program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000050000000000000000000095"], &(0x7f0000000240)='GPL\x00'}, 0x90) r1 = socket$rxrpc(0x21, 0x2, 0x2) accept4(r1, 0x0, 0x0, 0x80800) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) (async) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) (async) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="80000000080211000001080211000001080211000000000000000000000000006400010005037c200825030002"], 0x64) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x9, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x4, 0x21}}}, 0x3f) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32) (async) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000002a80)='kfree\x00', r0}, 0x10) (async) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000002a80)='kfree\x00', r0}, 0x10) dup(r5) (async) r6 = dup(r5) bpf$BPF_LINK_UPDATE(0xf, &(0x7f0000000540)={r6}, 0x36) [ 74.158642][ T4703] Bluetooth: hci0: command tx timeout [ 74.232078][ T5355] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.242524][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.272820][ T5348] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 74.276667][ T5348] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 74.294135][ T1037] wlan1: authenticated [ 74.296564][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.302189][ T1037] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 74.306785][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.311220][ T1037] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 74.315432][ T1037] wlan1: associated [ 74.319367][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.325594][ T5354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.331589][ T5355] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.337490][ C0] ------------[ cut here ]------------ [ 74.340002][ C0] ODEBUG: activate active (active state 1) object: ffff88801e683180 object type: rcu_head hint: 0x0 [ 74.345151][ C0] WARNING: CPU: 0 PID: 15 at lib/debugobjects.c:615 debug_print_object+0x16b/0x1e0 [ 74.348770][ C0] Modules linked in: [ 74.350549][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) [ 74.354100][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.358949][ C0] RIP: 0010:debug_print_object+0x16b/0x1e0 [ 74.362119][ C0] Code: 4c 89 ff e8 67 d3 52 fd 4d 8b 0f 48 c7 c7 a0 53 e3 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 0a 73 b1 fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 37 0a d2 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 [ 74.371775][ C0] RSP: 0018:ffffc9000041ec50 EFLAGS: 00010296 [ 74.374984][ C0] RAX: 9823eb705d399600 RBX: dffffc0000000000 RCX: 0000000000040000 [ 74.378561][ C0] RDX: ffffc90001031000 RSI: 00000000000009b9 RDI: 00000000000009ba [ 74.381996][ C0] RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004 [ 74.385277][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa1f4 R12: 0000000000000000 [ 74.388640][ C0] R13: ffffffff8be35520 R14: ffff88801e683180 R15: ffffffff8b8bd420 [ 74.391942][ C0] FS: 0000000000000000(0000) GS:ffff88808d20d000(0000) knlGS:0000000000000000 [ 74.395942][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.398779][ C0] CR2: 0000200000002a80 CR3: 000000003f92b000 CR4: 0000000000352ef0 [ 74.402526][ C0] Call Trace: [ 74.404167][ C0] [ 74.405585][ C0] debug_object_activate+0x26a/0x420 [ 74.408078][ C0] kvfree_call_rcu+0x4f/0x410 [ 74.410446][ C0] cfg80211_update_known_bss+0x634/0x1330 [ 74.413119][ C0] ? cmp_bss+0x8b3/0xe80 [ 74.415096][ C0] ? cmp_bss+0x8b3/0xe80 [ 74.417008][ C0] __cfg80211_bss_update+0x147/0x2120 [ 74.419297][ C0] ? do_raw_spin_lock+0x121/0x290 [ 74.421337][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 74.423638][ C0] ? trace_kmalloc+0x1f/0xd0 [ 74.425567][ C0] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0 [ 74.428439][ C0] cfg80211_inform_single_bss_data+0xba9/0x1ac0 [ 74.431199][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 74.434128][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.436260][ C0] ? queue_work_on+0x1ed/0x270 [ 74.438207][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.440874][ C0] ? cfg80211_inform_bss_data+0x1e8/0x3b30 [ 74.443293][ C0] cfg80211_inform_bss_data+0x1fb/0x3b30 [ 74.445686][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 74.447864][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.450083][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 74.452328][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 74.454778][ C0] ? ieee80211_rx_handlers+0xb6f3/0xb760 [ 74.457263][ C0] ? ieee80211_rx_handlers+0xb6f3/0xb760 [ 74.459593][ C0] ? __lock_acquire+0xab9/0xd20 [ 74.461492][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 74.464054][ C0] ? __lock_acquire+0xab9/0xd20 [ 74.466134][ C0] ? __pfx_ieee80211_rx_handlers+0x10/0x10 [ 74.468758][ C0] ? unwind_next_frame+0xa5/0x2390 [ 74.470969][ C0] ? ieee80211_bss_info_update+0x2dc/0x9e0 [ 74.473431][ C0] cfg80211_inform_bss_frame_data+0x3d7/0x730 [ 74.475939][ C0] ? ieee80211_bss_info_update+0x2dc/0x9e0 [ 74.478434][ C0] ieee80211_bss_info_update+0x746/0x9e0 [ 74.480522][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 74.483085][ C0] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 74.486162][ C0] ieee80211_scan_rx+0x593/0xa20 [ 74.488780][ C0] ieee80211_rx_list+0x201c/0x2a90 [ 74.491157][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 74.493456][ C0] ? ieee80211_rx_napi+0xca/0x3d0 [ 74.495606][ C0] ? ieee80211_rx_napi+0xca/0x3d0 [ 74.497754][ C0] ? ieee80211_rx_napi+0xca/0x3d0 [ 74.500073][ C0] ieee80211_rx_napi+0x1a8/0x3d0 [ 74.502158][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 74.504574][ C0] ? skb_dequeue+0x10e/0x150 [ 74.506352][ C0] ieee80211_handle_queued_frames+0xe8/0x1f0 [ 74.508884][ C0] tasklet_action_common+0x369/0x580 [ 74.511140][ C0] ? __pfx_tasklet_action_common+0x10/0x10 [ 74.513600][ C0] ? workqueue_softirq_action+0xd4/0x150 [ 74.515985][ C0] handle_softirqs+0x283/0x870 [ 74.518074][ C0] ? run_ksoftirqd+0x9b/0x100 [ 74.520237][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 74.522535][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.524762][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.527008][ C0] run_ksoftirqd+0x9b/0x100 [ 74.529069][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 74.531250][ C0] smpboot_thread_fn+0x53f/0xa60 [ 74.533297][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.535322][ C0] kthread+0x70e/0x8a0 [ 74.537081][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 74.539642][ C0] ? __pfx_kthread+0x10/0x10 [ 74.541724][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.544028][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.546299][ C0] ? __pfx_kthread+0x10/0x10 [ 74.548393][ C0] ret_from_fork+0x3fc/0x770 [ 74.550403][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 74.552591][ C0] ? __pfx_kthread+0x10/0x10 [ 74.554581][ C0] ret_from_fork_asm+0x1a/0x30 [ 74.556493][ C0] [ 74.557777][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.560988][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) [ 74.565093][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.569573][ C0] Call Trace: [ 74.571108][ C0] [ 74.572298][ C0] dump_stack_lvl+0x99/0x250 [ 74.574370][ C0] ? __asan_memcpy+0x40/0x70 [ 74.576364][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.578639][ C0] ? __pfx__printk+0x10/0x10 [ 74.580705][ C0] vpanic+0x281/0x750 [ 74.582518][ C0] ? __pfx__printk+0x10/0x10 [ 74.584462][ C0] ? __pfx_vpanic+0x10/0x10 [ 74.586432][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 74.588700][ C0] panic+0xb9/0xc0 [ 74.590350][ C0] ? __pfx_panic+0x10/0x10 [ 74.592272][ C0] __warn+0x31b/0x4b0 [ 74.594043][ C0] ? debug_print_object+0x16b/0x1e0 [ 74.596211][ C0] ? debug_print_object+0x16b/0x1e0 [ 74.598434][ C0] report_bug+0x2be/0x4f0 [ 74.600246][ C0] ? debug_print_object+0x16b/0x1e0 [ 74.602436][ C0] ? debug_print_object+0x16b/0x1e0 [ 74.604660][ C0] ? debug_print_object+0x16d/0x1e0 [ 74.606897][ C0] handle_bug+0x84/0x160 [ 74.608689][ C0] exc_invalid_op+0x1a/0x50 [ 74.610543][ C0] asm_exc_invalid_op+0x1a/0x20 [ 74.612622][ C0] RIP: 0010:debug_print_object+0x16b/0x1e0 [ 74.615069][ C0] Code: 4c 89 ff e8 67 d3 52 fd 4d 8b 0f 48 c7 c7 a0 53 e3 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 0a 73 b1 fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 37 0a d2 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 [ 74.622846][ C0] RSP: 0018:ffffc9000041ec50 EFLAGS: 00010296 [ 74.625103][ C0] RAX: 9823eb705d399600 RBX: dffffc0000000000 RCX: 0000000000040000 [ 74.628194][ C0] RDX: ffffc90001031000 RSI: 00000000000009b9 RDI: 00000000000009ba [ 74.631499][ C0] RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004 [ 74.634640][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa1f4 R12: 0000000000000000 [ 74.637930][ C0] R13: ffffffff8be35520 R14: ffff88801e683180 R15: ffffffff8b8bd420 [ 74.641274][ C0] debug_object_activate+0x26a/0x420 [ 74.643512][ C0] kvfree_call_rcu+0x4f/0x410 [ 74.645469][ C0] cfg80211_update_known_bss+0x634/0x1330 [ 74.647903][ C0] ? cmp_bss+0x8b3/0xe80 [ 74.649749][ C0] ? cmp_bss+0x8b3/0xe80 [ 74.651544][ C0] __cfg80211_bss_update+0x147/0x2120 [ 74.653780][ C0] ? do_raw_spin_lock+0x121/0x290 [ 74.656007][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 74.658270][ C0] ? trace_kmalloc+0x1f/0xd0 [ 74.660284][ C0] ? cfg80211_inform_single_bss_data+0xb90/0x1ac0 [ 74.663077][ C0] cfg80211_inform_single_bss_data+0xba9/0x1ac0 [ 74.665737][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 74.669068][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.671724][ C0] ? queue_work_on+0x1ed/0x270 [ 74.673870][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.676586][ C0] ? cfg80211_inform_bss_data+0x1e8/0x3b30 [ 74.679081][ C0] cfg80211_inform_bss_data+0x1fb/0x3b30 [ 74.681542][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 74.683865][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.686120][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 74.688335][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 74.690812][ C0] ? ieee80211_rx_handlers+0xb6f3/0xb760 [ 74.693118][ C0] ? ieee80211_rx_handlers+0xb6f3/0xb760 [ 74.695375][ C0] ? __lock_acquire+0xab9/0xd20 [ 74.697288][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 74.700374][ C0] ? __lock_acquire+0xab9/0xd20 [ 74.703069][ C0] ? __pfx_ieee80211_rx_handlers+0x10/0x10 [ 74.706224][ C0] ? unwind_next_frame+0xa5/0x2390 [ 74.709033][ C0] ? ieee80211_bss_info_update+0x2dc/0x9e0 [ 74.712099][ C0] cfg80211_inform_bss_frame_data+0x3d7/0x730 [ 74.715321][ C0] ? ieee80211_bss_info_update+0x2dc/0x9e0 [ 74.718376][ C0] ieee80211_bss_info_update+0x746/0x9e0 [ 74.721255][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 74.724329][ C0] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 74.726671][ C0] ieee80211_scan_rx+0x593/0xa20 [ 74.728786][ C0] ieee80211_rx_list+0x201c/0x2a90 [ 74.731015][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 74.733427][ C0] ? ieee80211_rx_napi+0xca/0x3d0 [ 74.735533][ C0] ? ieee80211_rx_napi+0xca/0x3d0 [ 74.737571][ C0] ? ieee80211_rx_napi+0xca/0x3d0 [ 74.739664][ C0] ieee80211_rx_napi+0x1a8/0x3d0 [ 74.741830][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 74.744174][ C0] ? skb_dequeue+0x10e/0x150 [ 74.746349][ C0] ieee80211_handle_queued_frames+0xe8/0x1f0 [ 74.748865][ C0] tasklet_action_common+0x369/0x580 [ 74.751151][ C0] ? __pfx_tasklet_action_common+0x10/0x10 [ 74.753610][ C0] ? workqueue_softirq_action+0xd4/0x150 [ 74.756007][ C0] handle_softirqs+0x283/0x870 [ 74.758022][ C0] ? run_ksoftirqd+0x9b/0x100 [ 74.760083][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 74.762442][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.764594][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.766786][ C0] run_ksoftirqd+0x9b/0x100 [ 74.768761][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 74.770953][ C0] smpboot_thread_fn+0x53f/0xa60 [ 74.773072][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.775167][ C0] kthread+0x70e/0x8a0 [ 74.776896][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 74.779182][ C0] ? __pfx_kthread+0x10/0x10 [ 74.781169][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.783400][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.785597][ C0] ? __pfx_kthread+0x10/0x10 [ 74.787571][ C0] ret_from_fork+0x3fc/0x770 [ 74.789562][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 74.791713][ C0] ? __pfx_kthread+0x10/0x10 [ 74.793677][ C0] ret_from_fork_asm+0x1a/0x30 [ 74.795771][ C0] [ 74.797434][ C0] Kernel Offset: disabled [ 74.799341][ C0] Rebooting in 86400 seconds..