 0000000000000001 x7 : 1fffe000366f1887 x6 : ffff800080dafbec [ 37.785098][ T44] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080463570 [ 37.787305][ T44] x2 : 0000000000000001 x1 : 0000000000000008 x0 : 0000000000000001 [ 37.789454][ T44] Call trace: [ 37.790340][ T44] rwsem_write_trylock+0xc8/0x420 (P) [ 37.791741][ T44] down_write+0x60/0xc0 [ 37.792888][ T44] simple_recursive_removal+0x90/0x744 [ 37.794453][ T44] debugfs_remove+0x60/0x88 [ 37.795629][ T44] ieee80211_sta_debugfs_remove+0x44/0x6c [ 37.797176][ T44] __sta_info_destroy_part2+0x31c/0x410 [ 37.798760][ T44] sta_info_destroy_addr+0x11c/0x150 [ 37.800217][ T44] ieee80211_destroy_auth_data+0x120/0x248 [ 37.801894][ T44] ieee80211_sta_work+0xe70/0x2e8c [ 37.803223][ T44] ieee80211_iface_work+0xc38/0xcd4 [ 37.804566][ T44] cfg80211_wiphy_work+0x2cc/0x508 [ 37.805984][ T44] process_one_work+0x810/0x1638 [ 37.807355][ T44] worker_thread+0x97c/0xeec [ 37.808711][ T44] kthread+0x65c/0x7b0 [ 37.809860][ T44] ret_from_fork+0x10/0x20 [ 37.810985][ T44] Code: f94023f7 d503201f aa1703f8 52800028 (c8f87e68) [ 37.812747][ T44] ---[ end trace 0000000000000000 ]--- [ 38.204504][ T44] Kernel panic - not syncing: Oops: Fatal exception [ 38.206616][ T44] SMP: stopping secondary CPUs [ 38.207966][ T44] Kernel Offset: disabled [ 38.209086][ T44] CPU features: 0x200,00002070,00800250,82017203 [ 38.210786][ T44] Memory Limit: none [ 38.560477][ T44] Rebooting in 86400 seconds..