program: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @broadcast, @broadcast, @initial, {0x0, 0x3}}, 0x3, @random=0x7, 0x1, @val={0x0, 0x4, @random="a9de5f05"}, @val, @val={0x3, 0x1, 0xc}, @val={0x4, 0x6, {0x8, 0x7, 0x10}}, @void, @void, @val={0x25, 0x3, {0x0, 0x6b754fef1e5f8bf2, 0x3}}, @val={0x2a, 0x1, {0x1}}, @void, @void, @val={0x72, 0x6}, @void, @void}, 0x47) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x401, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x30, r2, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004841}, 0x80) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r12, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r14, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r14, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) r16 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r16, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff05000500", 0x2c}, {&(0x7f00000019c0)="06bb", 0x2}], 0x2}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x0, 0x4, 0x0, 0x0, 0xffffffff}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffffb, 0x0, 0x0, 0x1000}}]}]}}}]}, 0x6c}}, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socket$inet6_sctp(0xa, 0x5, 0x84) [ 71.916991][ T48] Bluetooth: hci0: command tx timeout [ 71.996064][ T5316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.030808][ T5316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 72.070929][ T5314] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 72.074391][ T5314] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 72.089256][ T5317] wlan1: aborting authentication with 08:02:11:00:00:00 by local choice (Reason: 4=DISASSOC_DUE_TO_INACTIVITY) [ 72.099308][ T5316] netlink: 'syz.0.0': attribute type 10 has an invalid length. [ 72.115491][ T5316] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 72.124503][ T5316] wlan1: authenticate with 08:02:11:00:00:00 (local address=aa:aa:aa:aa:aa:17) [ 72.129035][ T5316] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 72.144741][ T5316] bond0: entered promiscuous mode [ 72.148559][ T5316] bond_slave_0: entered promiscuous mode [ 72.150812][ T5316] bond_slave_1: entered promiscuous mode [ 72.153005][ T5316] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 72.238186][ T30] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 72.347926][ T30] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 72.456861][ T1031] wlan1: authentication with 08:02:11:00:00:00 timed out [ 72.461145][ T1031] ================================================================== [ 72.463972][ T1031] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 [ 72.466686][ T1031] Read of size 8 at addr ffff888052c69850 by task kworker/u4:5/1031 [ 72.469429][ T1031] [ 72.470288][ T1031] CPU: 0 UID: 0 PID: 1031 Comm: kworker/u4:5 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 [ 72.474168][ T1031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.478092][ T1031] Workqueue: events_unbound cfg80211_wiphy_work [ 72.480464][ T1031] Call Trace: [ 72.481737][ T1031] [ 72.482868][ T1031] dump_stack_lvl+0x241/0x360 [ 72.484654][ T1031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.486561][ T1031] ? __pfx__printk+0x10/0x10 [ 72.488259][ T1031] ? _printk+0xd5/0x120 [ 72.489846][ T1031] ? __virt_addr_valid+0x183/0x530 [ 72.491792][ T1031] ? __virt_addr_valid+0x183/0x530 [ 72.493541][ T1031] print_report+0x169/0x550 [ 72.495227][ T1031] ? __virt_addr_valid+0x183/0x530 [ 72.497169][ T1031] ? __virt_addr_valid+0x183/0x530 [ 72.499024][ T1031] ? __virt_addr_valid+0x45f/0x530 [ 72.500910][ T1031] ? __phys_addr+0xba/0x170 [ 72.502622][ T1031] ? __lock_acquire+0x78/0x2100 [ 72.504535][ T1031] kasan_report+0x143/0x180 [ 72.506239][ T1031] ? __lock_acquire+0x78/0x2100 [ 72.508069][ T1031] __lock_acquire+0x78/0x2100 [ 72.509739][ T1031] ? mark_lock+0x9a/0x360 [ 72.511357][ T1031] ? __lock_acquire+0x1397/0x2100 [ 72.513244][ T1031] lock_acquire+0x1ed/0x550 [ 72.514941][ T1031] ? lockref_get+0x15/0x60 [ 72.516662][ T1031] ? __pfx_lock_acquire+0x10/0x10 [ 72.518415][ T1031] ? simple_pin_fs+0x91/0x160 [ 72.520026][ T1031] ? do_raw_spin_lock+0x14f/0x370 [ 72.522189][ T1031] ? __pfx_lock_release+0x10/0x10 [ 72.524593][ T1031] _raw_spin_lock+0x2e/0x40 [ 72.526807][ T1031] ? lockref_get+0x15/0x60 [ 72.528915][ T1031] lockref_get+0x15/0x60 [ 72.530640][ T1031] simple_recursive_removal+0x35/0x8f0 [ 72.532690][ T1031] ? mntput+0x65/0xc0 [ 72.534192][ T1031] ? __pfx_remove_one+0x10/0x10 [ 72.536030][ T1031] debugfs_remove+0x49/0x70 [ 72.537365][ T1031] ieee80211_sta_debugfs_remove+0x40/0x60 [ 72.539241][ T1031] __sta_info_destroy_part2+0x35e/0x450 [ 72.541115][ T1031] sta_info_destroy_addr+0xf4/0x140 [ 72.543052][ T1031] ieee80211_destroy_auth_data+0x139/0x270 [ 72.545072][ T1031] ieee80211_sta_work+0x1256/0x3890 [ 72.547102][ T1031] ? mark_lock+0x9a/0x360 [ 72.548690][ T1031] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 72.550767][ T1031] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 72.553004][ T1031] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 72.555068][ T1031] ? lockdep_hardirqs_on+0x99/0x150 [ 72.556999][ T1031] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 72.559311][ T1031] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.562283][ T1031] ? skb_dequeue+0x113/0x150 [ 72.564368][ T1031] ? ieee80211_iface_work+0xc0d/0xf20 [ 72.566211][ T1031] ? ieee80211_iface_work+0xe29/0xf20 [ 72.568091][ T1031] ? rcu_is_watching+0x15/0xb0 [ 72.569836][ T1031] cfg80211_wiphy_work+0x2db/0x480 [ 72.571729][ T1031] ? process_scheduled_works+0x976/0x1840 [ 72.573901][ T1031] process_scheduled_works+0xa66/0x1840 [ 72.576053][ T1031] ? __pfx_process_scheduled_works+0x10/0x10 [ 72.578302][ T1031] ? assign_work+0x364/0x3d0 [ 72.580088][ T1031] worker_thread+0x870/0xd30 [ 72.581938][ T1031] ? __kthread_parkme+0x169/0x1d0 [ 72.583888][ T1031] ? __pfx_worker_thread+0x10/0x10 [ 72.585791][ T1031] kthread+0x2f0/0x390 [ 72.587355][ T1031] ? __pfx_worker_thread+0x10/0x10 [ 72.589211][ T1031] ? __pfx_kthread+0x10/0x10 [ 72.590820][ T1031] ret_from_fork+0x4b/0x80 [ 72.592404][ T1031] ? __pfx_kthread+0x10/0x10 [ 72.594101][ T1031] ret_from_fork_asm+0x1a/0x30 [ 72.595912][ T1031] [ 72.597074][ T1031] [ 72.598118][ T1031] Allocated by task 5316: [ 72.599828][ T1031] kasan_save_track+0x3f/0x80 [ 72.601642][ T1031] __kasan_slab_alloc+0x66/0x80 [ 72.603406][ T1031] kmem_cache_alloc_lru_noprof+0x1dd/0x390 [ 72.605486][ T1031] __d_alloc+0x31/0x700 [ 72.606906][ T1031] d_alloc_parallel+0xdf/0x1600 [ 72.608734][ T1031] __lookup_slow+0x117/0x3f0 [ 72.610388][ T1031] lookup_one_len+0x18b/0x2d0 [ 72.612159][ T1031] start_creating+0x187/0x310 [ 72.614126][ T1031] debugfs_create_dir+0x25/0x430 [ 72.616482][ T1031] ieee80211_sta_debugfs_add+0x132/0x820 [ 72.618718][ T1031] sta_info_insert_rcu+0xecf/0x1900 [ 72.620823][ T1031] sta_info_insert+0x16/0xc0 [ 72.622810][ T1031] ieee80211_prep_connection+0xecd/0x12d0 [ 72.625427][ T1031] ieee80211_mgd_auth+0xd42/0x14c0 [ 72.627741][ T1031] cfg80211_mlme_auth+0x59f/0x970 [ 72.629643][ T1031] cfg80211_conn_do_work+0x5ed/0xe60 [ 72.631672][ T1031] cfg80211_connect+0x1486/0x1d10 [ 72.633538][ T1031] nl80211_connect+0x188f/0x1fe0 [ 72.635433][ T1031] genl_rcv_msg+0xb14/0xec0 [ 72.637169][ T1031] netlink_rcv_skb+0x1e3/0x430 [ 72.638899][ T1031] genl_rcv+0x28/0x40 [ 72.640412][ T1031] netlink_unicast+0x7f6/0x990 [ 72.642161][ T1031] netlink_sendmsg+0x8e4/0xcb0 [ 72.643918][ T1031] __sock_sendmsg+0x221/0x270 [ 72.645633][ T1031] ____sys_sendmsg+0x52a/0x7e0 [ 72.647318][ T1031] __sys_sendmsg+0x269/0x350 [ 72.648942][ T1031] do_syscall_64+0xf3/0x230 [ 72.650575][ T1031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.653316][ T1031] [ 72.654355][ T1031] Freed by task 30: [ 72.656024][ T1031] kasan_save_track+0x3f/0x80 [ 72.658070][ T1031] kasan_save_free_info+0x40/0x50 [ 72.660269][ T1031] __kasan_slab_free+0x59/0x70 [ 72.661969][ T1031] kmem_cache_free+0x195/0x410 [ 72.663585][ T1031] rcu_core+0xaaa/0x17a0 [ 72.665032][ T1031] handle_softirqs+0x2d4/0x9b0 [ 72.667106][ T1031] do_softirq+0x11b/0x1e0 [ 72.669110][ T1031] __local_bh_enable_ip+0x1bb/0x200 [ 72.671047][ T1031] batadv_nc_purge_paths+0x312/0x3b0 [ 72.672934][ T1031] batadv_nc_worker+0x328/0x610 [ 72.674669][ T1031] process_scheduled_works+0xa66/0x1840 [ 72.676553][ T1031] worker_thread+0x870/0xd30 [ 72.678226][ T1031] kthread+0x2f0/0x390 [ 72.679654][ T1031] ret_from_fork+0x4b/0x80 [ 72.681184][ T1031] ret_from_fork_asm+0x1a/0x30 [ 72.682821][ T1031] [ 72.683737][ T1031] Last potentially related work creation: [ 72.685772][ T1031] kasan_save_stack+0x3f/0x60 [ 72.687407][ T1031] __kasan_record_aux_stack+0xac/0xc0 [ 72.689236][ T1031] call_rcu+0x167/0xa70 [ 72.690800][ T1031] __dentry_kill+0x497/0x630 [ 72.692474][ T1031] dput+0x19f/0x2b0 [ 72.693757][ T1031] simple_recursive_removal+0x2bd/0x8f0 [ 72.695854][ T1031] debugfs_remove+0x49/0x70 [ 72.697580][ T1031] ieee80211_debugfs_recreate_netdev+0xc4/0x1400 [ 72.699929][ T1031] drv_remove_interface+0x1e1/0x590 [ 72.701877][ T1031] ieee80211_change_mac+0xaf5/0x11e0 [ 72.703803][ T1031] dev_set_mac_address+0x327/0x510 [ 72.705641][ T1031] bond_set_mac_address+0x28e/0x7f0 [ 72.707506][ T1031] dev_set_mac_address+0x327/0x510 [ 72.709374][ T1031] dev_set_mac_address_user+0x31/0x50 [ 72.711644][ T1031] do_setlink+0x74b/0x4210 [ 72.713252][ T1031] rtnl_newlink+0x1bb6/0x2210 [ 72.714936][ T1031] rtnetlink_rcv_msg+0x791/0xcf0 [ 72.716323][ T1031] netlink_rcv_skb+0x1e3/0x430 [ 72.717712][ T1031] netlink_unicast+0x7f6/0x990 [ 72.719289][ T1031] netlink_sendmsg+0x8e4/0xcb0 [ 72.720800][ T1031] __sock_sendmsg+0x221/0x270 [ 72.722293][ T1031] ____sys_sendmsg+0x52a/0x7e0 [ 72.723966][ T1031] __sys_sendmsg+0x269/0x350 [ 72.725488][ T1031] do_syscall_64+0xf3/0x230 [ 72.727115][ T1031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.729204][ T1031] [ 72.730094][ T1031] The buggy address belongs to the object at ffff888052c69780 [ 72.730094][ T1031] which belongs to the cache dentry of size 312 [ 72.734942][ T1031] The buggy address is located 208 bytes inside of [ 72.734942][ T1031] freed 312-byte region [ffff888052c69780, ffff888052c698b8) [ 72.739980][ T1031] [ 72.740884][ T1031] The buggy address belongs to the physical page: [ 72.743266][ T1031] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52c68 [ 72.746861][ T1031] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 72.749833][ T1031] memcg:ffff8880367e3b01 [ 72.751408][ T1031] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 72.754295][ T1031] page_type: f5(slab) [ 72.755775][ T1031] raw: 04fff00000000040 ffff88801be918c0 dead000000000122 0000000000000000 [ 72.759065][ T1031] raw: 0000000000000000 0000000000150015 00000001f5000000 ffff8880367e3b01 [ 72.762131][ T1031] head: 04fff00000000040 ffff88801be918c0 dead000000000122 0000000000000000 [ 72.765241][ T1031] head: 0000000000000000 0000000000150015 00000001f5000000 ffff8880367e3b01 [ 72.768286][ T1031] head: 04fff00000000001 ffffea00014b1a01 ffffffffffffffff 0000000000000000 [ 72.771433][ T1031] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 72.774697][ T1031] page dumped because: kasan: bad access detected [ 72.777346][ T1031] page_owner tracks the page as allocated [ 72.779537][ T1031] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5316, tgid 5315 (syz.0.0), ts 72109924052, free_ts 0 [ 72.787585][ T1031] post_alloc_hook+0x1f3/0x230 [ 72.789428][ T1031] get_page_from_freelist+0x365c/0x37a0 [ 72.791498][ T1031] __alloc_pages_noprof+0x292/0x710 [ 72.793439][ T1031] alloc_pages_mpol_noprof+0x3e8/0x680 [ 72.795429][ T1031] alloc_slab_page+0x6a/0x110 [ 72.797187][ T1031] allocate_slab+0x5a/0x2b0 [ 72.798920][ T1031] ___slab_alloc+0xc27/0x14a0 [ 72.800803][ T1031] __slab_alloc+0x58/0xa0 [ 72.802485][ T1031] kmem_cache_alloc_lru_noprof+0x26c/0x390 [ 72.804710][ T1031] __d_alloc+0x31/0x700 [ 72.806323][ T1031] d_alloc_parallel+0xdf/0x1600 [ 72.808246][ T1031] __lookup_slow+0x117/0x3f0 [ 72.810065][ T1031] lookup_one_len+0x18b/0x2d0 [ 72.811889][ T1031] start_creating+0x187/0x310 [ 72.813662][ T1031] __debugfs_create_file+0x73/0x4b0 [ 72.815832][ T1031] ieee80211_debugfs_recreate_netdev+0xaad/0x1400 [ 72.818127][ T1031] page_owner free stack trace missing [ 72.820139][ T1031] [ 72.820999][ T1031] Memory state around the buggy address: [ 72.822965][ T1031] ffff888052c69700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 72.825798][ T1031] ffff888052c69780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.828535][ T1031] >ffff888052c69800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.831449][ T1031] ^ [ 72.833777][ T1031] ffff888052c69880: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa [ 72.836751][ T1031] ffff888052c69900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.839705][ T1031] ================================================================== [ 72.842678][ T1031] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 72.845339][ T1031] CPU: 0 UID: 0 PID: 1031 Comm: kworker/u4:5 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 [ 72.849455][ T1031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.853436][ T1031] Workqueue: events_unbound cfg80211_wiphy_work [ 72.855822][ T1031] Call Trace: [ 72.857078][ T1031] [ 72.858210][ T1031] dump_stack_lvl+0x241/0x360 [ 72.859959][ T1031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.861939][ T1031] ? __pfx__printk+0x10/0x10 [ 72.863628][ T1031] ? rcu_is_watching+0x15/0xb0 [ 72.865365][ T1031] ? lock_release+0xbf/0xa30 [ 72.867141][ T1031] ? vscnprintf+0x5d/0x90 [ 72.868765][ T1031] panic+0x349/0x880 [ 72.870224][ T1031] ? check_panic_on_warn+0x21/0xb0 [ 72.872200][ T1031] ? __pfx_panic+0x10/0x10 [ 72.873923][ T1031] ? do_raw_spin_unlock+0x58/0x8b0 [ 72.875935][ T1031] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 72.878168][ T1031] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.880567][ T1031] ? print_report+0x502/0x550 [ 72.882344][ T1031] check_panic_on_warn+0x86/0xb0 [ 72.884235][ T1031] ? __lock_acquire+0x78/0x2100 [ 72.886018][ T1031] end_report+0x77/0x160 [ 72.887759][ T1031] kasan_report+0x154/0x180 [ 72.889507][ T1031] ? __lock_acquire+0x78/0x2100 [ 72.891318][ T1031] __lock_acquire+0x78/0x2100 [ 72.893125][ T1031] ? mark_lock+0x9a/0x360 [ 72.894728][ T1031] ? __lock_acquire+0x1397/0x2100 [ 72.896566][ T1031] lock_acquire+0x1ed/0x550 [ 72.898229][ T1031] ? lockref_get+0x15/0x60 [ 72.900024][ T1031] ? __pfx_lock_acquire+0x10/0x10 [ 72.901955][ T1031] ? simple_pin_fs+0x91/0x160 [ 72.903725][ T1031] ? do_raw_spin_lock+0x14f/0x370 [ 72.905525][ T1031] ? __pfx_lock_release+0x10/0x10 [ 72.907491][ T1031] _raw_spin_lock+0x2e/0x40 [ 72.909236][ T1031] ? lockref_get+0x15/0x60 [ 72.910922][ T1031] lockref_get+0x15/0x60 [ 72.912538][ T1031] simple_recursive_removal+0x35/0x8f0 [ 72.914558][ T1031] ? mntput+0x65/0xc0 [ 72.916079][ T1031] ? __pfx_remove_one+0x10/0x10 [ 72.917972][ T1031] debugfs_remove+0x49/0x70 [ 72.919683][ T1031] ieee80211_sta_debugfs_remove+0x40/0x60 [ 72.921836][ T1031] __sta_info_destroy_part2+0x35e/0x450 [ 72.923848][ T1031] sta_info_destroy_addr+0xf4/0x140 [ 72.925780][ T1031] ieee80211_destroy_auth_data+0x139/0x270 [ 72.927985][ T1031] ieee80211_sta_work+0x1256/0x3890 [ 72.929947][ T1031] ? mark_lock+0x9a/0x360 [ 72.931618][ T1031] ? __pfx_ieee80211_sta_work+0x10/0x10 [ 72.933734][ T1031] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 72.936087][ T1031] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 72.938369][ T1031] ? lockdep_hardirqs_on+0x99/0x150 [ 72.940400][ T1031] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 72.942577][ T1031] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.945014][ T1031] ? skb_dequeue+0x113/0x150 [ 72.946841][ T1031] ? ieee80211_iface_work+0xc0d/0xf20 [ 72.948855][ T1031] ? ieee80211_iface_work+0xe29/0xf20 [ 72.950904][ T1031] ? rcu_is_watching+0x15/0xb0 [ 72.952757][ T1031] cfg80211_wiphy_work+0x2db/0x480 [ 72.954680][ T1031] ? process_scheduled_works+0x976/0x1840 [ 72.956850][ T1031] process_scheduled_works+0xa66/0x1840 [ 72.958958][ T1031] ? __pfx_process_scheduled_works+0x10/0x10 [ 72.961171][ T1031] ? assign_work+0x364/0x3d0 [ 72.962877][ T1031] worker_thread+0x870/0xd30 [ 72.964681][ T1031] ? __kthread_parkme+0x169/0x1d0 [ 72.966594][ T1031] ? __pfx_worker_thread+0x10/0x10 [ 72.968537][ T1031] kthread+0x2f0/0x390 [ 72.970107][ T1031] ? __pfx_worker_thread+0x10/0x10 [ 72.972129][ T1031] ? __pfx_kthread+0x10/0x10 [ 72.973866][ T1031] ret_from_fork+0x4b/0x80 [ 72.975579][ T1031] ? __pfx_kthread+0x10/0x10 [ 72.977311][ T1031] ret_from_fork_asm+0x1a/0x30 [ 72.979180][ T1031] [ 72.980604][ T1031] Kernel Offset: disabled [ 72.982214][ T1031] Rebooting in 86400 seconds..