Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts.
2025/08/08 20:53:35 ignoring optional flag "sandboxArg"="0"
2025/08/08 20:53:37 parsed 1 programs
[ 146.580962][ T5898] cgroup: Unknown subsys name 'net'
[ 146.691713][ T5898] cgroup: Unknown subsys name 'cpuset'
[ 146.701454][ T5898] cgroup: Unknown subsys name 'rlimit'
[ 148.478896][ T5898] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 151.349843][ T5907] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 151.359108][ T5907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 151.366996][ T5907] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 151.376025][ T5907] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 151.384872][ T5907] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 151.522662][ T5905] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 152.972149][ T5935] chnl_net:caif_netlink_parms(): no params data found
[ 153.089897][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state
[ 153.097277][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state
[ 153.104527][ T5935] bridge_slave_0: entered allmulticast mode
[ 153.113982][ T5935] bridge_slave_0: entered promiscuous mode
[ 153.123565][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state
[ 153.131370][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state
[ 153.138631][ T5935] bridge_slave_1: entered allmulticast mode
[ 153.145876][ T5935] bridge_slave_1: entered promiscuous mode
[ 153.182166][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 153.195438][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 153.230827][ T5935] team0: Port device team_slave_0 added
[ 153.239046][ T5935] team0: Port device team_slave_1 added
[ 153.272098][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 153.279662][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 153.306514][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 153.321345][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 153.328354][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 153.354552][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 153.404335][ T5935] hsr_slave_0: entered promiscuous mode
[ 153.411450][ T5935] hsr_slave_1: entered promiscuous mode
[ 153.576941][ T5935] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 153.590763][ T5935] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 153.601203][ T5935] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 153.612431][ T5935] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 153.648802][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state
[ 153.656316][ T5935] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 153.664388][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state
[ 153.671647][ T5935] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 153.733604][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0
[ 153.755396][ T1171] bridge0: port 1(bridge_slave_0) entered disabled state
[ 153.764367][ T1171] bridge0: port 2(bridge_slave_1) entered disabled state
[ 153.783395][ T5935] 8021q: adding VLAN 0 to HW filter on device team0
[ 153.802123][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 153.809377][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 153.826239][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state
[ 153.833448][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 154.135840][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 154.206372][ T5935] veth0_vlan: entered promiscuous mode
[ 154.219958][ T5935] veth1_vlan: entered promiscuous mode
[ 154.251105][ T5935] veth0_macvtap: entered promiscuous mode
[ 154.260777][ T5935] veth1_macvtap: entered promiscuous mode
[ 154.280929][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 154.298685][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 154.316367][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.326455][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.338502][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.349692][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.485803][ T1105] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 154.565854][ T1105] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 154.663017][ T1105] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 154.765329][ T1105] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 156.667321][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 156.675408][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 156.740899][ T3570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 156.749355][ T3570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 157.088035][ T1105] bridge_slave_1: left allmulticast mode
[ 157.093947][ T1105] bridge_slave_1: left promiscuous mode
[ 157.100894][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[ 157.119231][ T1105] bridge_slave_0: left allmulticast mode
[ 157.125018][ T1105] bridge_slave_0: left promiscuous mode
[ 157.132818][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
2025/08/08 20:53:51 executed programs: 0
[ 157.513158][ T5907] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 157.529234][ T5907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 157.540125][ T5907] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 157.555913][ T5907] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 157.564614][ T5907] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 157.585951][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 157.599471][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 157.609809][ T1105] bond0 (unregistering): Released all slaves
[ 157.761332][ T1105] hsr_slave_0: left promiscuous mode
[ 157.768181][ T1105] hsr_slave_1: left promiscuous mode
[ 157.774891][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 157.784900][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 157.793983][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 157.801645][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 157.824303][ T1105] veth1_macvtap: left promiscuous mode
[ 157.831889][ T1105] veth0_macvtap: left promiscuous mode
[ 157.838152][ T1105] veth1_vlan: left promiscuous mode
[ 157.843838][ T1105] veth0_vlan: left promiscuous mode
[ 158.330611][ T1105] team0 (unregistering): Port device team_slave_1 removed
[ 158.364725][ T1105] team0 (unregistering): Port device team_slave_0 removed
[ 158.846237][ T6001] chnl_net:caif_netlink_parms(): no params data found
[ 159.080747][ T6001] bridge0: port 1(bridge_slave_0) entered blocking state
[ 159.088968][ T6001] bridge0: port 1(bridge_slave_0) entered disabled state
[ 159.103621][ T6001] bridge_slave_0: entered allmulticast mode
[ 159.115334][ T6001] bridge_slave_0: entered promiscuous mode
[ 159.125410][ T6001] bridge0: port 2(bridge_slave_1) entered blocking state
[ 159.133080][ T6001] bridge0: port 2(bridge_slave_1) entered disabled state
[ 159.141730][ T6001] bridge_slave_1: entered allmulticast mode
[ 159.150174][ T6001] bridge_slave_1: entered promiscuous mode
[ 159.209197][ T6001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 159.222275][ T6001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 159.628847][ T5190] Bluetooth: hci0: command tx timeout
[ 159.645604][ T6001] team0: Port device team_slave_0 added
[ 159.664797][ T6001] team0: Port device team_slave_1 added
[ 159.762533][ T6001] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 159.778749][ T6001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 159.805301][ T6001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 159.899199][ T6001] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 159.906214][ T6001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 159.940365][ T6001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 160.132820][ T6001] hsr_slave_0: entered promiscuous mode
[ 160.152111][ T6001] hsr_slave_1: entered promiscuous mode
[ 161.013549][ T6001] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 161.025722][ T6001] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 161.041021][ T6001] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 161.056989][ T6001] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 161.172228][ T6001] 8021q: adding VLAN 0 to HW filter on device bond0
[ 161.200741][ T6001] 8021q: adding VLAN 0 to HW filter on device team0
[ 161.216348][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state
[ 161.223623][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 161.244532][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state
[ 161.251917][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 161.546702][ T6001] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 161.612792][ T6001] veth0_vlan: entered promiscuous mode
[ 161.632017][ T6001] veth1_vlan: entered promiscuous mode
[ 161.678858][ T6001] veth0_macvtap: entered promiscuous mode
[ 161.692631][ T6001] veth1_macvtap: entered promiscuous mode
[ 161.709516][ T5190] Bluetooth: hci0: command tx timeout
[ 161.724096][ T6001] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 161.744747][ T6001] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 161.765453][ T1167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.788647][ T1167] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.809519][ T1167] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.821656][ T1167] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 161.903007][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 161.912511][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 161.963187][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 161.987871][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 162.097874][ T6093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 162.120969][ T6093] netlink: 'syz.0.17': attribute type 10 has an invalid length.
[ 162.161772][ T6093] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 162.215995][ T6093] wlan1: No basic rates, using min rate instead
[ 162.240375][ T6093] wlan1: authenticate with aa:09:b7:99:c0:d7 (local address=aa:aa:aa:aa:aa:17)
[ 162.267113][ T6093] wlan1: send auth to aa:09:b7:99:c0:d7 (try 1/3)
[ 162.287984][ T1105] wlan1: send auth to aa:09:b7:99:c0:d7 (try 2/3)
[ 162.308470][ T1105] wlan1: send auth to aa:09:b7:99:c0:d7 (try 3/3)
[ 162.354890][ T6093] bond0: entered promiscuous mode
[ 162.360508][ T1105] wlan1: authentication with aa:09:b7:99:c0:d7 timed out
[ 162.382148][ T6093] bond_slave_0: entered promiscuous mode
[ 162.388872][ T1105] ==================================================================
[ 162.393682][ T6093] bond_slave_1: entered promiscuous mode
[ 162.396975][ T1105] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[ 162.397021][ T1105] Read of size 1 at addr ffff88805f0d6b18 by task kworker/u8:6/1105
[ 162.397039][ T1105]
[ 162.397060][ T1105] CPU: 1 UID: 0 PID: 1105 Comm: kworker/u8:6 Not tainted 6.16.0-next-20250808-syzkaller #0 PREEMPT(full)
[ 162.397085][ T1105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 162.397100][ T1105] Workqueue: events_unbound cfg80211_wiphy_work
[ 162.397146][ T1105] Call Trace:
[ 162.397155][ T1105]
[ 162.397163][ T1105] dump_stack_lvl+0x189/0x250
[ 162.397204][ T1105] ? __virt_addr_valid+0x1c8/0x5c0
[ 162.397223][ T1105] ? rcu_is_watching+0x15/0xb0
[ 162.397252][ T1105] ? __pfx_dump_stack_lvl+0x10/0x10
[ 162.397283][ T1105] ? rcu_is_watching+0x15/0xb0
[ 162.397309][ T1105] ? lock_release+0x4b/0x3e0
[ 162.397333][ T1105] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 162.397363][ T1105] ? __virt_addr_valid+0x1c8/0x5c0
[ 162.397381][ T1105] ? __virt_addr_valid+0x4a5/0x5c0
[ 162.397402][ T1105] print_report+0xca/0x240
[ 162.397424][ T1105] ? _raw_spin_lock+0x2e/0x40
[ 162.397449][ T1105] kasan_report+0x118/0x150
[ 162.397475][ T1105] ? _raw_spin_lock+0x2e/0x40
[ 162.397505][ T1105] ? lockref_get+0x15/0x60
[ 162.397528][ T1105] __kasan_check_byte+0x2a/0x40
[ 162.397550][ T1105] lock_acquire+0x8d/0x360
[ 162.397574][ T1105] ? do_raw_spin_lock+0x121/0x290
[ 162.397608][ T1105] _raw_spin_lock+0x2e/0x40
[ 162.397639][ T1105] ? lockref_get+0x15/0x60
[ 162.397662][ T1105] lockref_get+0x15/0x60
[ 162.397686][ T1105] __simple_recursive_removal+0x33/0x510
[ 162.397716][ T1105] ? mntput+0x65/0xc0
[ 162.397741][ T1105] ? __pfx_remove_one+0x10/0x10
[ 162.397776][ T1105] debugfs_remove+0x5b/0x70
[ 162.397806][ T1105] ieee80211_sta_debugfs_remove+0x40/0x70
[ 162.397842][ T1105] __sta_info_destroy_part2+0x352/0x450
[ 162.397884][ T1105] sta_info_destroy_addr+0xf5/0x140
[ 162.397920][ T1105] ieee80211_destroy_auth_data+0x12d/0x260
[ 162.397949][ T1105] ieee80211_sta_work+0x11cf/0x3600
[ 162.397988][ T1105] ? __lock_acquire+0xab9/0xd20
[ 162.398014][ T1105] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 162.398041][ T1105] ? do_raw_spin_lock+0x121/0x290
[ 162.398081][ T1105] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 162.398114][ T1105] ? lockdep_hardirqs_on+0x9c/0x150
[ 162.398148][ T1105] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 162.398180][ T1105] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 162.398219][ T1105] ? queue_work_on+0x1d7/0x270
[ 162.398254][ T1105] ? skb_dequeue+0x10e/0x150
[ 162.398288][ T1105] ? ieee80211_iface_work+0xfc4/0x12d0
[ 162.398324][ T1105] ? ieee80211_iface_work+0x11d6/0x12d0
[ 162.398356][ T1105] ? rcu_is_watching+0x15/0xb0
[ 162.398389][ T1105] cfg80211_wiphy_work+0x2b8/0x470
[ 162.398425][ T1105] ? process_scheduled_works+0x9ef/0x17b0
[ 162.398455][ T1105] process_scheduled_works+0xade/0x17b0
[ 162.398502][ T1105] ? __pfx_process_scheduled_works+0x10/0x10
[ 162.398541][ T1105] worker_thread+0x8a0/0xda0
[ 162.398587][ T1105] kthread+0x711/0x8a0
[ 162.398610][ T1105] ? __pfx_worker_thread+0x10/0x10
[ 162.398640][ T1105] ? __pfx_kthread+0x10/0x10
[ 162.398661][ T1105] ? _raw_spin_unlock_irq+0x23/0x50
[ 162.398692][ T1105] ? lockdep_hardirqs_on+0x9c/0x150
[ 162.398724][ T1105] ? __pfx_kthread+0x10/0x10
[ 162.398744][ T1105] ret_from_fork+0x3f9/0x770
[ 162.398778][ T1105] ? __pfx_ret_from_fork+0x10/0x10
[ 162.398810][ T1105] ? __switch_to_asm+0x39/0x70
[ 162.398832][ T1105] ? __switch_to_asm+0x33/0x70
[ 162.398853][ T1105] ? __pfx_kthread+0x10/0x10
[ 162.398873][ T1105] ret_from_fork_asm+0x1a/0x30
[ 162.398906][ T1105]
[ 162.398915][ T1105]
[ 162.406812][ T6093] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[ 162.410694][ T1105] Allocated by task 6093:
[ 162.762296][ T1105] kasan_save_track+0x3e/0x80
[ 162.767013][ T1105] __kasan_slab_alloc+0x6c/0x80
[ 162.771919][ T1105] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[ 162.777783][ T1105] __d_alloc+0x36/0x7a0
[ 162.782019][ T1105] d_alloc_parallel+0xe5/0x15e0
[ 162.786922][ T1105] __lookup_slow+0x116/0x3d0
[ 162.791552][ T1105] simple_start_creating+0xfd/0x1e0
[ 162.796884][ T1105] start_creating+0x10f/0x180
[ 162.801616][ T1105] debugfs_create_dir+0x28/0x420
[ 162.806600][ T1105] ieee80211_sta_debugfs_add+0x12c/0x850
[ 162.812275][ T1105] sta_info_insert_rcu+0xfac/0x1940
[ 162.817596][ T1105] sta_info_insert+0x16/0xc0
[ 162.822223][ T1105] ieee80211_prep_connection+0xfce/0x13f0
[ 162.827971][ T1105] ieee80211_mgd_auth+0xee3/0x1770
[ 162.833116][ T1105] cfg80211_mlme_auth+0x632/0x9c0
[ 162.838188][ T1105] cfg80211_conn_do_work+0x501/0xd10
[ 162.843514][ T1105] cfg80211_connect+0x1862/0x21a0
[ 162.848592][ T1105] nl80211_connect+0x17bc/0x1cd0
[ 162.853572][ T1105] genl_family_rcv_msg_doit+0x212/0x300
[ 162.859158][ T1105] genl_rcv_msg+0x60e/0x790
[ 162.863712][ T1105] netlink_rcv_skb+0x208/0x470
[ 162.868516][ T1105] genl_rcv+0x28/0x40
[ 162.872544][ T1105] netlink_unicast+0x82f/0x9e0
[ 162.877350][ T1105] netlink_sendmsg+0x805/0xb30
[ 162.882231][ T1105] __sock_sendmsg+0x21c/0x270
[ 162.886944][ T1105] ____sys_sendmsg+0x505/0x830
[ 162.891735][ T1105] ___sys_sendmsg+0x21f/0x2a0
[ 162.896446][ T1105] __x64_sys_sendmsg+0x19b/0x260
[ 162.901416][ T1105] do_syscall_64+0xfa/0x3b0
[ 162.905947][ T1105] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 162.911863][ T1105]
[ 162.914207][ T1105] Freed by task 23:
[ 162.918030][ T1105] kasan_save_track+0x3e/0x80
[ 162.922744][ T1105] kasan_save_free_info+0x46/0x50
[ 162.927802][ T1105] __kasan_slab_free+0x5b/0x80
[ 162.932597][ T1105] kmem_cache_free+0x18f/0x400
[ 162.937399][ T1105] rcu_core+0xcab/0x1770
[ 162.941677][ T1105] handle_softirqs+0x283/0x870
[ 162.946476][ T1105] run_ksoftirqd+0x9b/0x100
[ 162.951018][ T1105] smpboot_thread_fn+0x542/0xa60
[ 162.955976][ T1105] kthread+0x711/0x8a0
[ 162.960050][ T1105] ret_from_fork+0x3f9/0x770
[ 162.964652][ T1105] ret_from_fork_asm+0x1a/0x30
[ 162.969423][ T1105]
[ 162.971757][ T1105] Last potentially related work creation:
[ 162.977470][ T1105] kasan_save_stack+0x3e/0x60
[ 162.982170][ T1105] kasan_record_aux_stack+0xbd/0xd0
[ 162.987378][ T1105] call_rcu+0x157/0x9c0
[ 162.991552][ T1105] __dentry_kill+0x4d2/0x660
[ 162.996161][ T1105] dput+0x19f/0x2b0
[ 162.999983][ T1105] find_next_child+0x1e5/0x250
[ 163.004753][ T1105] __simple_recursive_removal+0x10b/0x510
[ 163.010495][ T1105] debugfs_remove+0x5b/0x70
[ 163.015010][ T1105] ieee80211_debugfs_recreate_netdev+0xbf/0x1460
[ 163.021354][ T1105] drv_remove_interface+0x1fa/0x590
[ 163.026564][ T1105] ieee80211_change_mac+0x912/0x12d0
[ 163.031865][ T1105] netif_set_mac_address+0x2f9/0x4c0
[ 163.037244][ T1105] dev_set_mac_address+0x12b/0x260
[ 163.042479][ T1105] bond_set_mac_address+0x26c/0x7b0
[ 163.047680][ T1105] netif_set_mac_address+0x2f9/0x4c0
[ 163.052982][ T1105] do_setlink+0x88c/0x41c0
[ 163.057401][ T1105] rtnl_newlink+0x160b/0x1c70
[ 163.062096][ T1105] rtnetlink_rcv_msg+0x7cc/0xb70
[ 163.067068][ T1105] netlink_rcv_skb+0x208/0x470
[ 163.071842][ T1105] netlink_unicast+0x82f/0x9e0
[ 163.076621][ T1105] netlink_sendmsg+0x805/0xb30
[ 163.081474][ T1105] __sock_sendmsg+0x21c/0x270
[ 163.086158][ T1105] ____sys_sendmsg+0x505/0x830
[ 163.090933][ T1105] ___sys_sendmsg+0x21f/0x2a0
[ 163.095619][ T1105] __x64_sys_sendmsg+0x19b/0x260
[ 163.100567][ T1105] do_syscall_64+0xfa/0x3b0
[ 163.105072][ T1105] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 163.110974][ T1105]
[ 163.113297][ T1105] The buggy address belongs to the object at ffff88805f0d6a48
[ 163.113297][ T1105] which belongs to the cache dentry of size 312
[ 163.127026][ T1105] The buggy address is located 208 bytes inside of
[ 163.127026][ T1105] freed 312-byte region [ffff88805f0d6a48, ffff88805f0d6b80)
[ 163.140822][ T1105]
[ 163.143162][ T1105] The buggy address belongs to the physical page:
[ 163.149586][ T1105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f0d6
[ 163.158356][ T1105] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 163.166856][ T1105] memcg:ffff8880761e0601
[ 163.171122][ T1105] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 163.178697][ T1105] page_type: f5(slab)
[ 163.182687][ T1105] raw: 00fff00000000040 ffff88801bed6780 dead000000000122 0000000000000000
[ 163.191277][ T1105] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff8880761e0601
[ 163.199954][ T1105] head: 00fff00000000040 ffff88801bed6780 dead000000000122 0000000000000000
[ 163.208632][ T1105] head: 0000000000000000 0000000000150015 00000000f5000000 ffff8880761e0601
[ 163.217305][ T1105] head: 00fff00000000001 ffffea00017c3581 00000000ffffffff 00000000ffffffff
[ 163.225984][ T1105] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 163.234654][ T1105] page dumped because: kasan: bad access detected
[ 163.241078][ T1105] page_owner tracks the page as allocated
[ 163.246801][ T1105] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6093, tgid 6093 (syz.0.17), ts 162213755527, free_ts 31473304525
[ 163.269817][ T1105] post_alloc_hook+0x240/0x2a0
[ 163.274591][ T1105] get_page_from_freelist+0x21e4/0x22c0
[ 163.280158][ T1105] __alloc_frozen_pages_noprof+0x181/0x370
[ 163.285975][ T1105] alloc_pages_mpol+0x232/0x4a0
[ 163.290834][ T1105] allocate_slab+0x8a/0x370
[ 163.295358][ T1105] ___slab_alloc+0xbeb/0x1410
[ 163.300152][ T1105] kmem_cache_alloc_lru_noprof+0x288/0x3d0
[ 163.305981][ T1105] __d_alloc+0x36/0x7a0
[ 163.310149][ T1105] d_alloc_parallel+0xe5/0x15e0
[ 163.315089][ T1105] __lookup_slow+0x116/0x3d0
[ 163.319686][ T1105] simple_start_creating+0xfd/0x1e0
[ 163.324981][ T1105] start_creating+0x10f/0x180
[ 163.329762][ T1105] __debugfs_create_file+0x79/0x4f0
[ 163.334997][ T1105] debugfs_create_file_short+0x3f/0x60
[ 163.340482][ T1105] ieee80211_debugfs_recreate_netdev+0xc73/0x1460
[ 163.346925][ T1105] ieee80211_if_change_type+0x53a/0x990
[ 163.352495][ T1105] page last free pid 1 tgid 1 stack trace:
[ 163.358413][ T1105] __free_frozen_pages+0xbc4/0xd30
[ 163.363544][ T1105] free_contig_range+0x1bd/0x4a0
[ 163.368500][ T1105] destroy_args+0x69/0x660
[ 163.373018][ T1105] debug_vm_pgtable+0x39f/0x3b0
[ 163.377877][ T1105] do_one_initcall+0x233/0x820
[ 163.382647][ T1105] do_initcall_level+0x104/0x190
[ 163.387601][ T1105] do_initcalls+0x59/0xa0
[ 163.391957][ T1105] kernel_init_freeable+0x334/0x4b0
[ 163.397279][ T1105] kernel_init+0x1d/0x1d0
[ 163.401632][ T1105] ret_from_fork+0x3f9/0x770
[ 163.406247][ T1105] ret_from_fork_asm+0x1a/0x30
[ 163.411030][ T1105]
[ 163.413367][ T1105] Memory state around the buggy address:
[ 163.419042][ T1105] ffff88805f0d6a00: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
[ 163.427179][ T1105] ffff88805f0d6a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 163.435463][ T1105] >ffff88805f0d6b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 163.443550][ T1105] ^
[ 163.448419][ T1105] ffff88805f0d6b80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 163.456495][ T1105] ffff88805f0d6c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 163.464567][ T1105] ==================================================================
[ 163.473342][ T1105] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 163.480572][ T1105] CPU: 1 UID: 0 PID: 1105 Comm: kworker/u8:6 Not tainted 6.16.0-next-20250808-syzkaller #0 PREEMPT(full)
[ 163.491915][ T1105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 163.502002][ T1105] Workqueue: events_unbound cfg80211_wiphy_work
[ 163.508351][ T1105] Call Trace:
[ 163.511660][ T1105]
[ 163.514613][ T1105] dump_stack_lvl+0x99/0x250
[ 163.519247][ T1105] ? __asan_memcpy+0x40/0x70
[ 163.523882][ T1105] ? __pfx_dump_stack_lvl+0x10/0x10
[ 163.529124][ T1105] ? __pfx__printk+0x10/0x10
[ 163.533768][ T1105] vpanic+0x281/0x750
[ 163.537786][ T1105] ? __pfx_vpanic+0x10/0x10
[ 163.542320][ T1105] ? irqentry_exit+0x74/0x90
[ 163.546963][ T1105] panic+0xb9/0xc0
[ 163.550715][ T1105] ? __pfx_panic+0x10/0x10
[ 163.555162][ T1105] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 163.561131][ T1105] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 163.567075][ T1105] ? is_module_address+0x17/0xf0
[ 163.572045][ T1105] ? _raw_spin_lock+0x2e/0x40
[ 163.576773][ T1105] check_panic_on_warn+0x89/0xb0
[ 163.581744][ T1105] ? _raw_spin_lock+0x2e/0x40
[ 163.586461][ T1105] end_report+0x78/0x160
[ 163.590741][ T1105] kasan_report+0x129/0x150
[ 163.595303][ T1105] ? _raw_spin_lock+0x2e/0x40
[ 163.600029][ T1105] ? lockref_get+0x15/0x60
[ 163.604476][ T1105] __kasan_check_byte+0x2a/0x40
[ 163.609363][ T1105] lock_acquire+0x8d/0x360
[ 163.613818][ T1105] ? do_raw_spin_lock+0x121/0x290
[ 163.618891][ T1105] _raw_spin_lock+0x2e/0x40
[ 163.623435][ T1105] ? lockref_get+0x15/0x60
[ 163.627889][ T1105] lockref_get+0x15/0x60
[ 163.632177][ T1105] __simple_recursive_removal+0x33/0x510
[ 163.637845][ T1105] ? mntput+0x65/0xc0
[ 163.641864][ T1105] ? __pfx_remove_one+0x10/0x10
[ 163.646847][ T1105] debugfs_remove+0x5b/0x70
[ 163.651394][ T1105] ieee80211_sta_debugfs_remove+0x40/0x70
[ 163.657241][ T1105] __sta_info_destroy_part2+0x352/0x450
[ 163.662857][ T1105] sta_info_destroy_addr+0xf5/0x140
[ 163.668100][ T1105] ieee80211_destroy_auth_data+0x12d/0x260
[ 163.673959][ T1105] ieee80211_sta_work+0x11cf/0x3600
[ 163.679196][ T1105] ? __lock_acquire+0xab9/0xd20
[ 163.684062][ T1105] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 163.689619][ T1105] ? do_raw_spin_lock+0x121/0x290
[ 163.694660][ T1105] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 163.700568][ T1105] ? lockdep_hardirqs_on+0x9c/0x150
[ 163.705787][ T1105] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 163.711705][ T1105] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 163.718053][ T1105] ? queue_work_on+0x1d7/0x270
[ 163.722834][ T1105] ? skb_dequeue+0x10e/0x150
[ 163.727444][ T1105] ? ieee80211_iface_work+0xfc4/0x12d0
[ 163.732919][ T1105] ? ieee80211_iface_work+0x11d6/0x12d0
[ 163.738497][ T1105] ? rcu_is_watching+0x15/0xb0
[ 163.743365][ T1105] cfg80211_wiphy_work+0x2b8/0x470
[ 163.748504][ T1105] ? process_scheduled_works+0x9ef/0x17b0
[ 163.754234][ T1105] process_scheduled_works+0xade/0x17b0
[ 163.759804][ T1105] ? __pfx_process_scheduled_works+0x10/0x10
[ 163.765802][ T1105] worker_thread+0x8a0/0xda0
[ 163.770436][ T1105] kthread+0x711/0x8a0
[ 163.774517][ T1105] ? __pfx_worker_thread+0x10/0x10
[ 163.779636][ T1105] ? __pfx_kthread+0x10/0x10
[ 163.784227][ T1105] ? _raw_spin_unlock_irq+0x23/0x50
[ 163.789442][ T1105] ? lockdep_hardirqs_on+0x9c/0x150
[ 163.794654][ T1105] ? __pfx_kthread+0x10/0x10
[ 163.799265][ T1105] ret_from_fork+0x3f9/0x770
[ 163.803878][ T1105] ? __pfx_ret_from_fork+0x10/0x10
[ 163.809022][ T1105] ? __switch_to_asm+0x39/0x70
[ 163.813797][ T1105] ? __switch_to_asm+0x33/0x70
[ 163.818568][ T1105] ? __pfx_kthread+0x10/0x10
[ 163.823163][ T1105] ret_from_fork_asm+0x1a/0x30
[ 163.827940][ T1105]
[ 163.831249][ T1105] Kernel Offset: disabled
[ 163.835574][ T1105] Rebooting in 86400 seconds..