------------[ cut here ]------------ wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 0 PID: 6989 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 Modules linked in: CPU: 0 UID: 0 PID: 6989 Comm: kworker/u8:27 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: netns cleanup_net pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 lr : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 sp : ffff8000a15c7110 x29: ffff8000a15c7110 x28: ffff0000d3d13cb0 x27: ffff0000f6f6a5d0 x26: dfff800000000000 x25: ffff800092c2b000 x24: 0000000000000000 x23: ffff0000f6f68dc0 x22: ffff0000f6f6aac0 x21: ffff0000d3d13c00 x20: ffff0000f6f6ab18 x19: ffff0000d47a0e80 x18: 1fffe000337d4a90 x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1fffe000337d7518 x13: 0000000000000000 x12: 0000000000000000 x11: ffff800093134c88 x10: 0000000000000003 x9 : adbdadffedf12e00 x8 : adbdadffedf12e00 x7 : ffff8000804936c4 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 x2 : 0000000000000006 x1 : ffff80008b40b540 x0 : 0000000000000001 Call trace: drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 (P) ieee80211_assign_link_chanctx+0x200/0xbd0 net/mac80211/chan.c:905 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1879 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2154 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:875 ieee80211_uninit+0x20/0x30 net/mac80211/iface.c:880 unregister_netdevice_many_notify+0x195c/0x20e8 net/core/dev.c:12305 unregister_netdevice_many net/core/dev.c:12347 [inline] unregister_netdevice_queue+0x2b4/0x300 net/core/dev.c:12161 unregister_netdevice include/linux/netdevice.h:3389 [inline] _cfg80211_unregister_wdev+0x154/0x52c net/wireless/core.c:1284 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1340 ieee80211_remove_interfaces+0x3b0/0x590 net/mac80211/iface.c:2394 ieee80211_unregister_hw+0x60/0x29c net/mac80211/main.c:1681 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5915 hwsim_exit_net+0xd1c/0xdd8 drivers/net/wireless/virtual/mac80211_hwsim.c:6806 ops_exit_list net/core/net_namespace.c:199 [inline] ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:252 cleanup_net+0x3f8/0x6dc net/core/net_namespace.c:695 process_one_work+0x7e8/0x155c kernel/workqueue.c:3263 process_scheduled_works kernel/workqueue.c:3346 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3427 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 irq event stamp: 475490 hardirqs last enabled at (475489): [] raw_spin_rq_unlock_irq kernel/sched/sched.h:1559 [inline] hardirqs last enabled at (475489): [] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5073 hardirqs last disabled at (475490): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (475442): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (475442): [] mesh_path_flush_pending+0x384/0x3a8 net/mac80211/mesh_pathtbl.c:1036 softirqs last disabled at (475440): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (475440): [] mesh_path_flush_pending+0x10c/0x3a8 net/mac80211/mesh_pathtbl.c:1028 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 0 PID: 6989 at net/mac80211/driver-ops.h:168 drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] WARNING: CPU: 0 PID: 6989 at net/mac80211/driver-ops.h:168 ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 Modules linked in: CPU: 0 UID: 0 PID: 6989 Comm: kworker/u8:27 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: netns cleanup_net pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] pc : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 lr : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] lr : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 sp : ffff8000a15c7120 x29: ffff8000a15c7120 x28: 0000000000000000 x27: ffff0000f6f6a5d0 x26: 1fffe0001eded2fe x25: dfff800000000000 x24: ffff800092c2b000 x23: 0000000000000000 x22: ffff0000f6f6aac0 x21: ffff0000f6f68dc0 x20: ffff0000d47a0e80 x19: 0000000000004000 x18: 1fffe000337d4a90 x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1fffe000337d7518 x13: 0000000000000000 x12: 0000000000000000 x11: ffff800093134c88 x10: 0000000000000003 x9 : adbdadffedf12e00 x8 : adbdadffedf12e00 x7 : ffff8000804936c4 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 x2 : 0000000000000006 x1 : ffff80008b40b540 x0 : 0000000000000001 Call trace: drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] (P) ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 (P) ieee80211_assign_link_chanctx+0xa3c/0xbd0 net/mac80211/chan.c:963 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1879 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2154 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:875 ieee80211_uninit+0x20/0x30 net/mac80211/iface.c:880 unregister_netdevice_many_notify+0x195c/0x20e8 net/core/dev.c:12305 unregister_netdevice_many net/core/dev.c:12347 [inline] unregister_netdevice_queue+0x2b4/0x300 net/core/dev.c:12161 unregister_netdevice include/linux/netdevice.h:3389 [inline] _cfg80211_unregister_wdev+0x154/0x52c net/wireless/core.c:1284 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1340 ieee80211_remove_interfaces+0x3b0/0x590 net/mac80211/iface.c:2394 ieee80211_unregister_hw+0x60/0x29c net/mac80211/main.c:1681 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5915 hwsim_exit_net+0xd1c/0xdd8 drivers/net/wireless/virtual/mac80211_hwsim.c:6806 ops_exit_list net/core/net_namespace.c:199 [inline] ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:252 cleanup_net+0x3f8/0x6dc net/core/net_namespace.c:695 process_one_work+0x7e8/0x155c kernel/workqueue.c:3263 process_scheduled_works kernel/workqueue.c:3346 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3427 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 irq event stamp: 475922 hardirqs last enabled at (475921): [] raw_spin_rq_unlock_irq kernel/sched/sched.h:1559 [inline] hardirqs last enabled at (475921): [] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5073 hardirqs last disabled at (475922): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (475906): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (475906): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (475493): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ ODEBUG: free active (active state 0) object: 00000000854bdf71 object type: timer_list hint: mesh_rmc_init net/mac80211/mesh.c:-1 [inline] ODEBUG: free active (active state 0) object: 00000000854bdf71 object type: timer_list hint: ieee80211_mesh_housekeeping_timer+0x0/0xb8 net/mac80211/mesh.c:1776 WARNING: CPU: 1 PID: 6989 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline] WARNING: CPU: 1 PID: 6989 at lib/debugobjects.c:615 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] WARNING: CPU: 1 PID: 6989 at lib/debugobjects.c:615 debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 Modules linked in: CPU: 1 UID: 0 PID: 6989 Comm: kworker/u8:27 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: netns cleanup_net pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:612 [inline] pc : __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] pc : debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 lr : debug_print_object lib/debugobjects.c:612 [inline] lr : __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] lr : debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 sp : ffff8000a15c72f0 x29: ffff8000a15c7330 x28: ffff0000f6f6c000 x27: 0000000000000000 x26: ffff80008aee8100 x25: ffff0000f6f69bf8 x24: ffff80008a854ae8 x23: ffff0000c5f4f038 x22: 1fffe0001ed8c10b x21: dfff800000000000 x20: 0000000000000013 x19: ffff0000f6f68000 x18: 1fffe000337d9290 x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1ffff000142b8dd0 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000001bb5 x10: 0000000000ff0100 x9 : adbdadffedf12e00 x8 : adbdadffedf12e00 x7 : ffff800080565b88 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807d6f80 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:612 [inline] (P) __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] (P) debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 (P) free_pages_prepare mm/page_alloc.c:1401 [inline] __free_frozen_pages+0x4b8/0xcac mm/page_alloc.c:2901 free_frozen_pages+0x14/0x20 mm/page_alloc.c:2939 free_large_kmalloc+0xfc/0x198 mm/slub.c:6775 kfree+0x3b0/0x600 mm/slub.c:6843 kvfree+0x30/0x40 mm/slub.c:7155 netdev_release+0x88/0xb0 net/core/net-sysfs.c:2252 device_release+0x8c/0x1ac drivers/base/core.c:-1 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x2b0/0x438 lib/kobject.c:737 netdev_run_todo+0xb84/0xd24 net/core/dev.c:11601 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:157 ieee80211_unregister_hw+0x120/0x29c net/mac80211/main.c:1691 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5915 hwsim_exit_net+0xd1c/0xdd8 drivers/net/wireless/virtual/mac80211_hwsim.c:6806 ops_exit_list net/core/net_namespace.c:199 [inline] ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:252 cleanup_net+0x3f8/0x6dc net/core/net_namespace.c:695 process_one_work+0x7e8/0x155c kernel/workqueue.c:3263 process_scheduled_works kernel/workqueue.c:3346 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3427 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 irq event stamp: 477286 hardirqs last enabled at (477285): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (477286): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (477198): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (477198): [] ieee80211_txq_teardown_flows+0x170/0x1b8 net/mac80211/tx.c:1636 softirqs last disabled at (476932): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (476932): [] ieee80211_txq_teardown_flows+0x6c/0x1b8 net/mac80211/tx.c:1634 ---[ end trace 0000000000000000 ]--- hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode team_slave_1 (unregistering): left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team_slave_0 (unregistering): left promiscuous mode team0 (unregistering): Port device team_slave_0 removed IPVS: stop unused estimator thread 0...