program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x401, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff05000500", 0x2c}, {&(0x7f00000019c0)="06bb", 0x2}], 0x2}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fedbdf252700000008000300305e032e9c9fc7f6f65cae2b541d90d1d34a05d1a2807ed4cb89dc3133c43d5382cfa289093133bbece6cd7fc8f6c2de188df78e004addd63d8de8244f7d8d8d811b48071ad27b891b1dbec1f46a50f715533afb3965a6f5c65b", @ANYRES32=r4, @ANYBLOB="06003600390000000a0006000802110000000000"], 0x30}, 0x1, 0x0, 0x0, 0x20000841}, 0x80) [ 75.044913][ T4665] Bluetooth: hci0: command tx timeout [ 75.162735][ T5318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.198280][ T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 75.201593][ T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 75.222460][ T5318] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 75.226171][ T5318] wlan1: aborting authentication with 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 75.245291][ T5318] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 75.256677][ T5318] wlan1: authenticate with 08:02:11:00:00:00 (local address=aa:aa:aa:aa:aa:17) [ 75.260232][ T5318] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 75.274767][ T5318] bond0: entered promiscuous mode [ 75.276767][ T5318] bond_slave_0: entered promiscuous mode [ 75.279173][ T5318] bond_slave_1: entered promiscuous mode [ 75.281522][ T5318] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 75.290442][ T5318] netlink: 20 bytes leftover after parsing attributes in process `syz.0.0'. [ 75.364303][ T58] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 75.474671][ T58] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 75.584357][ T1036] wlan1: authentication with 08:02:11:00:00:00 timed out [ 75.587447][ T1036] ================================================================== [ 75.590491][ T1036] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 [ 75.593155][ T1036] Read of size 8 at addr ffff888043fd16d8 by task kworker/u4:7/1036 [ 75.596010][ T1036] [ 75.596890][ T1036] CPU: 0 UID: 0 PID: 1036 Comm: kworker/u4:7 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 75.600785][ T1036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.604852][ T1036] Workqueue: events_unbound cfg80211_wiphy_work [ 75.607231][ T1036] Call Trace: [ 75.608494][ T1036] [ 75.609512][ T1036] dump_stack_lvl+0x241/0x360 [ 75.611108][ T1036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.612908][ T1036] ? __pfx__printk+0x10/0x10 [ 75.614568][ T1036] ? _printk+0xd5/0x120 [ 75.616089][ T1036] ? __virt_addr_valid+0x183/0x530 [ 75.617889][ T1036] ? __virt_addr_valid+0x183/0x530 [ 75.620173][ T1036] print_report+0x169/0x550 [ 75.622020][ T1036] ? __virt_addr_valid+0x183/0x530 [ 75.623894][ T1036] ? __virt_addr_valid+0x183/0x530 [ 75.625811][ T1036] ? __virt_addr_valid+0x45f/0x530 [ 75.627670][ T1036] ? __phys_addr+0xba/0x170 [ 75.629358][ T1036] ? __lock_acquire+0x78/0x2100 [ 75.631162][ T1036] kasan_report+0x143/0x180 [ 75.632821][ T1036] ? __lock_acquire+0x78/0x2100 [ 75.634663][ T1036] __lock_acquire+0x78/0x2100 [ 75.636390][ T1036] ? mark_lock+0x9a/0x360 [ 75.637986][ T1036] ? __lock_acquire+0x1397/0x2100 [ 75.639868][ T1036] lock_acquire+0x1ed/0x550 [ 75.641484][ T1036] ? lockref_get+0x15/0x60 [ 75.643126][ T1036] ? __pfx_lock_acquire+0x10/0x10 [ 75.644992][ T1036] ? simple_pin_fs+0x91/0x160 [ 75.646720][ T1036] ? do_raw_spin_lock+0x14f/0x370 [ 75.648477][ T1036] ? __pfx_lock_release+0x10/0x10 [ 75.650276][ T1036] _raw_spin_lock+0x2e/0x40 [ 75.651972][ T1036] ? lockref_get+0x15/0x60 [ 75.653633][ T1036] lockref_get+0x15/0x60 [ 75.655209][ T1036] simple_recursive_removal+0x35/0x8f0 [ 75.657217][ T1036] ? mntput+0x65/0xc0 [ 75.658788][ T1036] ? __pfx_remove_one+0x10/0x10 [ 75.660867][ T1036] debugfs_remove+0x49/0x70 [ 75.662820][ T1036] ieee80211_sta_debugfs_remove+0x40/0x60 [ 75.665004][ T1036] __sta_info_destroy_part2+0x35e/0x450 [ 75.667017][ T1036] sta_info_destroy_addr+0xf4/0x140 [ 75.668957][ T1036] ieee80211_destroy_auth_data+0x139/0x270 [ 75.670944][ T1036] ieee80211_sta_work+0x1256/0x3890 [ 75.673014][ T1036] ? mark_lock+0x9a/0x360 [ 75.674570][ T1036] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 75.676590][ T1036] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 75.678872][ T1036] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 75.681125][ T1036] ? lockdep_hardirqs_on+0x99/0x150 [ 75.683005][ T1036] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 75.685230][ T1036] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.687637][ T1036] ? skb_dequeue+0x113/0x150 [ 75.689312][ T1036] ? ieee80211_iface_work+0xc0d/0xf20 [ 75.691331][ T1036] ? ieee80211_iface_work+0xe29/0xf20 [ 75.693323][ T1036] ? rcu_is_watching+0x15/0xb0 [ 75.695140][ T1036] cfg80211_wiphy_work+0x2db/0x480 [ 75.697061][ T1036] ? process_scheduled_works+0x976/0x1840 [ 75.699170][ T1036] process_scheduled_works+0xa66/0x1840 [ 75.701404][ T1036] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.703611][ T1036] ? assign_work+0x364/0x3d0 [ 75.705321][ T1036] worker_thread+0x870/0xd30 [ 75.707012][ T1036] ? __kthread_parkme+0x169/0x1d0 [ 75.708890][ T1036] ? __pfx_worker_thread+0x10/0x10 [ 75.710771][ T1036] kthread+0x2f0/0x390 [ 75.712286][ T1036] ? __pfx_worker_thread+0x10/0x10 [ 75.714169][ T1036] ? __pfx_kthread+0x10/0x10 [ 75.715979][ T1036] ret_from_fork+0x4b/0x80 [ 75.717623][ T1036] ? __pfx_kthread+0x10/0x10 [ 75.719293][ T1036] ret_from_fork_asm+0x1a/0x30 [ 75.721054][ T1036] [ 75.722203][ T1036] [ 75.723071][ T1036] Allocated by task 5318: [ 75.724606][ T1036] kasan_save_track+0x3f/0x80 [ 75.726352][ T1036] __kasan_slab_alloc+0x66/0x80 [ 75.728105][ T1036] kmem_cache_alloc_lru_noprof+0x1dd/0x390 [ 75.730201][ T1036] __d_alloc+0x31/0x700 [ 75.731720][ T1036] d_alloc_parallel+0xdf/0x1600 [ 75.733471][ T1036] __lookup_slow+0x117/0x3f0 [ 75.735179][ T1036] lookup_one_len+0x18b/0x2d0 [ 75.736916][ T1036] start_creating+0x187/0x310 [ 75.738795][ T1036] debugfs_create_dir+0x25/0x430 [ 75.740650][ T1036] ieee80211_sta_debugfs_add+0x132/0x820 [ 75.742745][ T1036] sta_info_insert_rcu+0xecf/0x1900 [ 75.744667][ T1036] sta_info_insert+0x16/0xc0 [ 75.746467][ T1036] ieee80211_prep_connection+0xecd/0x12d0 [ 75.748537][ T1036] ieee80211_mgd_auth+0xd42/0x14c0 [ 75.750515][ T1036] cfg80211_mlme_auth+0x59f/0x970 [ 75.752335][ T1036] cfg80211_conn_do_work+0x5ed/0xe60 [ 75.754238][ T1036] cfg80211_connect+0x1486/0x1d10 [ 75.756111][ T1036] nl80211_connect+0x188f/0x1fe0 [ 75.757865][ T1036] genl_rcv_msg+0xb14/0xec0 [ 75.759528][ T1036] netlink_rcv_skb+0x1e3/0x430 [ 75.761292][ T1036] genl_rcv+0x28/0x40 [ 75.762744][ T1036] netlink_unicast+0x7f6/0x990 [ 75.764469][ T1036] netlink_sendmsg+0x8e4/0xcb0 [ 75.766226][ T1036] __sock_sendmsg+0x221/0x270 [ 75.767997][ T1036] ____sys_sendmsg+0x52a/0x7e0 [ 75.769697][ T1036] __sys_sendmsg+0x269/0x350 [ 75.771555][ T1036] do_syscall_64+0xf3/0x230 [ 75.773164][ T1036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.775140][ T1036] [ 75.776046][ T1036] Freed by task 16: [ 75.777371][ T1036] kasan_save_track+0x3f/0x80 [ 75.779013][ T1036] kasan_save_free_info+0x40/0x50 [ 75.780851][ T1036] __kasan_slab_free+0x59/0x70 [ 75.782512][ T1036] kmem_cache_free+0x195/0x410 [ 75.784211][ T1036] rcu_core+0xaaa/0x17a0 [ 75.785752][ T1036] handle_softirqs+0x2d4/0x9b0 [ 75.787447][ T1036] run_ksoftirqd+0xca/0x130 [ 75.789286][ T1036] smpboot_thread_fn+0x544/0xa30 [ 75.791132][ T1036] kthread+0x2f0/0x390 [ 75.792719][ T1036] ret_from_fork+0x4b/0x80 [ 75.794371][ T1036] ret_from_fork_asm+0x1a/0x30 [ 75.796108][ T1036] [ 75.796978][ T1036] Last potentially related work creation: [ 75.799250][ T1036] kasan_save_stack+0x3f/0x60 [ 75.801050][ T1036] __kasan_record_aux_stack+0xac/0xc0 [ 75.803237][ T1036] call_rcu+0x167/0xa70 [ 75.804783][ T1036] __dentry_kill+0x497/0x630 [ 75.806697][ T1036] dput+0x19f/0x2b0 [ 75.808163][ T1036] simple_recursive_removal+0x2bd/0x8f0 [ 75.810282][ T1036] debugfs_remove+0x49/0x70 [ 75.812329][ T1036] ieee80211_debugfs_recreate_netdev+0xc4/0x1400 [ 75.814632][ T1036] drv_remove_interface+0x1e1/0x590 [ 75.816504][ T1036] ieee80211_change_mac+0xaf5/0x11e0 [ 75.818439][ T1036] dev_set_mac_address+0x327/0x510 [ 75.820267][ T1036] bond_set_mac_address+0x28e/0x7f0 [ 75.822213][ T1036] dev_set_mac_address+0x327/0x510 [ 75.824101][ T1036] dev_set_mac_address_user+0x31/0x50 [ 75.826185][ T1036] do_setlink+0x74b/0x4210 [ 75.827880][ T1036] rtnl_newlink+0x1bb6/0x2210 [ 75.829631][ T1036] rtnetlink_rcv_msg+0x791/0xcf0 [ 75.831625][ T1036] netlink_rcv_skb+0x1e3/0x430 [ 75.833376][ T1036] netlink_unicast+0x7f6/0x990 [ 75.835080][ T1036] netlink_sendmsg+0x8e4/0xcb0 [ 75.836843][ T1036] __sock_sendmsg+0x221/0x270 [ 75.838642][ T1036] ____sys_sendmsg+0x52a/0x7e0 [ 75.840318][ T1036] __sys_sendmsg+0x269/0x350 [ 75.842664][ T1036] do_syscall_64+0xf3/0x230 [ 75.844355][ T1036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.846455][ T1036] [ 75.847349][ T1036] The buggy address belongs to the object at ffff888043fd1608 [ 75.847349][ T1036] which belongs to the cache dentry of size 312 [ 75.852078][ T1036] The buggy address is located 208 bytes inside of [ 75.852078][ T1036] freed 312-byte region [ffff888043fd1608, ffff888043fd1740) [ 75.857341][ T1036] [ 75.858285][ T1036] The buggy address belongs to the physical page: [ 75.860759][ T1036] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43fd0 [ 75.863644][ T1036] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 75.866676][ T1036] memcg:ffff888036aada01 [ 75.868213][ T1036] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 75.870943][ T1036] page_type: f5(slab) [ 75.872397][ T1036] raw: 04fff00000000040 ffff88801be918c0 dead000000000122 0000000000000000 [ 75.875517][ T1036] raw: 0000000000000000 0000000000150015 00000001f5000000 ffff888036aada01 [ 75.878624][ T1036] head: 04fff00000000040 ffff88801be918c0 dead000000000122 0000000000000000 [ 75.881865][ T1036] head: 0000000000000000 0000000000150015 00000001f5000000 ffff888036aada01 [ 75.885096][ T1036] head: 04fff00000000001 ffffea00010ff401 ffffffffffffffff 0000000000000000 [ 75.888150][ T1036] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 75.891171][ T1036] page dumped because: kasan: bad access detected [ 75.893424][ T1036] page_owner tracks the page as allocated [ 75.895485][ T1036] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5318, tgid 5317 (syz.0.0), ts 75237272718, free_ts 0 [ 75.902745][ T1036] post_alloc_hook+0x1f3/0x230 [ 75.904219][ T1036] get_page_from_freelist+0x365c/0x37a0 [ 75.906010][ T1036] __alloc_pages_noprof+0x292/0x710 [ 75.907891][ T1036] alloc_pages_mpol_noprof+0x3e8/0x680 [ 75.909907][ T1036] alloc_slab_page+0x6a/0x110 [ 75.911900][ T1036] allocate_slab+0x5a/0x2b0 [ 75.913588][ T1036] ___slab_alloc+0xc27/0x14a0 [ 75.915302][ T1036] __slab_alloc+0x58/0xa0 [ 75.916881][ T1036] kmem_cache_alloc_lru_noprof+0x26c/0x390 [ 75.918942][ T1036] __d_alloc+0x31/0x700 [ 75.920418][ T1036] d_alloc_parallel+0xdf/0x1600 [ 75.922168][ T1036] __lookup_slow+0x117/0x3f0 [ 75.923783][ T1036] lookup_one_len+0x18b/0x2d0 [ 75.925395][ T1036] start_creating+0x187/0x310 [ 75.927024][ T1036] __debugfs_create_file+0x73/0x4b0 [ 75.928838][ T1036] ieee80211_debugfs_recreate_netdev+0xae3/0x1400 [ 75.931075][ T1036] page_owner free stack trace missing [ 75.932971][ T1036] [ 75.933852][ T1036] Memory state around the buggy address: [ 75.935801][ T1036] ffff888043fd1580: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 75.938572][ T1036] ffff888043fd1600: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.941588][ T1036] >ffff888043fd1680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.944413][ T1036] ^ [ 75.946799][ T1036] ffff888043fd1700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.949717][ T1036] ffff888043fd1780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.952537][ T1036] ================================================================== [ 75.955509][ T1036] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.958157][ T1036] CPU: 0 UID: 0 PID: 1036 Comm: kworker/u4:7 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 75.962383][ T1036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.966196][ T1036] Workqueue: events_unbound cfg80211_wiphy_work [ 75.968505][ T1036] Call Trace: [ 75.969764][ T1036] [ 75.970893][ T1036] dump_stack_lvl+0x241/0x360 [ 75.972645][ T1036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.974551][ T1036] ? __pfx__printk+0x10/0x10 [ 75.976363][ T1036] ? rcu_is_watching+0x15/0xb0 [ 75.978149][ T1036] ? lock_release+0xbf/0xa30 [ 75.979866][ T1036] ? vscnprintf+0x5d/0x90 [ 75.981444][ T1036] panic+0x349/0x880 [ 75.982855][ T1036] ? check_panic_on_warn+0x21/0xb0 [ 75.984751][ T1036] ? __pfx_panic+0x10/0x10 [ 75.986332][ T1036] ? do_raw_spin_unlock+0x58/0x8b0 [ 75.987946][ T1036] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 75.990001][ T1036] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.992271][ T1036] ? print_report+0x502/0x550 [ 75.994113][ T1036] check_panic_on_warn+0x86/0xb0 [ 75.996215][ T1036] ? __lock_acquire+0x78/0x2100 [ 75.998328][ T1036] end_report+0x77/0x160 [ 75.999907][ T1036] kasan_report+0x154/0x180 [ 76.001566][ T1036] ? __lock_acquire+0x78/0x2100 [ 76.003363][ T1036] __lock_acquire+0x78/0x2100 [ 76.005286][ T1036] ? mark_lock+0x9a/0x360 [ 76.006904][ T1036] ? __lock_acquire+0x1397/0x2100 [ 76.008792][ T1036] lock_acquire+0x1ed/0x550 [ 76.010592][ T1036] ? lockref_get+0x15/0x60 [ 76.012367][ T1036] ? __pfx_lock_acquire+0x10/0x10 [ 76.014339][ T1036] ? simple_pin_fs+0x91/0x160 [ 76.016164][ T1036] ? do_raw_spin_lock+0x14f/0x370 [ 76.018097][ T1036] ? __pfx_lock_release+0x10/0x10 [ 76.019953][ T1036] _raw_spin_lock+0x2e/0x40 [ 76.021624][ T1036] ? lockref_get+0x15/0x60 [ 76.023334][ T1036] lockref_get+0x15/0x60 [ 76.024991][ T1036] simple_recursive_removal+0x35/0x8f0 [ 76.027038][ T1036] ? mntput+0x65/0xc0 [ 76.028540][ T1036] ? __pfx_remove_one+0x10/0x10 [ 76.030595][ T1036] debugfs_remove+0x49/0x70 [ 76.032395][ T1036] ieee80211_sta_debugfs_remove+0x40/0x60 [ 76.034534][ T1036] __sta_info_destroy_part2+0x35e/0x450 [ 76.036513][ T1036] sta_info_destroy_addr+0xf4/0x140 [ 76.038536][ T1036] ieee80211_destroy_auth_data+0x139/0x270 [ 76.040558][ T1036] ieee80211_sta_work+0x1256/0x3890 [ 76.042637][ T1036] ? mark_lock+0x9a/0x360 [ 76.044311][ T1036] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 76.046328][ T1036] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.048574][ T1036] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 76.050601][ T1036] ? lockdep_hardirqs_on+0x99/0x150 [ 76.052334][ T1036] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 76.054395][ T1036] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.056713][ T1036] ? skb_dequeue+0x113/0x150 [ 76.058448][ T1036] ? ieee80211_iface_work+0xc0d/0xf20 [ 76.060390][ T1036] ? ieee80211_iface_work+0xe29/0xf20 [ 76.062452][ T1036] ? rcu_is_watching+0x15/0xb0 [ 76.064306][ T1036] cfg80211_wiphy_work+0x2db/0x480 [ 76.066281][ T1036] ? process_scheduled_works+0x976/0x1840 [ 76.068316][ T1036] process_scheduled_works+0xa66/0x1840 [ 76.070321][ T1036] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.072706][ T1036] ? assign_work+0x364/0x3d0 [ 76.074583][ T1036] worker_thread+0x870/0xd30 [ 76.076263][ T1036] ? __kthread_parkme+0x169/0x1d0 [ 76.078051][ T1036] ? __pfx_worker_thread+0x10/0x10 [ 76.079922][ T1036] kthread+0x2f0/0x390 [ 76.081405][ T1036] ? __pfx_worker_thread+0x10/0x10 [ 76.083288][ T1036] ? __pfx_kthread+0x10/0x10 [ 76.084985][ T1036] ret_from_fork+0x4b/0x80 [ 76.086528][ T1036] ? __pfx_kthread+0x10/0x10 [ 76.088227][ T1036] ret_from_fork_asm+0x1a/0x30 [ 76.090016][ T1036] [ 76.091480][ T1036] Kernel Offset: disabled [ 76.093134][ T1036] Rebooting in 86400 seconds..