program: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000010000100"/20, @ANYBLOB="aa40294d226ab9483c42a48ae178d4d4edd7f2d38d737733269ea4677141f36b558045b610582ba66b42201112be0be2f06090d7708162cd2f3d50bca73a4272aac4ff810cba17ff59764f48f83035e3530b84fc01b523c4edbc550ebdb8c4b1195f6332d7013c0bd34490f99dcf7ef639cf746112232c4df2079f89f777a33257714daadcbab12703e4a0", @ANYBLOB="00000000000000001800128008000100767420b150f32df3f7dd33f069000c001fcb3740cca1cfb69204e71c8a269a9110e0d685baadf8f2ca91c9c7f03151bfb0c7309e8f78895df54e299962d44dfcb69dfc324ac2c1f1b38b75880398582465c2996c34f92138b34b858445d8d5e63d4ca3a839d27bee6fc18b2ebc2f5805a368d7bc1d18cd78747d8d1e75e936c2f921016fef675dcaef4e173f0b08e67e3be215f91ee2971633f34f67d066ddedee7d6a4a80cef77411bbb86ab5d31dd8"], 0x38}}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x17) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) r13 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff05000500", 0x2c}, {&(0x7f00000019c0)="06bb", 0x2}], 0x2}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x30, r8, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x23}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}]}, 0x30}, 0x1, 0x0, 0x0, 0x20044840}, 0x80) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x200001, 0x0) [ 69.948385][ T5337] Bluetooth: hci0: command tx timeout [ 70.003757][ T5356] netlink: 24 bytes leftover after parsing attributes in process `syz.0.0'. [ 70.062868][ T5356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 70.099673][ T795] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 70.103670][ T795] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 70.119117][ T5356] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 70.122574][ T5356] wlan1: aborting authentication with 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 70.133735][ T5356] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 70.141921][ T5356] wlan1: authenticate with 08:02:11:00:00:00 (local address=aa:aa:aa:aa:aa:17) [ 70.145682][ T5356] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 70.154343][ T5356] bond0: entered promiscuous mode [ 70.156520][ T5356] bond_slave_0: entered promiscuous mode [ 70.160019][ T5356] bond_slave_1: entered promiscuous mode [ 70.162790][ T5356] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 70.258391][ T31] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 70.368349][ T31] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 70.478342][ T31] wlan1: authentication with 08:02:11:00:00:00 timed out [ 70.481549][ T31] ================================================================== [ 70.484911][ T31] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290 [ 70.488351][ T31] Read of size 4 at addr ffff88804425469c by task kworker/u4:2/31 [ 70.491704][ T31] [ 70.492766][ T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u4:2 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) [ 70.492786][ T31] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.492795][ T31] Workqueue: events_unbound cfg80211_wiphy_work [ 70.492859][ T31] Call Trace: [ 70.492867][ T31] [ 70.492873][ T31] dump_stack_lvl+0x189/0x250 [ 70.492889][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.492901][ T31] ? lock_release+0x4b/0x3e0 [ 70.492918][ T31] ? __virt_addr_valid+0x4a5/0x5c0 [ 70.492934][ T31] print_report+0xca/0x240 [ 70.492945][ T31] ? do_raw_spin_lock+0x23d/0x290 [ 70.492958][ T31] kasan_report+0x118/0x150 [ 70.492973][ T31] ? do_raw_spin_lock+0x23d/0x290 [ 70.492987][ T31] do_raw_spin_lock+0x23d/0x290 [ 70.492999][ T31] ? lock_acquire+0x5f/0x360 [ 70.493012][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 70.493024][ T31] ? do_raw_spin_lock+0x121/0x290 [ 70.493039][ T31] lockref_get+0x15/0x60 [ 70.493055][ T31] __simple_recursive_removal+0x33/0x510 [ 70.493068][ T31] ? mntput+0x65/0xc0 [ 70.493078][ T31] ? __pfx_remove_one+0x10/0x10 [ 70.493093][ T31] debugfs_remove+0x5b/0x70 [ 70.493107][ T31] ieee80211_sta_debugfs_remove+0x40/0x70 [ 70.493157][ T31] __sta_info_destroy_part2+0x352/0x450 [ 70.493175][ T31] sta_info_destroy_addr+0xf5/0x140 [ 70.493188][ T31] ieee80211_destroy_auth_data+0x12d/0x260 [ 70.493207][ T31] ieee80211_sta_work+0x11cf/0x3600 [ 70.493223][ T31] ? __kasan_slab_free+0x5b/0x80 [ 70.493235][ T31] ? kmem_cache_free+0x18f/0x400 [ 70.493247][ T31] ? macvlan_process_broadcast+0x581/0x660 [ 70.493261][ T31] ? kthread+0x70e/0x8a0 [ 70.493274][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 70.493291][ T31] ? cpuacct_charge+0x10e/0x320 [ 70.493303][ T31] ? __mutex_trylock_common+0x153/0x260 [ 70.493315][ T31] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 70.493329][ T31] ? update_load_avg+0x572/0x1880 [ 70.493339][ T31] ? do_raw_spin_lock+0x121/0x290 [ 70.493352][ T31] ? rcu_is_watching+0x15/0xb0 [ 70.493365][ T31] ? rcu_is_watching+0x15/0xb0 [ 70.493374][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 70.493390][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.493402][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 70.493416][ T31] ? skb_dequeue+0x10e/0x150 [ 70.493428][ T31] ? ieee80211_iface_work+0xfc4/0x12d0 [ 70.493442][ T31] ? ieee80211_iface_work+0x11d6/0x12d0 [ 70.493454][ T31] ? rcu_is_watching+0x15/0xb0 [ 70.493465][ T31] cfg80211_wiphy_work+0x2bb/0x470 [ 70.493479][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 70.493491][ T31] process_scheduled_works+0xade/0x17b0 [ 70.493507][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 70.493520][ T31] worker_thread+0x8a0/0xda0 [ 70.493537][ T31] kthread+0x70e/0x8a0 [ 70.493550][ T31] ? __pfx_worker_thread+0x10/0x10 [ 70.493561][ T31] ? __pfx_kthread+0x10/0x10 [ 70.493573][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.493584][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.493599][ T31] ? __pfx_kthread+0x10/0x10 [ 70.493612][ T31] ret_from_fork+0x3f9/0x770 [ 70.493625][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 70.493636][ T31] ? __pfx_kthread+0x10/0x10 [ 70.493648][ T31] ret_from_fork_asm+0x1a/0x30 [ 70.493665][ T31] [ 70.493669][ T31] [ 70.630479][ T31] Allocated by task 5356: [ 70.632435][ T31] kasan_save_track+0x3e/0x80 [ 70.634445][ T31] __kasan_slab_alloc+0x6c/0x80 [ 70.636544][ T31] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0 [ 70.639284][ T31] __d_alloc+0x36/0x7a0 [ 70.641169][ T31] d_alloc_parallel+0xe5/0x15e0 [ 70.643370][ T31] __lookup_slow+0x116/0x3d0 [ 70.645388][ T31] simple_start_creating+0xfd/0x1e0 [ 70.647642][ T31] start_creating+0x10f/0x180 [ 70.649751][ T31] debugfs_create_dir+0x28/0x420 [ 70.651932][ T31] ieee80211_sta_debugfs_add+0x12c/0x850 [ 70.654314][ T31] sta_info_insert_rcu+0xfac/0x1940 [ 70.656426][ T31] sta_info_insert+0x16/0xc0 [ 70.658268][ T31] ieee80211_prep_connection+0xfce/0x13f0 [ 70.660660][ T31] ieee80211_mgd_auth+0xee3/0x1770 [ 70.662840][ T31] cfg80211_mlme_auth+0x62f/0x9c0 [ 70.665020][ T31] cfg80211_conn_do_work+0x501/0xd10 [ 70.667181][ T31] cfg80211_connect+0x1862/0x21a0 [ 70.669366][ T31] nl80211_connect+0x17bc/0x1cd0 [ 70.671505][ T31] genl_family_rcv_msg_doit+0x215/0x300 [ 70.673956][ T31] genl_rcv_msg+0x60e/0x790 [ 70.676265][ T31] netlink_rcv_skb+0x205/0x470 [ 70.678258][ T31] genl_rcv+0x28/0x40 [ 70.680020][ T31] netlink_unicast+0x82c/0x9e0 [ 70.682180][ T31] netlink_sendmsg+0x805/0xb30 [ 70.684287][ T31] __sock_sendmsg+0x219/0x270 [ 70.686329][ T31] ____sys_sendmsg+0x505/0x830 [ 70.688369][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 70.690354][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 70.692498][ T31] do_syscall_64+0xfa/0x3b0 [ 70.694473][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.696928][ T31] [ 70.698019][ T31] Freed by task 15: [ 70.699716][ T31] kasan_save_track+0x3e/0x80 [ 70.701757][ T31] kasan_save_free_info+0x46/0x50 [ 70.704037][ T31] __kasan_slab_free+0x5b/0x80 [ 70.706085][ T31] kmem_cache_free+0x18f/0x400 [ 70.708232][ T31] rcu_core+0xcab/0x1770 [ 70.710099][ T31] handle_softirqs+0x283/0x870 [ 70.712345][ T31] run_ksoftirqd+0x9b/0x100 [ 70.714420][ T31] smpboot_thread_fn+0x53f/0xa60 [ 70.716580][ T31] kthread+0x70e/0x8a0 [ 70.718301][ T31] ret_from_fork+0x3f9/0x770 [ 70.720379][ T31] ret_from_fork_asm+0x1a/0x30 [ 70.722479][ T31] [ 70.723635][ T31] Last potentially related work creation: [ 70.726079][ T31] kasan_save_stack+0x3e/0x60 [ 70.728176][ T31] kasan_record_aux_stack+0xbd/0xd0 [ 70.730461][ T31] call_rcu+0x157/0x9c0 [ 70.732455][ T31] __dentry_kill+0x4d2/0x660 [ 70.734603][ T31] dput+0x19f/0x2b0 [ 70.736511][ T31] find_next_child+0x1e5/0x250 [ 70.738730][ T31] __simple_recursive_removal+0x10b/0x510 [ 70.741251][ T31] debugfs_remove+0x5b/0x70 [ 70.743305][ T31] ieee80211_debugfs_recreate_netdev+0xbf/0x1460 [ 70.746044][ T31] drv_remove_interface+0x1fa/0x590 [ 70.748330][ T31] ieee80211_change_mac+0x912/0x12d0 [ 70.750815][ T31] netif_set_mac_address+0x2f9/0x4c0 [ 70.753216][ T31] dev_set_mac_address+0x12b/0x260 [ 70.755514][ T31] bond_set_mac_address+0x26c/0x7b0 [ 70.757789][ T31] netif_set_mac_address+0x2f9/0x4c0 [ 70.760208][ T31] do_setlink+0x88c/0x41c0 [ 70.762398][ T31] rtnl_newlink+0x160b/0x1c70 [ 70.764562][ T31] rtnetlink_rcv_msg+0x7cc/0xb70 [ 70.766697][ T31] netlink_rcv_skb+0x205/0x470 [ 70.768780][ T31] netlink_unicast+0x82c/0x9e0 [ 70.770862][ T31] netlink_sendmsg+0x805/0xb30 [ 70.773014][ T31] __sock_sendmsg+0x219/0x270 [ 70.775046][ T31] ____sys_sendmsg+0x505/0x830 [ 70.777235][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 70.779371][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 70.781850][ T31] do_syscall_64+0xfa/0x3b0 [ 70.783956][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.786714][ T31] [ 70.787807][ T31] The buggy address belongs to the object at ffff8880442545e0 [ 70.787807][ T31] which belongs to the cache dentry of size 312 [ 70.793628][ T31] The buggy address is located 188 bytes inside of [ 70.793628][ T31] freed 312-byte region [ffff8880442545e0, ffff888044254718) [ 70.799419][ T31] [ 70.800353][ T31] The buggy address belongs to the physical page: [ 70.803169][ T31] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44254 [ 70.806846][ T31] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 70.810423][ T31] memcg:ffff888036089901 [ 70.812130][ T31] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 70.815185][ T31] page_type: f5(slab) [ 70.816828][ T31] raw: 04fff00000000040 ffff888030408780 dead000000000122 0000000000000000 [ 70.820201][ T31] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff888036089901 [ 70.823768][ T31] head: 04fff00000000040 ffff888030408780 dead000000000122 0000000000000000 [ 70.827861][ T31] head: 0000000000000000 0000000000150015 00000000f5000000 ffff888036089901 [ 70.831924][ T31] head: 04fff00000000001 ffffea0001109501 00000000ffffffff 00000000ffffffff [ 70.835745][ T31] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 70.839289][ T31] page dumped because: kasan: bad access detected [ 70.842040][ T31] page_owner tracks the page as allocated [ 70.844407][ T31] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5356, tgid 5355 (syz.0.0), ts 70131176583, free_ts 0 [ 70.853312][ T31] post_alloc_hook+0x240/0x2a0 [ 70.855611][ T31] get_page_from_freelist+0x21e4/0x22c0 [ 70.857734][ T31] __alloc_frozen_pages_noprof+0x181/0x370 [ 70.860256][ T31] alloc_pages_mpol+0x232/0x4a0 [ 70.862387][ T31] allocate_slab+0x8a/0x370 [ 70.864294][ T31] ___slab_alloc+0xbeb/0x1410 [ 70.866283][ T31] kmem_cache_alloc_lru_noprof+0x288/0x3d0 [ 70.869080][ T31] __d_alloc+0x36/0x7a0 [ 70.870877][ T31] d_alloc_parallel+0xe5/0x15e0 [ 70.872966][ T31] __lookup_slow+0x116/0x3d0 [ 70.875002][ T31] simple_start_creating+0xfd/0x1e0 [ 70.877272][ T31] start_creating+0x10f/0x180 [ 70.879271][ T31] __debugfs_create_file+0x79/0x4f0 [ 70.881551][ T31] debugfs_create_file_short+0x3f/0x60 [ 70.883986][ T31] ieee80211_debugfs_recreate_netdev+0xf76/0x1460 [ 70.886682][ T31] drv_remove_interface+0x1fa/0x590 [ 70.888849][ T31] page_owner free stack trace missing [ 70.891081][ T31] [ 70.892152][ T31] Memory state around the buggy address: [ 70.894533][ T31] ffff888044254580: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb [ 70.898178][ T31] ffff888044254600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.901615][ T31] >ffff888044254680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.904893][ T31] ^ [ 70.906960][ T31] ffff888044254700: fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb [ 70.910228][ T31] ffff888044254780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.913444][ T31] ================================================================== [ 70.918439][ T31] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.922184][ T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u4:2 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) [ 70.927145][ T31] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.931646][ T31] Workqueue: events_unbound cfg80211_wiphy_work [ 70.934311][ T31] Call Trace: [ 70.935720][ T31] [ 70.936980][ T31] dump_stack_lvl+0x99/0x250 [ 70.938925][ T31] ? __asan_memcpy+0x40/0x70 [ 70.940933][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.943131][ T31] ? __pfx__printk+0x10/0x10 [ 70.945149][ T31] vpanic+0x281/0x750 [ 70.946879][ T31] ? __pfx_vpanic+0x10/0x10 [ 70.948811][ T31] ? rcu_is_watching+0x15/0xb0 [ 70.950879][ T31] panic+0xb9/0xc0 [ 70.952469][ T31] ? __pfx_panic+0x10/0x10 [ 70.954475][ T31] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 70.957217][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 70.959849][ T31] ? do_raw_spin_lock+0x23d/0x290 [ 70.962000][ T31] check_panic_on_warn+0x89/0xb0 [ 70.964115][ T31] ? do_raw_spin_lock+0x23d/0x290 [ 70.966315][ T31] end_report+0x78/0x160 [ 70.968166][ T31] kasan_report+0x129/0x150 [ 70.970077][ T31] ? do_raw_spin_lock+0x23d/0x290 [ 70.972175][ T31] do_raw_spin_lock+0x23d/0x290 [ 70.974206][ T31] ? lock_acquire+0x5f/0x360 [ 70.976158][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 70.978394][ T31] ? do_raw_spin_lock+0x121/0x290 [ 70.980485][ T31] lockref_get+0x15/0x60 [ 70.982322][ T31] __simple_recursive_removal+0x33/0x510 [ 70.984767][ T31] ? mntput+0x65/0xc0 [ 70.986673][ T31] ? __pfx_remove_one+0x10/0x10 [ 70.989029][ T31] debugfs_remove+0x5b/0x70 [ 70.991129][ T31] ieee80211_sta_debugfs_remove+0x40/0x70 [ 70.993550][ T31] __sta_info_destroy_part2+0x352/0x450 [ 70.995836][ T31] sta_info_destroy_addr+0xf5/0x140 [ 70.998057][ T31] ieee80211_destroy_auth_data+0x12d/0x260 [ 71.000605][ T31] ieee80211_sta_work+0x11cf/0x3600 [ 71.002956][ T31] ? __kasan_slab_free+0x5b/0x80 [ 71.005190][ T31] ? kmem_cache_free+0x18f/0x400 [ 71.007460][ T31] ? macvlan_process_broadcast+0x581/0x660 [ 71.010084][ T31] ? kthread+0x70e/0x8a0 [ 71.012046][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 71.014292][ T31] ? cpuacct_charge+0x10e/0x320 [ 71.016645][ T31] ? __mutex_trylock_common+0x153/0x260 [ 71.019338][ T31] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 71.022005][ T31] ? update_load_avg+0x572/0x1880 [ 71.024225][ T31] ? do_raw_spin_lock+0x121/0x290 [ 71.026489][ T31] ? rcu_is_watching+0x15/0xb0 [ 71.028652][ T31] ? rcu_is_watching+0x15/0xb0 [ 71.030767][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 71.033320][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 71.036061][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 71.038449][ T31] ? skb_dequeue+0x10e/0x150 [ 71.040530][ T31] ? ieee80211_iface_work+0xfc4/0x12d0 [ 71.043004][ T31] ? ieee80211_iface_work+0x11d6/0x12d0 [ 71.045503][ T31] ? rcu_is_watching+0x15/0xb0 [ 71.047670][ T31] cfg80211_wiphy_work+0x2bb/0x470 [ 71.049887][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 71.052476][ T31] process_scheduled_works+0xade/0x17b0 [ 71.054888][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.057546][ T31] worker_thread+0x8a0/0xda0 [ 71.059470][ T31] kthread+0x70e/0x8a0 [ 71.061184][ T31] ? __pfx_worker_thread+0x10/0x10 [ 71.063341][ T31] ? __pfx_kthread+0x10/0x10 [ 71.065225][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.067373][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 71.069764][ T31] ? __pfx_kthread+0x10/0x10 [ 71.071926][ T31] ret_from_fork+0x3f9/0x770 [ 71.074011][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 71.076339][ T31] ? __pfx_kthread+0x10/0x10 [ 71.078422][ T31] ret_from_fork_asm+0x1a/0x30 [ 71.080627][ T31] [ 71.082395][ T31] Kernel Offset: disabled [ 71.084329][ T31] Rebooting in 86400 seconds..