------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 0 PID: 15 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366
Modules linked in:
CPU: 0 UID: 0 PID: 15 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: netns cleanup_net
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366
lr : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366
sp : ffff800097ab7110
x29: ffff800097ab7110 x28: ffff0000d908dcb0 x27: ffff0000f43165d0
x26: dfff800000000000 x25: ffff800092c2b000 x24: 0000000000000000
x23: ffff0000f4314dc0 x22: ffff0000f4316ac0 x21: ffff0000d908dc00
x20: ffff0000f4316b18 x19: ffff0000d58d8e80 x18: 1fffe000337d4a90
x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: 0000000000000001
x14: 1fffe000337d7518 x13: 0000000000000000 x12: 0000000000000000
x11: ffff800093134c88 x10: 0000000000000003 x9 : 0c3aa294d71cbe00
x8 : 0c3aa294d71cbe00 x7 : ffff8000804936c4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010
x2 : 0000000000000006 x1 : ffff80008b40b540 x0 : 0000000000000001
Call trace:
 drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 (P)
 ieee80211_assign_link_chanctx+0x200/0xbd0 net/mac80211/chan.c:905
 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1879
 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2154
 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171
 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:875
 ieee80211_uninit+0x20/0x30 net/mac80211/iface.c:880
 unregister_netdevice_many_notify+0x195c/0x20e8 net/core/dev.c:12305
 unregister_netdevice_many net/core/dev.c:12347 [inline]
 unregister_netdevice_queue+0x2b4/0x300 net/core/dev.c:12161
 unregister_netdevice include/linux/netdevice.h:3389 [inline]
 _cfg80211_unregister_wdev+0x154/0x52c net/wireless/core.c:1284
 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1340
 ieee80211_remove_interfaces+0x3b0/0x590 net/mac80211/iface.c:2394
 ieee80211_unregister_hw+0x60/0x29c net/mac80211/main.c:1681
 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5915
 hwsim_exit_net+0xd1c/0xdd8 drivers/net/wireless/virtual/mac80211_hwsim.c:6806
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:252
 cleanup_net+0x3f8/0x6dc net/core/net_namespace.c:695
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3427
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
irq event stamp: 697728
hardirqs last  enabled at (697727): [<ffff800080493758>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1559 [inline]
hardirqs last  enabled at (697727): [<ffff800080493758>] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5073
hardirqs last disabled at (697728): [<ffff80008adf99f4>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412
softirqs last  enabled at (696256): [<ffff80008910276c>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (696256): [<ffff80008910276c>] netif_addr_unlock_bh include/linux/netdevice.h:4849 [inline]
softirqs last  enabled at (696256): [<ffff80008910276c>] dev_mc_flush+0x1b0/0x1f4 net/core/dev_addr_lists.c:1037
softirqs last disabled at (696254): [<ffff800089102c9c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 0 PID: 15 at net/mac80211/driver-ops.h:168 drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline]
WARNING: CPU: 0 PID: 15 at net/mac80211/driver-ops.h:168 ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400
Modules linked in:
CPU: 0 UID: 0 PID: 15 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: netns cleanup_net
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline]
pc : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400
lr : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline]
lr : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400
sp : ffff800097ab7120
x29: ffff800097ab7120 x28: 0000000000000000 x27: ffff0000f43165d0
x26: 1fffe0001e862afe x25: dfff800000000000 x24: ffff800092c2b000
x23: 0000000000000000 x22: ffff0000f4316ac0 x21: ffff0000f4314dc0
x20: ffff0000d58d8e80 x19: 0000000000004000 x18: 1fffe000337d4a90
x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: 0000000000000001
x14: 1fffe000337d7518 x13: 0000000000000000 x12: 0000000000000000
x11: ffff800093134c88 x10: 0000000000000003 x9 : 0c3aa294d71cbe00
x8 : 0c3aa294d71cbe00 x7 : ffff8000804936c4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010
x2 : 0000000000000006 x1 : ffff80008b40b540 x0 : 0000000000000001
Call trace:
 drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] (P)
 ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 (P)
 ieee80211_assign_link_chanctx+0xa3c/0xbd0 net/mac80211/chan.c:963
 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1879
 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2154
 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171
 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:875
 ieee80211_uninit+0x20/0x30 net/mac80211/iface.c:880
 unregister_netdevice_many_notify+0x195c/0x20e8 net/core/dev.c:12305
 unregister_netdevice_many net/core/dev.c:12347 [inline]
 unregister_netdevice_queue+0x2b4/0x300 net/core/dev.c:12161
 unregister_netdevice include/linux/netdevice.h:3389 [inline]
 _cfg80211_unregister_wdev+0x154/0x52c net/wireless/core.c:1284
 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1340
 ieee80211_remove_interfaces+0x3b0/0x590 net/mac80211/iface.c:2394
 ieee80211_unregister_hw+0x60/0x29c net/mac80211/main.c:1681
 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5915
 hwsim_exit_net+0xd1c/0xdd8 drivers/net/wireless/virtual/mac80211_hwsim.c:6806
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:252
 cleanup_net+0x3f8/0x6dc net/core/net_namespace.c:695
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3427
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
irq event stamp: 697974
hardirqs last  enabled at (697973): [<ffff800080493758>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1559 [inline]
hardirqs last  enabled at (697973): [<ffff800080493758>] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5073
hardirqs last disabled at (697974): [<ffff80008adf99f4>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412
softirqs last  enabled at (697956): [<ffff8000803d9408>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last  enabled at (697956): [<ffff8000803d9408>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (697731): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: 00000000faafd80d object type: timer_list hint: mesh_rmc_init net/mac80211/mesh.c:-1 [inline]
ODEBUG: free active (active state 0) object: 00000000faafd80d object type: timer_list hint: ieee80211_mesh_housekeeping_timer+0x0/0xb8 net/mac80211/mesh.c:1776
WARNING: CPU: 0 PID: 15 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline]
WARNING: CPU: 0 PID: 15 at lib/debugobjects.c:615 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
WARNING: CPU: 0 PID: 15 at lib/debugobjects.c:615 debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129
Modules linked in:
CPU: 0 UID: 0 PID: 15 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: netns cleanup_net
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : debug_print_object lib/debugobjects.c:612 [inline]
pc : __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
pc : debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129
lr : debug_print_object lib/debugobjects.c:612 [inline]
lr : __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
lr : debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129
sp : ffff800097ab72f0
x29: ffff800097ab7330 x28: ffff0000f4318000 x27: 0000000000000000
x26: ffff80008aee8100 x25: ffff0000f4315bf8 x24: ffff80008a854ae8
x23: ffff0000f42dc460 x22: 1fffe0001e85b878 x21: dfff800000000000
x20: 0000000000000004 x19: ffff0000f4314000 x18: 1fffe000337d4a90
x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: 0000000000000001
x14: 1ffff00012f56d94 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000ec8 x10: 0000000000ff0100 x9 : 0c3aa294d71cbe00
x8 : 0c3aa294d71cbe00 x7 : ffff800080565b88 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 debug_print_object lib/debugobjects.c:612 [inline] (P)
 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] (P)
 debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 (P)
 free_pages_prepare mm/page_alloc.c:1401 [inline]
 __free_frozen_pages+0x4b8/0xcac mm/page_alloc.c:2901
 free_frozen_pages+0x14/0x20 mm/page_alloc.c:2939
 free_large_kmalloc+0xfc/0x198 mm/slub.c:6775
 kfree+0x3b0/0x600 mm/slub.c:6843
 kvfree+0x30/0x40 mm/slub.c:7155
 netdev_release+0x88/0xb0 net/core/net-sysfs.c:2252
 device_release+0x8c/0x1ac drivers/base/core.c:-1
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x2b0/0x438 lib/kobject.c:737
 netdev_run_todo+0xb84/0xd24 net/core/dev.c:11601
 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:157
 ieee80211_unregister_hw+0x120/0x29c net/mac80211/main.c:1691
 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5915
 hwsim_exit_net+0xd1c/0xdd8 drivers/net/wireless/virtual/mac80211_hwsim.c:6806
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:252
 cleanup_net+0x3f8/0x6dc net/core/net_namespace.c:695
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3427
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
irq event stamp: 699292
hardirqs last  enabled at (699291): [<ffff80008055c244>] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2329
hardirqs last disabled at (699292): [<ffff80008adf99f4>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412
softirqs last  enabled at (699202): [<ffff80008a710d24>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (699202): [<ffff80008a710d24>] ieee80211_txq_teardown_flows+0x170/0x1b8 net/mac80211/tx.c:1636
softirqs last disabled at (698934): [<ffff80008a710c20>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (698934): [<ffff80008a710c20>] ieee80211_txq_teardown_flows+0x6c/0x1b8 net/mac80211/tx.c:1634
---[ end trace 0000000000000000 ]---
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed