program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="b00000000002110000011bc34b17fca4f0ffffff0100000028ebed01e5bc70589a5bc16a3af384cc68d30bc4fba39c5aad4d5054cd6660fdef229dffc7fa8b440e6015cfc82961bfcb8ecf87bfa4ea389116a38dd8514bf6e763d8a8b0ba1c60474ed85133352c1d5aa5b94653606ee1e0ae0631f42431"], 0x1e) syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000380)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x420, 0x0, @default, @val, @void}, 0x20) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newlink={0x24c, 0x10, 0x401, 0x0, 0xfffffffe, {0x0, 0x48, 0x0, r2, 0x21eae}, [@IFLA_VFINFO_LIST={0xb0, 0x16, 0x0, 0x1, [{0xac, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x5, 0x2}}, @IFLA_VF_RATE={0x10, 0x6, {0x3ff, 0x3, 0x800}}, @IFLA_VF_MAC={0x28, 0x1, {0x81, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}, @IFLA_VF_VLAN={0x10, 0x2, {0x2, 0xe80, 0xb}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0xf3, 0x40}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x2}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x0, 0x7ff}}, @IFLA_VF_MAC={0x28, 0x1, {0x40, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}}]}]}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MTU={0x8}, @IFLA_IFALIAS={0x14, 0x14, 'sit0\x00'}, @IFLA_VF_PORTS={0x134, 0x18, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "19210ac1e39e4c1770ddff45d5b39afe"}, @IFLA_PORT_VF={0x8, 0x1, 0x80000000}]}, {0x74, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xd, 0x2, '\'-/+*-.#\x00'}, @IFLA_PORT_VF={0x8, 0x1, 0x5}, @IFLA_PORT_REQUEST={0x5, 0x6, 0xa1}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "35839564f8b897bd521f800722775a6e"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "734d1f275df5483bc7f94b838150a58c"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "25fa3641a2d917e7b9d35d9cfae8f4f1"}, @IFLA_PORT_PROFILE={0xc, 0x2, 'devlink\x00'}, @IFLA_PORT_VF={0x8, 0x1, 0x1}]}, {0x2c, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xa, 0x2, '\x02\x02\x02\x02\x02\x02'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "289653703fba220585c0a91e985cec8b"}, @IFLA_PORT_VF={0x8, 0x1, 0x1}]}, {0x18, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xa, 0x2, '\x02\x02\x02\x02\x02\x02'}, @IFLA_PORT_VF={0x8, 0x1, 0x1}]}, {0x58, 0x1, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x1, 0x1}, @IFLA_PORT_VF={0x8, 0x1, 0xd6}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "f507858d4e0ffa647aba79a5b05c4755"}, @IFLA_PORT_PROFILE={0x8, 0x2, '(\'$\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "e228adad6ab4a13f1ecb1b51e21035cc"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "869f10efaf2ed50027d0eee5b82826da"}]}]}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x6}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xffffcddb}, @IFLA_TXQLEN={0x8, 0xd, 0x3}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x24c}}, 0x0) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r6, 0x1, 0x0, 0x0, {0x1c}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}}, 0x0) [ 85.403366][ T5335] Bluetooth: hci0: command tx timeout [ 85.533217][ T5358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.565220][ T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 85.568917][ T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 85.600741][ T5358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.606405][ T5358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.680718][ T12] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 85.791062][ T1037] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 85.900011][ T1040] wlan1: authentication with 08:02:11:00:00:00 timed out [ 85.903248][ T1040] ================================================================== [ 85.906531][ T1040] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40 [ 85.909768][ T1040] Read of size 1 at addr ffff8880520abe30 by task kworker/u4:6/1040 [ 85.913264][ T1040] [ 85.914348][ T1040] CPU: 0 UID: 0 PID: 1040 Comm: kworker/u4:6 Not tainted syzkaller #0 PREEMPT(full) [ 85.914363][ T1040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.914371][ T1040] Workqueue: events_unbound cfg80211_wiphy_work [ 85.914429][ T1040] Call Trace: [ 85.914436][ T1040] [ 85.914441][ T1040] dump_stack_lvl+0x189/0x250 [ 85.914456][ T1040] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.914472][ T1040] ? rcu_is_watching+0x15/0xb0 [ 85.914513][ T1040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.914525][ T1040] ? rcu_is_watching+0x15/0xb0 [ 85.914536][ T1040] ? lock_release+0x4b/0x3e0 [ 85.914550][ T1040] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 85.914567][ T1040] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.914577][ T1040] ? __virt_addr_valid+0x4a5/0x5c0 [ 85.914589][ T1040] print_report+0xca/0x240 [ 85.914600][ T1040] ? _raw_spin_lock+0x2e/0x40 [ 85.914614][ T1040] kasan_report+0x118/0x150 [ 85.914627][ T1040] ? _raw_spin_lock+0x2e/0x40 [ 85.914643][ T1040] ? lockref_get+0x15/0x60 [ 85.914654][ T1040] __kasan_check_byte+0x2a/0x40 [ 85.914668][ T1040] lock_acquire+0x8d/0x360 [ 85.914683][ T1040] ? do_raw_spin_lock+0x121/0x290 [ 85.914697][ T1040] _raw_spin_lock+0x2e/0x40 [ 85.914711][ T1040] ? lockref_get+0x15/0x60 [ 85.914721][ T1040] lockref_get+0x15/0x60 [ 85.914730][ T1040] __simple_recursive_removal+0x33/0x510 [ 85.914742][ T1040] ? mntput+0x65/0xc0 [ 85.914752][ T1040] ? __pfx_remove_one+0x10/0x10 [ 85.914767][ T1040] debugfs_remove+0x5b/0x70 [ 85.914780][ T1040] ieee80211_sta_debugfs_remove+0x40/0x70 [ 85.914797][ T1040] __sta_info_destroy_part2+0x352/0x450 [ 85.914808][ T1040] sta_info_destroy_addr+0xf5/0x140 [ 85.914819][ T1040] ieee80211_destroy_auth_data+0x12d/0x260 [ 85.914833][ T1040] ieee80211_sta_work+0x11cf/0x3600 [ 85.914845][ T1040] ? do_raw_spin_unlock+0x4d/0x240 [ 85.914860][ T1040] ? __lock_acquire+0xab9/0xd20 [ 85.914876][ T1040] ? __lock_acquire+0xab9/0xd20 [ 85.914890][ T1040] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 85.914903][ T1040] ? do_raw_spin_lock+0x121/0x290 [ 85.914917][ T1040] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 85.914933][ T1040] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.914944][ T1040] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 85.914959][ T1040] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.914974][ T1040] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.914988][ T1040] ? skb_dequeue+0x10e/0x150 [ 85.915002][ T1040] ? ieee80211_iface_work+0xfc4/0x12d0 [ 85.915019][ T1040] ? ieee80211_iface_work+0x11d6/0x12d0 [ 85.915041][ T1040] ? rcu_is_watching+0x15/0xb0 [ 85.915052][ T1040] cfg80211_wiphy_work+0x2bb/0x470 [ 85.915062][ T1040] ? process_scheduled_works+0x9ef/0x17b0 [ 85.915073][ T1040] process_scheduled_works+0xae1/0x17b0 [ 85.915089][ T1040] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.915102][ T1040] worker_thread+0x8a0/0xda0 [ 85.915119][ T1040] kthread+0x70e/0x8a0 [ 85.915132][ T1040] ? __pfx_worker_thread+0x10/0x10 [ 85.915142][ T1040] ? __pfx_kthread+0x10/0x10 [ 85.915155][ T1040] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.915170][ T1040] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.915179][ T1040] ? __pfx_kthread+0x10/0x10 [ 85.915192][ T1040] ret_from_fork+0x439/0x7d0 [ 85.915204][ T1040] ? __pfx_ret_from_fork+0x10/0x10 [ 85.915217][ T1040] ? __pfx_kthread+0x10/0x10 [ 85.915230][ T1040] ret_from_fork_asm+0x1a/0x30 [ 85.915248][ T1040] [ 85.915252][ T1040] [ 86.056838][ T1040] Allocated by task 9: [ 86.058462][ T1040] kasan_save_track+0x3e/0x80 [ 86.060457][ T1040] __kasan_slab_alloc+0x6c/0x80 [ 86.062643][ T1040] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0 [ 86.065567][ T1040] __d_alloc+0x36/0x7a0 [ 86.067634][ T1040] d_alloc_parallel+0xe5/0x15e0 [ 86.069872][ T1040] __lookup_slow+0x116/0x3d0 [ 86.072112][ T1040] simple_start_creating+0xfd/0x1e0 [ 86.074903][ T1040] start_creating+0x10f/0x180 [ 86.076905][ T1040] debugfs_create_dir+0x28/0x420 [ 86.079211][ T1040] ieee80211_sta_debugfs_add+0x12c/0x850 [ 86.082060][ T1040] sta_info_insert_rcu+0xfac/0x1940 [ 86.084625][ T1040] sta_info_insert+0x16/0xc0 [ 86.086978][ T1040] ieee80211_prep_connection+0xfce/0x13f0 [ 86.089487][ T1040] ieee80211_mgd_auth+0xee3/0x1770 [ 86.091881][ T1040] cfg80211_mlme_auth+0x632/0x9c0 [ 86.094068][ T1040] cfg80211_conn_do_work+0x501/0xd10 [ 86.096348][ T1040] cfg80211_conn_work+0x2c0/0x460 [ 86.098489][ T1040] process_scheduled_works+0xae1/0x17b0 [ 86.100856][ T1040] worker_thread+0x8a0/0xda0 [ 86.102773][ T1040] kthread+0x70e/0x8a0 [ 86.104589][ T1040] ret_from_fork+0x439/0x7d0 [ 86.106582][ T1040] ret_from_fork_asm+0x1a/0x30 [ 86.108546][ T1040] [ 86.109573][ T1040] Freed by task 15: [ 86.111211][ T1040] kasan_save_track+0x3e/0x80 [ 86.113208][ T1040] kasan_save_free_info+0x46/0x50 [ 86.115369][ T1040] __kasan_slab_free+0x5b/0x80 [ 86.117464][ T1040] kmem_cache_free+0x18f/0x400 [ 86.119522][ T1040] rcu_core+0xca8/0x1770 [ 86.121367][ T1040] handle_softirqs+0x283/0x870 [ 86.123341][ T1040] run_ksoftirqd+0x9b/0x100 [ 86.125233][ T1040] smpboot_thread_fn+0x53f/0xa60 [ 86.127482][ T1040] kthread+0x70e/0x8a0 [ 86.129451][ T1040] ret_from_fork+0x439/0x7d0 [ 86.131547][ T1040] ret_from_fork_asm+0x1a/0x30 [ 86.133646][ T1040] [ 86.134684][ T1040] Last potentially related work creation: [ 86.136992][ T1040] kasan_save_stack+0x3e/0x60 [ 86.139049][ T1040] kasan_record_aux_stack+0xbd/0xd0 [ 86.141236][ T1040] call_rcu+0x157/0x9c0 [ 86.143149][ T1040] __dentry_kill+0x4d2/0x660 [ 86.145107][ T1040] dput+0x19f/0x2b0 [ 86.146800][ T1040] find_next_child+0x1e5/0x250 [ 86.148831][ T1040] __simple_recursive_removal+0x10b/0x510 [ 86.151311][ T1040] debugfs_remove+0x5b/0x70 [ 86.153441][ T1040] ieee80211_debugfs_recreate_netdev+0xbf/0x1460 [ 86.156179][ T1040] drv_remove_interface+0x1fa/0x590 [ 86.158463][ T1040] ieee80211_change_mac+0x912/0x12d0 [ 86.160751][ T1040] netif_set_mac_address+0x2fc/0x4c0 [ 86.162890][ T1040] do_setlink+0x88c/0x41c0 [ 86.164746][ T1040] rtnl_newlink+0x160b/0x1c70 [ 86.166778][ T1040] rtnetlink_rcv_msg+0x7cf/0xb70 [ 86.168847][ T1040] netlink_rcv_skb+0x208/0x470 [ 86.170935][ T1040] netlink_unicast+0x82c/0x9e0 [ 86.173093][ T1040] netlink_sendmsg+0x805/0xb30 [ 86.175452][ T1040] __sock_sendmsg+0x219/0x270 [ 86.177643][ T1040] ____sys_sendmsg+0x505/0x830 [ 86.179689][ T1040] ___sys_sendmsg+0x21f/0x2a0 [ 86.181682][ T1040] __x64_sys_sendmsg+0x19b/0x260 [ 86.184062][ T1040] do_syscall_64+0xfa/0x3b0 [ 86.186440][ T1040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.189494][ T1040] [ 86.190837][ T1040] The buggy address belongs to the object at ffff8880520abd60 [ 86.190837][ T1040] which belongs to the cache dentry of size 312 [ 86.196657][ T1040] The buggy address is located 208 bytes inside of [ 86.196657][ T1040] freed 312-byte region [ffff8880520abd60, ffff8880520abe98) [ 86.202542][ T1040] [ 86.203629][ T1040] The buggy address belongs to the physical page: [ 86.206407][ T1040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x520aa [ 86.210192][ T1040] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 86.213816][ T1040] memcg:ffff888030b74c01 [ 86.215713][ T1040] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 86.218992][ T1040] page_type: f5(slab) [ 86.220760][ T1040] raw: 04fff00000000040 ffff88801bacc780 dead000000000122 0000000000000000 [ 86.225099][ T1040] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff888030b74c01 [ 86.228830][ T1040] head: 04fff00000000040 ffff88801bacc780 dead000000000122 0000000000000000 [ 86.232591][ T1040] head: 0000000000000000 0000000000150015 00000000f5000000 ffff888030b74c01 [ 86.237055][ T1040] head: 04fff00000000001 ffffea0001482a81 00000000ffffffff 00000000ffffffff [ 86.240633][ T1040] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 86.244251][ T1040] page dumped because: kasan: bad access detected [ 86.246946][ T1040] page_owner tracks the page as allocated [ 86.249489][ T1040] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5358, tgid 5357 (syz.0.0), ts 85493312178, free_ts 0 [ 86.258487][ T1040] post_alloc_hook+0x240/0x2a0 [ 86.260428][ T1040] get_page_from_freelist+0x21e4/0x22c0 [ 86.262602][ T1040] __alloc_frozen_pages_noprof+0x181/0x370 [ 86.265040][ T1040] alloc_pages_mpol+0x232/0x4a0 [ 86.267178][ T1040] allocate_slab+0x8a/0x370 [ 86.269052][ T1040] ___slab_alloc+0xbeb/0x1420 [ 86.271056][ T1040] kmem_cache_alloc_lru_noprof+0x288/0x3d0 [ 86.273191][ T1040] __d_alloc+0x36/0x7a0 [ 86.274920][ T1040] d_alloc_parallel+0xe5/0x15e0 [ 86.276844][ T1040] __lookup_slow+0x116/0x3d0 [ 86.278651][ T1040] simple_start_creating+0xfd/0x1e0 [ 86.280676][ T1040] start_creating+0x10f/0x180 [ 86.282621][ T1040] __debugfs_create_file+0x79/0x4f0 [ 86.284687][ T1040] debugfs_create_file_short+0x3f/0x60 [ 86.286953][ T1040] ieee80211_debugfs_recreate_netdev+0xb3b/0x1460 [ 86.289599][ T1040] ieee80211_if_change_type+0x53a/0x990 [ 86.291838][ T1040] page_owner free stack trace missing [ 86.293955][ T1040] [ 86.294978][ T1040] Memory state around the buggy address: [ 86.297293][ T1040] ffff8880520abd00: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb [ 86.300549][ T1040] ffff8880520abd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.303955][ T1040] >ffff8880520abe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.307410][ T1040] ^ [ 86.309686][ T1040] ffff8880520abe80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.313069][ T1040] ffff8880520abf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.316537][ T1040] ================================================================== [ 86.320675][ T1040] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.324099][ T1040] CPU: 0 UID: 0 PID: 1040 Comm: kworker/u4:6 Not tainted syzkaller #0 PREEMPT(full) [ 86.328391][ T1040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.333185][ T1040] Workqueue: events_unbound cfg80211_wiphy_work [ 86.336019][ T1040] Call Trace: [ 86.337563][ T1040] [ 86.338926][ T1040] dump_stack_lvl+0x99/0x250 [ 86.341046][ T1040] ? __asan_memcpy+0x40/0x70 [ 86.343007][ T1040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.345283][ T1040] ? __pfx__printk+0x10/0x10 [ 86.347284][ T1040] vpanic+0x281/0x750 [ 86.348962][ T1040] ? __pfx_vpanic+0x10/0x10 [ 86.350949][ T1040] ? irqentry_exit+0x74/0x90 [ 86.352972][ T1040] panic+0xb9/0xc0 [ 86.354677][ T1040] ? __pfx_panic+0x10/0x10 [ 86.356599][ T1040] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 86.358984][ T1040] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.361437][ T1040] ? is_module_address+0x17/0xf0 [ 86.363496][ T1040] ? _raw_spin_lock+0x2e/0x40 [ 86.365512][ T1040] check_panic_on_warn+0x89/0xb0 [ 86.367556][ T1040] ? _raw_spin_lock+0x2e/0x40 [ 86.369534][ T1040] end_report+0x78/0x160 [ 86.371422][ T1040] kasan_report+0x129/0x150 [ 86.373506][ T1040] ? _raw_spin_lock+0x2e/0x40 [ 86.375640][ T1040] ? lockref_get+0x15/0x60 [ 86.377673][ T1040] __kasan_check_byte+0x2a/0x40 [ 86.379791][ T1040] lock_acquire+0x8d/0x360 [ 86.381838][ T1040] ? do_raw_spin_lock+0x121/0x290 [ 86.384120][ T1040] _raw_spin_lock+0x2e/0x40 [ 86.386206][ T1040] ? lockref_get+0x15/0x60 [ 86.388099][ T1040] lockref_get+0x15/0x60 [ 86.390046][ T1040] __simple_recursive_removal+0x33/0x510 [ 86.392699][ T1040] ? mntput+0x65/0xc0 [ 86.394656][ T1040] ? __pfx_remove_one+0x10/0x10 [ 86.396768][ T1040] debugfs_remove+0x5b/0x70 [ 86.398736][ T1040] ieee80211_sta_debugfs_remove+0x40/0x70 [ 86.401221][ T1040] __sta_info_destroy_part2+0x352/0x450 [ 86.403573][ T1040] sta_info_destroy_addr+0xf5/0x140 [ 86.405886][ T1040] ieee80211_destroy_auth_data+0x12d/0x260 [ 86.408459][ T1040] ieee80211_sta_work+0x11cf/0x3600 [ 86.410703][ T1040] ? do_raw_spin_unlock+0x4d/0x240 [ 86.412807][ T1040] ? __lock_acquire+0xab9/0xd20 [ 86.414917][ T1040] ? __lock_acquire+0xab9/0xd20 [ 86.417064][ T1040] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 86.419435][ T1040] ? do_raw_spin_lock+0x121/0x290 [ 86.421654][ T1040] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 86.424307][ T1040] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.426665][ T1040] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.429212][ T1040] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.431959][ T1040] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 86.434343][ T1040] ? skb_dequeue+0x10e/0x150 [ 86.436476][ T1040] ? ieee80211_iface_work+0xfc4/0x12d0 [ 86.438846][ T1040] ? ieee80211_iface_work+0x11d6/0x12d0 [ 86.441304][ T1040] ? rcu_is_watching+0x15/0xb0 [ 86.443379][ T1040] cfg80211_wiphy_work+0x2bb/0x470 [ 86.445578][ T1040] ? process_scheduled_works+0x9ef/0x17b0 [ 86.447956][ T1040] process_scheduled_works+0xae1/0x17b0 [ 86.450314][ T1040] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.452832][ T1040] worker_thread+0x8a0/0xda0 [ 86.454880][ T1040] kthread+0x70e/0x8a0 [ 86.456722][ T1040] ? __pfx_worker_thread+0x10/0x10 [ 86.459012][ T1040] ? __pfx_kthread+0x10/0x10 [ 86.460939][ T1040] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.463172][ T1040] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.465435][ T1040] ? __pfx_kthread+0x10/0x10 [ 86.467445][ T1040] ret_from_fork+0x439/0x7d0 [ 86.469417][ T1040] ? __pfx_ret_from_fork+0x10/0x10 [ 86.471543][ T1040] ? __pfx_kthread+0x10/0x10 [ 86.473609][ T1040] ret_from_fork_asm+0x1a/0x30 [ 86.475729][ T1040] [ 86.477407][ T1040] Kernel Offset: disabled [ 86.479372][ T1040] Rebooting in 86400 seconds..