program: socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x20, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth1_to_bridge\x00', 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x401, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) socket$kcm(0x10, 0x2, 0x0) (async) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x8041) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff05000500", 0x2c}, {&(0x7f00000019c0)="06bb", 0x2}], 0x2}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x30, 0x0, 0x1, 0x70bd27, 0x25dfdc02, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xf}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004841}, 0x20000080) [ 85.628802][ T45] Bluetooth: hci0: command tx timeout [ 85.722616][ T5360] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.752313][ T4888] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 85.756618][ T4888] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 85.791038][ T5360] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 85.794934][ T5360] wlan1: aborting authentication with 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 85.817240][ T5360] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 85.826218][ T5360] wlan1: authenticate with 08:02:11:00:00:00 (local address=aa:aa:aa:aa:aa:17) [ 85.832840][ T5360] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 85.849749][ T5360] bond0: entered promiscuous mode [ 85.852311][ T5360] bond_slave_0: entered promiscuous mode [ 85.855769][ T5360] bond_slave_1: entered promiscuous mode [ 85.859060][ T5360] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 85.939009][ T1155] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 86.048821][ T1155] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 86.159206][ T1038] wlan1: authentication with 08:02:11:00:00:00 timed out [ 86.162528][ T1038] ================================================================== [ 86.166394][ T1038] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40 [ 86.170086][ T1038] Read of size 1 at addr ffff888052c179c8 by task kworker/u4:6/1038 [ 86.173574][ T1038] [ 86.174662][ T1038] CPU: 0 UID: 0 PID: 1038 Comm: kworker/u4:6 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094 #0 PREEMPT(full) [ 86.174677][ T1038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.174685][ T1038] Workqueue: events_unbound cfg80211_wiphy_work [ 86.174759][ T1038] Call Trace: [ 86.174767][ T1038] [ 86.174773][ T1038] dump_stack_lvl+0x189/0x250 [ 86.174787][ T1038] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.174800][ T1038] ? rcu_is_watching+0x15/0xb0 [ 86.174842][ T1038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.174856][ T1038] ? rcu_is_watching+0x15/0xb0 [ 86.174866][ T1038] ? lock_release+0x4b/0x3e0 [ 86.174880][ T1038] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 86.174896][ T1038] ? __virt_addr_valid+0x1c8/0x5c0 [ 86.174909][ T1038] ? __virt_addr_valid+0x4a5/0x5c0 [ 86.174922][ T1038] print_report+0xca/0x240 [ 86.174933][ T1038] ? _raw_spin_lock+0x2e/0x40 [ 86.174944][ T1038] kasan_report+0x118/0x150 [ 86.174956][ T1038] ? _raw_spin_lock+0x2e/0x40 [ 86.174967][ T1038] ? lockref_get+0x15/0x60 [ 86.174982][ T1038] __kasan_check_byte+0x2a/0x40 [ 86.174993][ T1038] lock_acquire+0x8d/0x360 [ 86.175007][ T1038] ? do_raw_spin_lock+0x121/0x290 [ 86.175020][ T1038] _raw_spin_lock+0x2e/0x40 [ 86.175031][ T1038] ? lockref_get+0x15/0x60 [ 86.175045][ T1038] lockref_get+0x15/0x60 [ 86.175059][ T1038] __simple_recursive_removal+0x33/0x510 [ 86.175072][ T1038] ? mntput+0x65/0xc0 [ 86.175083][ T1038] ? __pfx_remove_one+0x10/0x10 [ 86.175094][ T1038] debugfs_remove+0x5b/0x70 [ 86.175104][ T1038] ieee80211_sta_debugfs_remove+0x40/0x70 [ 86.175118][ T1038] __sta_info_destroy_part2+0x352/0x450 [ 86.175133][ T1038] sta_info_destroy_addr+0xf5/0x140 [ 86.175146][ T1038] ieee80211_destroy_auth_data+0x12d/0x260 [ 86.175164][ T1038] ieee80211_sta_work+0x11cf/0x3600 [ 86.175183][ T1038] ? __lock_acquire+0xab9/0xd20 [ 86.175199][ T1038] ? __lock_acquire+0xab9/0xd20 [ 86.175213][ T1038] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 86.175229][ T1038] ? do_raw_spin_lock+0x121/0x290 [ 86.175243][ T1038] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 86.175255][ T1038] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.175269][ T1038] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.175280][ T1038] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.175292][ T1038] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 86.175306][ T1038] ? skb_dequeue+0x10e/0x150 [ 86.175318][ T1038] ? ieee80211_iface_work+0xfc4/0x12d0 [ 86.175332][ T1038] ? ieee80211_iface_work+0x11d6/0x12d0 [ 86.175345][ T1038] ? rcu_is_watching+0x15/0xb0 [ 86.175353][ T1038] cfg80211_wiphy_work+0x2b8/0x470 [ 86.175362][ T1038] ? process_scheduled_works+0x9ef/0x17b0 [ 86.175372][ T1038] process_scheduled_works+0xade/0x17b0 [ 86.175387][ T1038] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.175402][ T1038] worker_thread+0x8a0/0xda0 [ 86.175417][ T1038] kthread+0x70e/0x8a0 [ 86.175431][ T1038] ? __pfx_worker_thread+0x10/0x10 [ 86.175441][ T1038] ? __pfx_kthread+0x10/0x10 [ 86.175453][ T1038] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.175464][ T1038] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.175476][ T1038] ? __pfx_kthread+0x10/0x10 [ 86.175488][ T1038] ret_from_fork+0x3f9/0x770 [ 86.175500][ T1038] ? __pfx_ret_from_fork+0x10/0x10 [ 86.175511][ T1038] ? __pfx_kthread+0x10/0x10 [ 86.175523][ T1038] ret_from_fork_asm+0x1a/0x30 [ 86.175542][ T1038] [ 86.175546][ T1038] [ 86.324508][ T1038] Allocated by task 5360: [ 86.326475][ T1038] kasan_save_track+0x3e/0x80 [ 86.328679][ T1038] __kasan_slab_alloc+0x6c/0x80 [ 86.331118][ T1038] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0 [ 86.333863][ T1038] __d_alloc+0x36/0x7a0 [ 86.335866][ T1038] d_alloc_parallel+0xe5/0x15e0 [ 86.338206][ T1038] __lookup_slow+0x116/0x3d0 [ 86.340509][ T1038] simple_start_creating+0xfd/0x1e0 [ 86.342936][ T1038] start_creating+0x10f/0x180 [ 86.345175][ T1038] debugfs_create_dir+0x28/0x420 [ 86.347416][ T1038] ieee80211_sta_debugfs_add+0x12c/0x850 [ 86.349955][ T1038] sta_info_insert_rcu+0xfac/0x1940 [ 86.352391][ T1038] sta_info_insert+0x16/0xc0 [ 86.354709][ T1038] ieee80211_prep_connection+0xfce/0x13f0 [ 86.357461][ T1038] ieee80211_mgd_auth+0xee3/0x1770 [ 86.359825][ T1038] cfg80211_mlme_auth+0x632/0x9c0 [ 86.362053][ T1038] cfg80211_conn_do_work+0x501/0xd10 [ 86.364510][ T1038] cfg80211_connect+0x1862/0x21a0 [ 86.366804][ T1038] nl80211_connect+0x17bc/0x1cd0 [ 86.369046][ T1038] genl_family_rcv_msg_doit+0x215/0x300 [ 86.371666][ T1038] genl_rcv_msg+0x60e/0x790 [ 86.373829][ T1038] netlink_rcv_skb+0x205/0x470 [ 86.376103][ T1038] genl_rcv+0x28/0x40 [ 86.377979][ T1038] netlink_unicast+0x82c/0x9e0 [ 86.380193][ T1038] netlink_sendmsg+0x805/0xb30 [ 86.382425][ T1038] __sock_sendmsg+0x21c/0x270 [ 86.384512][ T1038] ____sys_sendmsg+0x505/0x830 [ 86.386680][ T1038] ___sys_sendmsg+0x21f/0x2a0 [ 86.388742][ T1038] __x64_sys_sendmsg+0x19b/0x260 [ 86.390963][ T1038] do_syscall_64+0xfa/0x3b0 [ 86.393173][ T1038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.396022][ T1038] [ 86.397214][ T1038] Freed by task 15: [ 86.398924][ T1038] kasan_save_track+0x3e/0x80 [ 86.401002][ T1038] kasan_save_free_info+0x46/0x50 [ 86.403271][ T1038] __kasan_slab_free+0x5b/0x80 [ 86.405291][ T1038] kmem_cache_free+0x18f/0x400 [ 86.407399][ T1038] rcu_core+0xcab/0x1770 [ 86.409271][ T1038] handle_softirqs+0x283/0x870 [ 86.411466][ T1038] run_ksoftirqd+0x9b/0x100 [ 86.413537][ T1038] smpboot_thread_fn+0x53f/0xa60 [ 86.415932][ T1038] kthread+0x70e/0x8a0 [ 86.417916][ T1038] ret_from_fork+0x3f9/0x770 [ 86.419912][ T1038] ret_from_fork_asm+0x1a/0x30 [ 86.421973][ T1038] [ 86.423120][ T1038] Last potentially related work creation: [ 86.425437][ T1038] kasan_save_stack+0x3e/0x60 [ 86.427518][ T1038] kasan_record_aux_stack+0xbd/0xd0 [ 86.429887][ T1038] call_rcu+0x157/0x9c0 [ 86.431737][ T1038] __dentry_kill+0x4d2/0x660 [ 86.433922][ T1038] dput+0x19f/0x2b0 [ 86.435698][ T1038] find_next_child+0x1e5/0x250 [ 86.437863][ T1038] __simple_recursive_removal+0x10b/0x510 [ 86.440553][ T1038] debugfs_remove+0x5b/0x70 [ 86.442780][ T1038] ieee80211_debugfs_recreate_netdev+0xbf/0x1460 [ 86.445414][ T1038] drv_remove_interface+0x1fa/0x590 [ 86.447648][ T1038] ieee80211_change_mac+0x912/0x12d0 [ 86.449845][ T1038] netif_set_mac_address+0x2f9/0x4c0 [ 86.452329][ T1038] dev_set_mac_address+0x12b/0x260 [ 86.454930][ T1038] bond_set_mac_address+0x26c/0x7b0 [ 86.457600][ T1038] netif_set_mac_address+0x2f9/0x4c0 [ 86.459847][ T1038] do_setlink+0x88c/0x41c0 [ 86.461881][ T1038] rtnl_newlink+0x160b/0x1c70 [ 86.464560][ T1038] rtnetlink_rcv_msg+0x7cc/0xb70 [ 86.467462][ T1038] netlink_rcv_skb+0x205/0x470 [ 86.469686][ T1038] netlink_unicast+0x82c/0x9e0 [ 86.471823][ T1038] netlink_sendmsg+0x805/0xb30 [ 86.473907][ T1038] __sock_sendmsg+0x21c/0x270 [ 86.475861][ T1038] ____sys_sendmsg+0x505/0x830 [ 86.477956][ T1038] ___sys_sendmsg+0x21f/0x2a0 [ 86.480021][ T1038] __x64_sys_sendmsg+0x19b/0x260 [ 86.482233][ T1038] do_syscall_64+0xfa/0x3b0 [ 86.484119][ T1038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.486635][ T1038] [ 86.487714][ T1038] The buggy address belongs to the object at ffff888052c178f8 [ 86.487714][ T1038] which belongs to the cache dentry of size 312 [ 86.493720][ T1038] The buggy address is located 208 bytes inside of [ 86.493720][ T1038] freed 312-byte region [ffff888052c178f8, ffff888052c17a30) [ 86.499741][ T1038] [ 86.500760][ T1038] The buggy address belongs to the physical page: [ 86.503535][ T1038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52c16 [ 86.507313][ T1038] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 86.510960][ T1038] memcg:ffff888036bbfe01 [ 86.513021][ T1038] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 86.516434][ T1038] page_type: f5(slab) [ 86.518194][ T1038] raw: 04fff00000000040 ffff88801b6cc780 dead000000000122 0000000000000000 [ 86.522005][ T1038] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff888036bbfe01 [ 86.526532][ T1038] head: 04fff00000000040 ffff88801b6cc780 dead000000000122 0000000000000000 [ 86.531395][ T1038] head: 0000000000000000 0000000000150015 00000000f5000000 ffff888036bbfe01 [ 86.535376][ T1038] head: 04fff00000000001 ffffea00014b0581 00000000ffffffff 00000000ffffffff [ 86.539318][ T1038] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 86.543182][ T1038] page dumped because: kasan: bad access detected [ 86.545948][ T1038] page_owner tracks the page as allocated [ 86.548458][ T1038] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5360, tgid 5359 (syz.0.0), ts 85808561565, free_ts 0 [ 86.558263][ T1038] post_alloc_hook+0x240/0x2a0 [ 86.560670][ T1038] get_page_from_freelist+0x21e4/0x22c0 [ 86.563394][ T1038] __alloc_frozen_pages_noprof+0x181/0x370 [ 86.566037][ T1038] alloc_pages_mpol+0x232/0x4a0 [ 86.568255][ T1038] allocate_slab+0x8a/0x370 [ 86.570360][ T1038] ___slab_alloc+0xbeb/0x1410 [ 86.572636][ T1038] kmem_cache_alloc_lru_noprof+0x288/0x3d0 [ 86.575120][ T1038] __d_alloc+0x36/0x7a0 [ 86.576923][ T1038] d_alloc_parallel+0xe5/0x15e0 [ 86.578870][ T1038] __lookup_slow+0x116/0x3d0 [ 86.580997][ T1038] simple_start_creating+0xfd/0x1e0 [ 86.583390][ T1038] start_creating+0x10f/0x180 [ 86.585459][ T1038] __debugfs_create_file+0x79/0x4f0 [ 86.587943][ T1038] debugfs_create_file_short+0x3f/0x60 [ 86.590708][ T1038] ieee80211_debugfs_recreate_netdev+0xb07/0x1460 [ 86.593440][ T1038] drv_remove_interface+0x1fa/0x590 [ 86.595587][ T1038] page_owner free stack trace missing [ 86.597745][ T1038] [ 86.598839][ T1038] Memory state around the buggy address: [ 86.601660][ T1038] ffff888052c17880: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa [ 86.605729][ T1038] ffff888052c17900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.609692][ T1038] >ffff888052c17980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.613537][ T1038] ^ [ 86.616135][ T1038] ffff888052c17a00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb [ 86.619561][ T1038] ffff888052c17a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.622973][ T1038] ================================================================== [ 86.627363][ T1038] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.630754][ T1038] CPU: 0 UID: 0 PID: 1038 Comm: kworker/u4:6 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094 #0 PREEMPT(full) [ 86.635670][ T1038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.640418][ T1038] Workqueue: events_unbound cfg80211_wiphy_work [ 86.643372][ T1038] Call Trace: [ 86.644986][ T1038] [ 86.646360][ T1038] dump_stack_lvl+0x99/0x250 [ 86.648474][ T1038] ? __asan_memcpy+0x40/0x70 [ 86.650244][ T1038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.652543][ T1038] ? __pfx__printk+0x10/0x10 [ 86.654793][ T1038] vpanic+0x281/0x750 [ 86.656604][ T1038] ? __pfx_vpanic+0x10/0x10 [ 86.658621][ T1038] ? irqentry_exit+0x74/0x90 [ 86.660589][ T1038] panic+0xb9/0xc0 [ 86.662581][ T1038] ? __pfx_panic+0x10/0x10 [ 86.664997][ T1038] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 86.667696][ T1038] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.670391][ T1038] ? is_module_address+0x17/0xf0 [ 86.672587][ T1038] ? _raw_spin_lock+0x2e/0x40 [ 86.674819][ T1038] check_panic_on_warn+0x89/0xb0 [ 86.677016][ T1038] ? _raw_spin_lock+0x2e/0x40 [ 86.679240][ T1038] end_report+0x78/0x160 [ 86.681161][ T1038] kasan_report+0x129/0x150 [ 86.683373][ T1038] ? _raw_spin_lock+0x2e/0x40 [ 86.685659][ T1038] ? lockref_get+0x15/0x60 [ 86.688036][ T1038] __kasan_check_byte+0x2a/0x40 [ 86.690154][ T1038] lock_acquire+0x8d/0x360 [ 86.692412][ T1038] ? do_raw_spin_lock+0x121/0x290 [ 86.694707][ T1038] _raw_spin_lock+0x2e/0x40 [ 86.696628][ T1038] ? lockref_get+0x15/0x60 [ 86.698789][ T1038] lockref_get+0x15/0x60 [ 86.700652][ T1038] __simple_recursive_removal+0x33/0x510 [ 86.703566][ T1038] ? mntput+0x65/0xc0 [ 86.705664][ T1038] ? __pfx_remove_one+0x10/0x10 [ 86.708015][ T1038] debugfs_remove+0x5b/0x70 [ 86.710030][ T1038] ieee80211_sta_debugfs_remove+0x40/0x70 [ 86.712543][ T1038] __sta_info_destroy_part2+0x352/0x450 [ 86.714958][ T1038] sta_info_destroy_addr+0xf5/0x140 [ 86.717342][ T1038] ieee80211_destroy_auth_data+0x12d/0x260 [ 86.719940][ T1038] ieee80211_sta_work+0x11cf/0x3600 [ 86.722466][ T1038] ? __lock_acquire+0xab9/0xd20 [ 86.724749][ T1038] ? __lock_acquire+0xab9/0xd20 [ 86.727120][ T1038] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 86.729633][ T1038] ? do_raw_spin_lock+0x121/0x290 [ 86.731927][ T1038] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 86.734722][ T1038] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.736942][ T1038] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.739493][ T1038] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.742579][ T1038] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 86.745176][ T1038] ? skb_dequeue+0x10e/0x150 [ 86.747326][ T1038] ? ieee80211_iface_work+0xfc4/0x12d0 [ 86.749724][ T1038] ? ieee80211_iface_work+0x11d6/0x12d0 [ 86.752159][ T1038] ? rcu_is_watching+0x15/0xb0 [ 86.754365][ T1038] cfg80211_wiphy_work+0x2b8/0x470 [ 86.756622][ T1038] ? process_scheduled_works+0x9ef/0x17b0 [ 86.759187][ T1038] process_scheduled_works+0xade/0x17b0 [ 86.761750][ T1038] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.764464][ T1038] worker_thread+0x8a0/0xda0 [ 86.766561][ T1038] kthread+0x70e/0x8a0 [ 86.768331][ T1038] ? __pfx_worker_thread+0x10/0x10 [ 86.770566][ T1038] ? __pfx_kthread+0x10/0x10 [ 86.772729][ T1038] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.775077][ T1038] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.777341][ T1038] ? __pfx_kthread+0x10/0x10 [ 86.779289][ T1038] ret_from_fork+0x3f9/0x770 [ 86.781386][ T1038] ? __pfx_ret_from_fork+0x10/0x10 [ 86.783812][ T1038] ? __pfx_kthread+0x10/0x10 [ 86.786158][ T1038] ret_from_fork_asm+0x1a/0x30 [ 86.788590][ T1038] [ 86.790500][ T1038] Kernel Offset: disabled [ 86.792603][ T1038] Rebooting in 86400 seconds..