wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 0 PID: 14 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 Modules linked in: CPU: 0 UID: 0 PID: 14 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 lr : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 sp : ffff800097c57130 x29: ffff800097c57130 x28: ffff0000f782d4a0 x27: ffff0000f80d2500 x26: dfff800000000000 x25: ffff800092e13000 x24: 0000000000000000 x23: ffff0000f80d0d80 x22: ffff0000f80d29d0 x21: ffff0000f782d400 x20: ffff0000f80d2a28 x19: ffff0000d5140e60 x18: 00000000ffffffff x17: ffff800093524000 x16: ffff80008b0155d8 x15: 0000000000000001 x14: 1fffe000199bce32 x13: 0000000000000000 x12: 0000000000000000 x11: ffff6000199bce33 x10: 0000000000000003 x9 : ff4a2d84c83f1400 x8 : ff4a2d84c83f1400 x7 : ffff8000804b06ec x6 : 0000000000000000 x5 : 0000000000000020 x4 : ffff800097c56a20 x3 : ffff8000803cb89c x2 : 0000000000000001 x1 : ffff80008b668440 x0 : 0000000000000001 Call trace: drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 (P) ieee80211_assign_link_chanctx+0x200/0xbd0 net/mac80211/chan.c:916 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1890 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2165 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:862 ieee80211_uninit+0x20/0x30 net/mac80211/iface.c:867 unregister_netdevice_many_notify+0x1654/0x1de0 net/core/dev.c:12187 unregister_netdevice_many net/core/dev.c:12229 [inline] unregister_netdevice_queue+0x2b4/0x300 net/core/dev.c:12073 unregister_netdevice include/linux/netdevice.h:3385 [inline] _cfg80211_unregister_wdev+0x154/0x52c net/wireless/core.c:1275 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1331 ieee80211_remove_interfaces+0x3b0/0x590 net/mac80211/iface.c:2391 ieee80211_unregister_hw+0x60/0x29c net/mac80211/main.c:1669 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5674 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/virtual/mac80211_hwsim.c:6554 ops_exit_list net/core/net_namespace.c:198 [inline] ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:251 cleanup_net+0x3e4/0x6c0 net/core/net_namespace.c:682 process_one_work+0x7e8/0x155c kernel/workqueue.c:3236 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3400 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 irq event stamp: 1271710 hardirqs last enabled at (1271709): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] hardirqs last enabled at (1271709): [] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194 hardirqs last disabled at (1271710): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434 softirqs last enabled at (1270224): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (1270224): [] netif_addr_unlock_bh include/linux/netdevice.h:4823 [inline] softirqs last enabled at (1270224): [] dev_mc_flush+0x1b0/0x1f4 net/core/dev_addr_lists.c:1037 softirqs last disabled at (1270222): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 0 PID: 14 at net/mac80211/driver-ops.h:168 drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] WARNING: CPU: 0 PID: 14 at net/mac80211/driver-ops.h:168 ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 Modules linked in: CPU: 0 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] pc : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 lr : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] lr : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 sp : ffff800097c57140 x29: ffff800097c57140 x28: 0000000000000000 x27: ffff0000f80d2500 x26: 1fffe0001f01a2e4 x25: dfff800000000000 x24: ffff800092e13000 x23: 0000000000000000 x22: ffff0000f80d29d0 x21: ffff0000f80d0d80 x20: ffff0000d5140e60 x19: 0000000000004000 x18: 00000000ffffffff x17: ffff800093524000 x16: ffff80008b0156e8 x15: 0000000000000001 x14: 1ffff00012f8ad98 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : ff4a2d84c83f1400 x8 : ff4a2d84c83f1400 x7 : ffff800080563530 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de538 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] (P) ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 (P) ieee80211_assign_link_chanctx+0xa3c/0xbd0 net/mac80211/chan.c:974 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1890 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2165 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:862 ieee80211_uninit+0x20/0x30 net/mac80211/iface.c:867 unregister_netdevice_many_notify+0x1654/0x1de0 net/core/dev.c:12187 unregister_netdevice_many net/core/dev.c:12229 [inline] unregister_netdevice_queue+0x2b4/0x300 net/core/dev.c:12073 unregister_netdevice include/linux/netdevice.h:3385 [inline] _cfg80211_unregister_wdev+0x154/0x52c net/wireless/core.c:1275 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1331 ieee80211_remove_interfaces+0x3b0/0x590 net/mac80211/iface.c:2391 ieee80211_unregister_hw+0x60/0x29c net/mac80211/main.c:1669 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5674 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/virtual/mac80211_hwsim.c:6554 ops_exit_list net/core/net_namespace.c:198 [inline] ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:251 cleanup_net+0x3e4/0x6c0 net/core/net_namespace.c:682 process_one_work+0x7e8/0x155c kernel/workqueue.c:3236 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3400 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 irq event stamp: 1271922 hardirqs last enabled at (1271921): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (1271922): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434 softirqs last enabled at (1271908): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (1271908): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (1271713): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ ODEBUG: free active (active state 0) object: 000000002c3f5a3d object type: timer_list hint: mesh_rmc_init net/mac80211/mesh.c:-1 [inline] ODEBUG: free active (active state 0) object: 000000002c3f5a3d object type: timer_list hint: ieee80211_mesh_housekeeping_timer+0x0/0xb8 net/mac80211/mesh.c:1773 WARNING: CPU: 1 PID: 14 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline] WARNING: CPU: 1 PID: 14 at lib/debugobjects.c:615 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] WARNING: CPU: 1 PID: 14 at lib/debugobjects.c:615 debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 Modules linked in: CPU: 1 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:612 [inline] pc : __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] pc : debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 lr : debug_print_object lib/debugobjects.c:612 [inline] lr : __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] lr : debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 sp : ffff800097c57310 x29: ffff800097c57350 x28: ffff0000f80d4000 x27: 0000000000000000 x26: ffff80008b0f5a40 x25: ffff0000f80d1b28 x24: ffff80008aa61f50 x23: ffff0000dd57bb60 x22: 1fffe0001baaf782 x21: dfff800000000000 x20: 0000000000000004 x19: ffff0000f80d0000 x18: 00000000ffffffff x17: ffff800093524000 x16: ffff80008b0156e8 x15: 0000000000000001 x14: 1ffff00012f8add0 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : ff4a2d84c83f1400 x8 : ff4a2d84c83f1400 x7 : ffff800080563530 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de538 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:612 [inline] (P) __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline] (P) debug_check_no_obj_freed+0x390/0x470 lib/debugobjects.c:1129 (P) free_pages_prepare mm/page_alloc.c:1402 [inline] __free_frozen_pages+0x4b8/0xcac mm/page_alloc.c:2895 free_frozen_pages+0x14/0x20 mm/page_alloc.c:2933 free_large_kmalloc+0xfc/0x198 mm/slub.c:4820 kfree+0x25c/0x474 mm/slub.c:4888 kvfree+0x30/0x40 mm/slub.c:5110 netdev_release+0x88/0xb0 net/core/net-sysfs.c:2250 device_release+0x8c/0x1ac drivers/base/core.c:-1 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x2b0/0x438 lib/kobject.c:737 netdev_run_todo+0xb84/0xd24 net/core/dev.c:11513 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:157 ieee80211_unregister_hw+0x120/0x29c net/mac80211/main.c:1679 mac80211_hwsim_del_radio+0x214/0x3b4 drivers/net/wireless/virtual/mac80211_hwsim.c:5674 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/virtual/mac80211_hwsim.c:6554 ops_exit_list net/core/net_namespace.c:198 [inline] ops_undo_list+0x3c0/0x7ec net/core/net_namespace.c:251 cleanup_net+0x3e4/0x6c0 net/core/net_namespace.c:682 process_one_work+0x7e8/0x155c kernel/workqueue.c:3236 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3400 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 irq event stamp: 1274764 hardirqs last enabled at (1274763): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (1274764): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434 softirqs last enabled at (1274734): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (1274734): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:607 softirqs last disabled at (1274463): [] __do_softirq+0x14/0x20 kernel/softirq.c:613 ---[ end trace 0000000000000000 ]--- hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: gretap1 team0: Port device bridge0 removed bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves batman_adv: batadv0: Removing interface: gretap1 bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves tipc: Disabling bearer tipc: Left network mode hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_1 hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode macvlan1: left promiscuous mode veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed IPVS: stop unused estimator thread 0...