program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x30, r7, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0xc0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[], 0x230}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x401, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, 0xd07, 0x1a001}, [@IFLA_IFNAME={0x14, 0x3, 'wlan1\x00'}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x5336ae46a3975501}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4010}, 0x0) r12 = socket(0x10, 0x4, 0x0) r13 = socket(0x11, 0x800000003, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d40)=ANY=[@ANYBLOB="2e0000001c0073fc0000000400fd000007000003", @ANYRES32=r14, @ANYBLOB="020047040a0002"], 0x30}}, 0x0) r15 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r15, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r15) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r15) recvmmsg(r15, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001740)=""/181, 0xb5}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000340)=""/196, 0xc4}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000700)=""/4113, 0x1011}, {&(0x7f0000000440)=""/178, 0xb2}, {&(0x7f0000000540)=""/216, 0xd8}, {&(0x7f0000000100)=""/119, 0x77}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000000240)=""/116, 0x74}, {&(0x7f00000018c0)=""/147, 0x93}], 0x7}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x5}], 0x5, 0x40008062, 0x0) [ 68.776833][ T5306] Bluetooth: hci0: command tx timeout [ 68.845493][ T5326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.886649][ T54] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 68.890351][ T54] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 68.906445][ T1044] wlan1: authenticated [ 68.908814][ T5326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 68.923240][ T1044] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 68.931300][ T5326] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.937210][ T5326] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.032451][ T1088] wlan1: associate with 08:02:11:00:00:00 (try 2/3) [ 69.142416][ T1044] wlan1: associate with 08:02:11:00:00:00 (try 3/3) [ 69.252585][ T1088] wlan1: association with 08:02:11:00:00:00 timed out [ 69.255623][ T1088] ================================================================== [ 69.258702][ T1088] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40 [ 69.261921][ T1088] Read of size 1 at addr ffff888051cc16d8 by task kworker/u4:9/1088 [ 69.265152][ T1088] [ 69.266138][ T1088] CPU: 0 UID: 0 PID: 1088 Comm: kworker/u4:9 Not tainted syzkaller #0 PREEMPT(full) [ 69.266151][ T1088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.266159][ T1088] Workqueue: events_unbound cfg80211_wiphy_work [ 69.266185][ T1088] Call Trace: [ 69.266194][ T1088] [ 69.266199][ T1088] dump_stack_lvl+0x189/0x250 [ 69.266214][ T1088] ? __virt_addr_valid+0x1c8/0x5c0 [ 69.266228][ T1088] ? rcu_is_watching+0x15/0xb0 [ 69.266240][ T1088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.266253][ T1088] ? rcu_is_watching+0x15/0xb0 [ 69.266265][ T1088] ? lock_release+0x4b/0x3e0 [ 69.266274][ T1088] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 69.266291][ T1088] ? __virt_addr_valid+0x1c8/0x5c0 [ 69.266304][ T1088] ? __virt_addr_valid+0x4a5/0x5c0 [ 69.266318][ T1088] print_report+0xca/0x240 [ 69.266330][ T1088] ? _raw_spin_lock+0x2e/0x40 [ 69.266343][ T1088] kasan_report+0x118/0x150 [ 69.266357][ T1088] ? _raw_spin_lock+0x2e/0x40 [ 69.266371][ T1088] ? lockref_get+0x15/0x60 [ 69.266416][ T1088] __kasan_check_byte+0x2a/0x40 [ 69.266428][ T1088] lock_acquire+0x8d/0x360 [ 69.266438][ T1088] ? do_raw_spin_lock+0x121/0x290 [ 69.266452][ T1088] _raw_spin_lock+0x2e/0x40 [ 69.266466][ T1088] ? lockref_get+0x15/0x60 [ 69.266474][ T1088] lockref_get+0x15/0x60 [ 69.266483][ T1088] __simple_recursive_removal+0x33/0x510 [ 69.266494][ T1088] ? mntput+0x65/0xc0 [ 69.266503][ T1088] ? __pfx_remove_one+0x10/0x10 [ 69.266516][ T1088] debugfs_remove+0x5b/0x70 [ 69.266528][ T1088] ieee80211_sta_debugfs_remove+0x40/0x70 [ 69.266539][ T1088] __sta_info_destroy_part2+0x352/0x450 [ 69.266552][ T1088] sta_info_destroy_addr+0xf5/0x140 [ 69.266562][ T1088] ieee80211_destroy_assoc_data+0x1bf/0x680 [ 69.266578][ T1088] ? __pfx_ieee80211_destroy_assoc_data+0x10/0x10 [ 69.266591][ T1088] ? do_raw_spin_lock+0x121/0x290 [ 69.266603][ T1088] ? __local_bh_enable_ip+0x12d/0x1c0 [ 69.266614][ T1088] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.266626][ T1088] ? __local_bh_enable_ip+0x12d/0x1c0 [ 69.266636][ T1088] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 69.266647][ T1088] ? ieee80211_sta_work+0xe86/0x3600 [ 69.266660][ T1088] ieee80211_sta_work+0xe93/0x3600 [ 69.266672][ T1088] ? do_raw_spin_unlock+0x4d/0x240 [ 69.266688][ T1088] ? __lock_acquire+0xab9/0xd20 [ 69.266700][ T1088] ? __lock_acquire+0xab9/0xd20 [ 69.266709][ T1088] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 69.266719][ T1088] ? do_raw_spin_lock+0x121/0x290 [ 69.266732][ T1088] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 69.266741][ T1088] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.266750][ T1088] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 69.266759][ T1088] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.266768][ T1088] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 69.266785][ T1088] ? ieee80211_iface_work+0x11d6/0x12d0 [ 69.266796][ T1088] ? rcu_is_watching+0x15/0xb0 [ 69.266809][ T1088] cfg80211_wiphy_work+0x2b8/0x470 [ 69.266821][ T1088] ? process_scheduled_works+0x9ef/0x17b0 [ 69.266834][ T1088] process_scheduled_works+0xade/0x17b0 [ 69.266852][ T1088] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.266865][ T1088] worker_thread+0x8a0/0xda0 [ 69.266880][ T1088] kthread+0x711/0x8a0 [ 69.266893][ T1088] ? __pfx_worker_thread+0x10/0x10 [ 69.266906][ T1088] ? __pfx_kthread+0x10/0x10 [ 69.266919][ T1088] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.266926][ T1088] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.266936][ T1088] ? __pfx_kthread+0x10/0x10 [ 69.266948][ T1088] ret_from_fork+0x436/0x7d0 [ 69.266961][ T1088] ? __pfx_ret_from_fork+0x10/0x10 [ 69.266974][ T1088] ? __pfx_kthread+0x10/0x10 [ 69.266986][ T1088] ret_from_fork_asm+0x1a/0x30 [ 69.267002][ T1088] [ 69.267006][ T1088] [ 69.422360][ T1088] Allocated by task 54: [ 69.424196][ T1088] kasan_save_track+0x3e/0x80 [ 69.426319][ T1088] __kasan_slab_alloc+0x6c/0x80 [ 69.428471][ T1088] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0 [ 69.430900][ T1088] __d_alloc+0x36/0x7a0 [ 69.432627][ T1088] d_alloc_parallel+0xe5/0x15e0 [ 69.434517][ T1088] __lookup_slow+0x116/0x3d0 [ 69.435975][ T1088] simple_start_creating+0xfd/0x1e0 [ 69.437614][ T1088] debugfs_start_creating+0x10f/0x180 [ 69.439906][ T1088] debugfs_create_dir+0x28/0x420 [ 69.442012][ T1088] ieee80211_sta_debugfs_add+0x12c/0x850 [ 69.444521][ T1088] sta_info_insert_rcu+0xfac/0x1940 [ 69.446732][ T1088] sta_info_insert+0x16/0xc0 [ 69.448862][ T1088] ieee80211_prep_connection+0xfce/0x13f0 [ 69.451633][ T1088] ieee80211_mgd_auth+0xee3/0x1770 [ 69.453847][ T1088] cfg80211_mlme_auth+0x62f/0x9c0 [ 69.456032][ T1088] cfg80211_conn_do_work+0x501/0xd10 [ 69.458661][ T1088] cfg80211_conn_work+0x2c0/0x460 [ 69.461443][ T1088] process_scheduled_works+0xade/0x17b0 [ 69.463624][ T1088] worker_thread+0x8a0/0xda0 [ 69.465309][ T1088] kthread+0x711/0x8a0 [ 69.466859][ T1088] ret_from_fork+0x436/0x7d0 [ 69.469809][ T1088] ret_from_fork_asm+0x1a/0x30 [ 69.471979][ T1088] [ 69.473056][ T1088] Freed by task 15: [ 69.474838][ T1088] kasan_save_track+0x3e/0x80 [ 69.476904][ T1088] kasan_save_free_info+0x46/0x50 [ 69.479117][ T1088] __kasan_slab_free+0x5b/0x80 [ 69.480972][ T1088] kmem_cache_free+0x18f/0x400 [ 69.482842][ T1088] rcu_core+0xca8/0x1770 [ 69.484503][ T1088] handle_softirqs+0x283/0x870 [ 69.486345][ T1088] run_ksoftirqd+0x9b/0x100 [ 69.488217][ T1088] smpboot_thread_fn+0x53f/0xa60 [ 69.490300][ T1088] kthread+0x711/0x8a0 [ 69.492140][ T1088] ret_from_fork+0x436/0x7d0 [ 69.494212][ T1088] ret_from_fork_asm+0x1a/0x30 [ 69.496347][ T1088] [ 69.497439][ T1088] Last potentially related work creation: [ 69.499892][ T1088] kasan_save_stack+0x3e/0x60 [ 69.501877][ T1088] kasan_record_aux_stack+0xbd/0xd0 [ 69.504204][ T1088] call_rcu+0x157/0x9c0 [ 69.505978][ T1088] __dentry_kill+0x4d2/0x660 [ 69.507818][ T1088] dput+0x19f/0x2b0 [ 69.509414][ T1088] find_next_child+0x1e5/0x250 [ 69.511517][ T1088] __simple_recursive_removal+0x10b/0x510 [ 69.513808][ T1088] debugfs_remove+0x5b/0x70 [ 69.515774][ T1088] ieee80211_debugfs_recreate_netdev+0xbf/0x1460 [ 69.518528][ T1088] drv_remove_interface+0x1fa/0x590 [ 69.520866][ T1088] ieee80211_change_mac+0x912/0x12d0 [ 69.523114][ T1088] netif_set_mac_address+0x2fc/0x4c0 [ 69.525394][ T1088] do_setlink+0x88c/0x41c0 [ 69.527396][ T1088] rtnl_newlink+0x160b/0x1c70 [ 69.529404][ T1088] rtnetlink_rcv_msg+0x7cf/0xb70 [ 69.531541][ T1088] netlink_rcv_skb+0x208/0x470 [ 69.533698][ T1088] netlink_unicast+0x82f/0x9e0 [ 69.535684][ T1088] netlink_sendmsg+0x805/0xb30 [ 69.537568][ T1088] __sock_sendmsg+0x219/0x270 [ 69.539355][ T1088] ____sys_sendmsg+0x505/0x830 [ 69.541178][ T1088] ___sys_sendmsg+0x21f/0x2a0 [ 69.542999][ T1088] __x64_sys_sendmsg+0x19b/0x260 [ 69.544961][ T1088] do_syscall_64+0xfa/0x3b0 [ 69.546755][ T1088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.549097][ T1088] [ 69.550092][ T1088] The buggy address belongs to the object at ffff888051cc1608 [ 69.550092][ T1088] which belongs to the cache dentry of size 312 [ 69.555729][ T1088] The buggy address is located 208 bytes inside of [ 69.555729][ T1088] freed 312-byte region [ffff888051cc1608, ffff888051cc1740) [ 69.561490][ T1088] [ 69.562589][ T1088] The buggy address belongs to the physical page: [ 69.565293][ T1088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51cc0 [ 69.568974][ T1088] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 69.572632][ T1088] memcg:ffff888035971301 [ 69.574404][ T1088] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 69.577612][ T1088] page_type: f5(slab) [ 69.579548][ T1088] raw: 04fff00000000040 ffff888030414780 dead000000000122 0000000000000000 [ 69.583387][ T1088] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff888035971301 [ 69.586844][ T1088] head: 04fff00000000040 ffff888030414780 dead000000000122 0000000000000000 [ 69.590405][ T1088] head: 0000000000000000 0000000000150015 00000000f5000000 ffff888035971301 [ 69.594156][ T1088] head: 04fff00000000001 ffffea0001473001 00000000ffffffff 00000000ffffffff [ 69.598032][ T1088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 69.601907][ T1088] page dumped because: kasan: bad access detected [ 69.604728][ T1088] page_owner tracks the page as allocated [ 69.607211][ T1088] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5326, tgid 5325 (syz.0.0), ts 68834073284, free_ts 0 [ 69.615993][ T1088] post_alloc_hook+0x240/0x2a0 [ 69.618054][ T1088] get_page_from_freelist+0x21e4/0x22c0 [ 69.620410][ T1088] __alloc_frozen_pages_noprof+0x181/0x370 [ 69.623019][ T1088] alloc_pages_mpol+0x232/0x4a0 [ 69.625080][ T1088] allocate_slab+0x8a/0x370 [ 69.627084][ T1088] ___slab_alloc+0xbeb/0x1420 [ 69.629095][ T1088] kmem_cache_alloc_lru_noprof+0x288/0x3d0 [ 69.631561][ T1088] __d_alloc+0x36/0x7a0 [ 69.633382][ T1088] d_alloc_parallel+0xe5/0x15e0 [ 69.635579][ T1088] __lookup_slow+0x116/0x3d0 [ 69.637567][ T1088] simple_start_creating+0xfd/0x1e0 [ 69.639862][ T1088] debugfs_start_creating+0x10f/0x180 [ 69.642197][ T1088] __debugfs_create_file+0x79/0x4f0 [ 69.644499][ T1088] debugfs_create_file_short+0x3f/0x60 [ 69.647325][ T1088] ieee80211_debugfs_recreate_netdev+0xb6f/0x1460 [ 69.650305][ T1088] ieee80211_if_change_type+0x53a/0x990 [ 69.652623][ T1088] page_owner free stack trace missing [ 69.654966][ T1088] [ 69.656048][ T1088] Memory state around the buggy address: [ 69.658293][ T1088] ffff888051cc1580: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 69.661648][ T1088] ffff888051cc1600: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.665080][ T1088] >ffff888051cc1680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.668368][ T1088] ^ [ 69.671259][ T1088] ffff888051cc1700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 69.674282][ T1088] ffff888051cc1780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.677806][ T1088] ================================================================== [ 69.682738][ T1088] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.685758][ T1088] CPU: 0 UID: 0 PID: 1088 Comm: kworker/u4:9 Not tainted syzkaller #0 PREEMPT(full) [ 69.689598][ T1088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.694236][ T1088] Workqueue: events_unbound cfg80211_wiphy_work [ 69.696894][ T1088] Call Trace: [ 69.698335][ T1088] [ 69.699618][ T1088] dump_stack_lvl+0x99/0x250 [ 69.701543][ T1088] ? __asan_memcpy+0x40/0x70 [ 69.703565][ T1088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.705802][ T1088] ? __pfx__printk+0x10/0x10 [ 69.707718][ T1088] vpanic+0x281/0x750 [ 69.709722][ T1088] ? __pfx_vpanic+0x10/0x10 [ 69.712010][ T1088] ? irqentry_exit+0x74/0x90 [ 69.714204][ T1088] panic+0xb9/0xc0 [ 69.715815][ T1088] ? __pfx_panic+0x10/0x10 [ 69.717680][ T1088] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 69.720224][ T1088] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 69.722699][ T1088] ? is_module_address+0x17/0xf0 [ 69.724812][ T1088] ? _raw_spin_lock+0x2e/0x40 [ 69.726856][ T1088] check_panic_on_warn+0x89/0xb0 [ 69.729076][ T1088] ? _raw_spin_lock+0x2e/0x40 [ 69.731101][ T1088] end_report+0x78/0x160 [ 69.732917][ T1088] kasan_report+0x129/0x150 [ 69.734877][ T1088] ? _raw_spin_lock+0x2e/0x40 [ 69.736910][ T1088] ? lockref_get+0x15/0x60 [ 69.738859][ T1088] __kasan_check_byte+0x2a/0x40 [ 69.741084][ T1088] lock_acquire+0x8d/0x360 [ 69.743034][ T1088] ? do_raw_spin_lock+0x121/0x290 [ 69.745093][ T1088] _raw_spin_lock+0x2e/0x40 [ 69.747069][ T1088] ? lockref_get+0x15/0x60 [ 69.749024][ T1088] lockref_get+0x15/0x60 [ 69.750813][ T1088] __simple_recursive_removal+0x33/0x510 [ 69.753269][ T1088] ? mntput+0x65/0xc0 [ 69.754955][ T1088] ? __pfx_remove_one+0x10/0x10 [ 69.757060][ T1088] debugfs_remove+0x5b/0x70 [ 69.759030][ T1088] ieee80211_sta_debugfs_remove+0x40/0x70 [ 69.761523][ T1088] __sta_info_destroy_part2+0x352/0x450 [ 69.763938][ T1088] sta_info_destroy_addr+0xf5/0x140 [ 69.766194][ T1088] ieee80211_destroy_assoc_data+0x1bf/0x680 [ 69.768789][ T1088] ? __pfx_ieee80211_destroy_assoc_data+0x10/0x10 [ 69.771620][ T1088] ? do_raw_spin_lock+0x121/0x290 [ 69.773826][ T1088] ? __local_bh_enable_ip+0x12d/0x1c0 [ 69.776184][ T1088] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.778407][ T1088] ? __local_bh_enable_ip+0x12d/0x1c0 [ 69.780597][ T1088] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 69.783069][ T1088] ? ieee80211_sta_work+0xe86/0x3600 [ 69.785391][ T1088] ieee80211_sta_work+0xe93/0x3600 [ 69.787627][ T1088] ? do_raw_spin_unlock+0x4d/0x240 [ 69.789812][ T1088] ? __lock_acquire+0xab9/0xd20 [ 69.791963][ T1088] ? __lock_acquire+0xab9/0xd20 [ 69.794078][ T1088] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 69.796484][ T1088] ? do_raw_spin_lock+0x121/0x290 [ 69.798602][ T1088] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 69.800990][ T1088] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.803075][ T1088] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 69.805452][ T1088] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.808149][ T1088] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 69.810459][ T1088] ? ieee80211_iface_work+0x11d6/0x12d0 [ 69.812846][ T1088] ? rcu_is_watching+0x15/0xb0 [ 69.814908][ T1088] cfg80211_wiphy_work+0x2b8/0x470 [ 69.817156][ T1088] ? process_scheduled_works+0x9ef/0x17b0 [ 69.819643][ T1088] process_scheduled_works+0xade/0x17b0 [ 69.822112][ T1088] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.824642][ T1088] worker_thread+0x8a0/0xda0 [ 69.826598][ T1088] kthread+0x711/0x8a0 [ 69.828456][ T1088] ? __pfx_worker_thread+0x10/0x10 [ 69.830694][ T1088] ? __pfx_kthread+0x10/0x10 [ 69.832744][ T1088] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.834984][ T1088] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.837217][ T1088] ? __pfx_kthread+0x10/0x10 [ 69.839298][ T1088] ret_from_fork+0x436/0x7d0 [ 69.841358][ T1088] ? __pfx_ret_from_fork+0x10/0x10 [ 69.843605][ T1088] ? __pfx_kthread+0x10/0x10 [ 69.845652][ T1088] ret_from_fork_asm+0x1a/0x30 [ 69.847756][ T1088] [ 69.849442][ T1088] Kernel Offset: disabled [ 69.851370][ T1088] Rebooting in 86400 seconds..