------------[ cut here ]------------ WARNING: CPU: 0 PID: 4412 at net/mac80211/chan.c:2017 ieee80211_link_release_channel+0x16c/0x19c net/mac80211/chan.c:2017 Modules linked in: CPU: 0 PID: 4412 Comm: kworker/u4:6 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : ieee80211_link_release_channel+0x16c/0x19c net/mac80211/chan.c:2017 lr : ieee80211_link_release_channel+0x16c/0x19c net/mac80211/chan.c:2017 sp : ffff800021487540 x29: ffff800021487540 x28: ffff800021487640 x27: ffff0000ce0f8060 x26: ffff8000214877c0 x25: ffff0000ce0f8010 x24: 1fffe00019c1f183 x23: 1fffe00019c1f2b5 x22: dfff800000000000 x21: 0000000000000000 x20: ffff0000ce0fa258 x19: ffff0000ce0f95a8 x18: ffff800011abbcc0 x17: ffff8000181f9000 x16: ffff8000082d1108 x15: 0000000000000000 x14: 00000000ffff8000 x13: 1ffff00002a180b1 x12: 0000000000ff0100 x11: ff00800011297000 x10: 0000000000000000 x9 : ffff800011297000 x8 : ffff0000d21c5340 x7 : ffff800011296f00 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082c98ac x2 : ffff0000d21c5340 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: ieee80211_link_release_channel+0x16c/0x19c net/mac80211/chan.c:2017 ieee80211_link_stop+0x9c/0xc4 net/mac80211/link.c:72 ieee80211_teardown_sdata net/mac80211/iface.c:847 [inline] ieee80211_uninit+0x98/0xd0 net/mac80211/iface.c:852 unregister_netdevice_many+0x10a4/0x1740 net/core/dev.c:11007 ieee80211_remove_interfaces+0x38c/0x5ec net/mac80211/iface.c:2382 ieee80211_unregister_hw+0x60/0x278 net/mac80211/main.c:1483 mac80211_hwsim_del_radio+0x210/0x3a8 drivers/net/wireless/mac80211_hwsim.c:4688 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/mac80211_hwsim.c:5475 ops_exit_list net/core/net_namespace.c:172 [inline] cleanup_net+0x5c4/0xa74 net/core/net_namespace.c:640 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850 irq event stamp: 3428124 hardirqs last enabled at (3428123): [] __cancel_work_timer+0x2b0/0x448 kernel/workqueue.c:3156 hardirqs last disabled at (3428124): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (3426744): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (3426744): [] netif_addr_unlock_bh include/linux/netdevice.h:4510 [inline] softirqs last enabled at (3426744): [] dev_mc_flush+0x1b0/0x1f4 net/core/dev_addr_lists.c:1036 softirqs last disabled at (3426742): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 0 PID: 4412 at net/mac80211/driver-ops.c:315 drv_unassign_vif_chanctx+0x358/0x63c net/mac80211/driver-ops.c:315 Modules linked in: CPU: 0 PID: 4412 Comm: kworker/u4:6 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : drv_unassign_vif_chanctx+0x358/0x63c net/mac80211/driver-ops.c:315 lr : drv_unassign_vif_chanctx+0x358/0x63c net/mac80211/driver-ops.c:315 sp : ffff8000214873f0 x29: ffff8000214873f0 x28: 0000000000000000 x27: ffff0000ce0f8c80 x26: ffff0000ce0fa698 x25: dfff800000000000 x24: ffff0000ce0fa7e8 x23: 0000000000000000 x22: ffff0000d1b7dc00 x21: ffff0000ce0fa7e8 x20: ffff800017a8b000 x19: ffff0000ce0f8c80 x18: ffff800011abbcc0 x17: 0000000000000000 x16: ffff8000082d25b8 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 x11: ff00800008191ca8 x10: 0000000000000000 x9 : fcce45a72c42fe00 x8 : fcce45a72c42fe00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800021486e78 x4 : ffff8000151a4920 x3 : ffff800008311fd8 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: drv_unassign_vif_chanctx+0x358/0x63c net/mac80211/driver-ops.c:315 ieee80211_assign_link_chanctx+0x140/0x82c net/mac80211/chan.c:868 __ieee80211_link_release_channel+0x29c/0x55c net/mac80211/chan.c:1799 ieee80211_link_release_channel+0x130/0x19c net/mac80211/chan.c:2018 ieee80211_link_stop+0x9c/0xc4 net/mac80211/link.c:72 ieee80211_teardown_sdata net/mac80211/iface.c:847 [inline] ieee80211_uninit+0x98/0xd0 net/mac80211/iface.c:852 unregister_netdevice_many+0x10a4/0x1740 net/core/dev.c:11007 ieee80211_remove_interfaces+0x38c/0x5ec net/mac80211/iface.c:2382 ieee80211_unregister_hw+0x60/0x278 net/mac80211/main.c:1483 mac80211_hwsim_del_radio+0x210/0x3a8 drivers/net/wireless/mac80211_hwsim.c:4688 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/mac80211_hwsim.c:5475 ops_exit_list net/core/net_namespace.c:172 [inline] cleanup_net+0x5c4/0xa74 net/core/net_namespace.c:640 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850 irq event stamp: 3428324 hardirqs last enabled at (3428323): [] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (3428324): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (3428298): [] softirq_handle_end kernel/softirq.c:439 [inline] softirqs last enabled at (3428298): [] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624 softirqs last disabled at (3428127): [] __do_softirq+0x14/0x20 kernel/softirq.c:630 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 0 PID: 4412 at net/mac80211/driver-ops.h:156 drv_vif_cfg_changed net/mac80211/driver-ops.h:156 [inline] WARNING: CPU: 0 PID: 4412 at net/mac80211/driver-ops.h:156 ieee80211_vif_cfg_change_notify+0x21c/0x25c net/mac80211/main.c:275 Modules linked in: CPU: 0 PID: 4412 Comm: kworker/u4:6 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : drv_vif_cfg_changed net/mac80211/driver-ops.h:156 [inline] pc : ieee80211_vif_cfg_change_notify+0x21c/0x25c net/mac80211/main.c:275 lr : drv_vif_cfg_changed net/mac80211/driver-ops.h:156 [inline] lr : ieee80211_vif_cfg_change_notify+0x21c/0x25c net/mac80211/main.c:275 sp : ffff8000214873f0 x29: ffff8000214873f0 x28: ffff8000150c0000 x27: ffff8000150c0584 x26: ffff0000d1b7dc20 x25: 0000000000000000 x24: dfff800000000000 x23: 0000000000000000 x22: ffff0000ce0fa790 x21: ffff0000cc388ea0 x20: ffff800017a8b000 x19: ffff0000ce0f8c80 x18: ffff800011abbcc0 x17: 0000000000000000 x16: ffff8000082d25b8 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 x11: ff00800008191ca8 x10: 0000000000000000 x9 : fcce45a72c42fe00 x8 : fcce45a72c42fe00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800021486e78 x4 : ffff8000151a4920 x3 : ffff80000a8462cc x2 : ffff00019f6bcd10 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: drv_vif_cfg_changed net/mac80211/driver-ops.h:156 [inline] ieee80211_vif_cfg_change_notify+0x21c/0x25c net/mac80211/main.c:275 ieee80211_assign_link_chanctx+0x6e8/0x82c net/mac80211/chan.c:905 __ieee80211_link_release_channel+0x29c/0x55c net/mac80211/chan.c:1799 ieee80211_link_release_channel+0x130/0x19c net/mac80211/chan.c:2018 ieee80211_link_stop+0x9c/0xc4 net/mac80211/link.c:72 ieee80211_teardown_sdata net/mac80211/iface.c:847 [inline] ieee80211_uninit+0x98/0xd0 net/mac80211/iface.c:852 unregister_netdevice_many+0x10a4/0x1740 net/core/dev.c:11007 ieee80211_remove_interfaces+0x38c/0x5ec net/mac80211/iface.c:2382 ieee80211_unregister_hw+0x60/0x278 net/mac80211/main.c:1483 mac80211_hwsim_del_radio+0x210/0x3a8 drivers/net/wireless/mac80211_hwsim.c:4688 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/mac80211_hwsim.c:5475 ops_exit_list net/core/net_namespace.c:172 [inline] cleanup_net+0x5c4/0xa74 net/core/net_namespace.c:640 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850 irq event stamp: 3428618 hardirqs last enabled at (3428617): [] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (3428618): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (3428590): [] softirq_handle_end kernel/softirq.c:439 [inline] softirqs last enabled at (3428590): [] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624 softirqs last disabled at (3428327): [] __do_softirq+0x14/0x20 kernel/softirq.c:630 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4412 at net/mac80211/iface.c:113 __ieee80211_recalc_idle net/mac80211/iface.c:113 [inline] WARNING: CPU: 0 PID: 4412 at net/mac80211/iface.c:113 ieee80211_recalc_idle+0x298/0x338 net/mac80211/iface.c:149 Modules linked in: CPU: 0 PID: 4412 Comm: kworker/u4:6 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : __ieee80211_recalc_idle net/mac80211/iface.c:113 [inline] pc : ieee80211_recalc_idle+0x298/0x338 net/mac80211/iface.c:149 lr : __ieee80211_recalc_idle net/mac80211/iface.c:113 [inline] lr : ieee80211_recalc_idle+0x298/0x338 net/mac80211/iface.c:149 sp : ffff8000214873e0 x29: ffff8000214873e0 x28: 0000000000000000 x27: ffff8000150c0000 x26: ffff0000d1b7dc20 x25: 0000000000000000 x24: dfff800000000000 x23: 000000000000096c x22: 1fffe000198711db x21: dfff800000000000 x20: 0000000000000000 x19: ffff0000cc388ea0 x18: ffff800011abbcc0 x17: 0000000000000000 x16: ffff8000082d1108 x15: 0000000000000000 x14: 0000000000000007 x13: 1ffff00002a180b1 x12: 0000000000ff0100 x11: ff008000111d1128 x10: 0000000000000000 x9 : ffff8000111d1128 x8 : ffff0000d21c5340 x7 : ffff800011171388 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: __ieee80211_recalc_idle net/mac80211/iface.c:113 [inline] ieee80211_recalc_idle+0x298/0x338 net/mac80211/iface.c:149 ieee80211_del_chanctx+0x35c/0x710 net/mac80211/chan.c:750 ieee80211_free_chanctx+0x250/0x334 net/mac80211/chan.c:761 __ieee80211_link_release_channel+0x3d4/0x55c net/mac80211/chan.c:1801 ieee80211_link_release_channel+0x130/0x19c net/mac80211/chan.c:2018 ieee80211_link_stop+0x9c/0xc4 net/mac80211/link.c:72 ieee80211_teardown_sdata net/mac80211/iface.c:847 [inline] ieee80211_uninit+0x98/0xd0 net/mac80211/iface.c:852 unregister_netdevice_many+0x10a4/0x1740 net/core/dev.c:11007 ieee80211_remove_interfaces+0x38c/0x5ec net/mac80211/iface.c:2382 ieee80211_unregister_hw+0x60/0x278 net/mac80211/main.c:1483 mac80211_hwsim_del_radio+0x210/0x3a8 drivers/net/wireless/mac80211_hwsim.c:4688 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/mac80211_hwsim.c:5475 ops_exit_list net/core/net_namespace.c:172 [inline] cleanup_net+0x5c4/0xa74 net/core/net_namespace.c:640 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850 irq event stamp: 3428702 hardirqs last enabled at (3428701): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline] hardirqs last enabled at (3428701): [] exit_to_kernel_mode+0xcc/0xfc arch/arm64/kernel/entry-common.c:94 hardirqs last disabled at (3428702): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (3428696): [] softirq_handle_end kernel/softirq.c:439 [inline] softirqs last enabled at (3428696): [] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624 softirqs last disabled at (3428621): [] __do_softirq+0x14/0x20 kernel/softirq.c:630 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: mesh_rmc_init net/mac80211/mesh.c:-1 [inline] ODEBUG: free active (active state 0) object type: timer_list hint: ieee80211_mesh_housekeeping_timer+0x0/0xa0 net/mac80211/mesh.c:1624 WARNING: CPU: 1 PID: 4412 at lib/debugobjects.c:518 debug_print_object lib/debugobjects.c:515 [inline] WARNING: CPU: 1 PID: 4412 at lib/debugobjects.c:518 __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] WARNING: CPU: 1 PID: 4412 at lib/debugobjects.c:518 debug_check_no_obj_freed+0x38c/0x46c lib/debugobjects.c:1009 Modules linked in: CPU: 1 PID: 4412 Comm: kworker/u4:6 Tainted: G W syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Workqueue: netns cleanup_net pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:515 [inline] pc : __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] pc : debug_check_no_obj_freed+0x38c/0x46c lib/debugobjects.c:1009 lr : debug_print_object lib/debugobjects.c:515 [inline] lr : __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] lr : debug_check_no_obj_freed+0x38c/0x46c lib/debugobjects.c:1009 sp : ffff8000214873f0 x29: ffff800021487430 x28: ffff0000ce0fc000 x27: 0000000000000000 x26: ffff800011adace0 x25: ffff0000ce0f9a28 x24: ffff8000113424a0 x23: ffff0000cb7a4150 x22: 1fffe000196f4894 x21: dfff800000000000 x20: 0000000000000004 x19: ffff0000ce0f8000 x18: ffff800011abbcc0 x17: 6e6968207473696c x16: ffff8000082d25b8 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 x11: ff00800008191ca8 x10: 0000000000000000 x9 : fcce45a72c42fe00 x8 : fcce45a72c42fe00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800021486e78 x4 : ffff8000151a4920 x3 : ffff80000852e428 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:515 [inline] __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] debug_check_no_obj_freed+0x38c/0x46c lib/debugobjects.c:1009 free_pages_prepare mm/page_alloc.c:1465 [inline] free_pcp_prepare mm/page_alloc.c:1509 [inline] free_unref_page_prepare+0x71c/0xb18 mm/page_alloc.c:3384 free_unref_page+0x7c/0x3a0 mm/page_alloc.c:3479 free_the_page mm/page_alloc.c:754 [inline] __free_pages+0x1a4/0x1d0 mm/page_alloc.c:5703 free_large_kmalloc+0xc8/0x15c mm/slab_common.c:913 kfree+0xf4/0x1ac mm/slab_common.c:982 kvfree+0x40/0x50 mm/util.c:627 netdev_freemem+0x4c/0x64 net/core/dev.c:10685 netdev_release+0x88/0xb0 net/core/net-sysfs.c:1908 device_release+0x8c/0x1ac drivers/base/core.c:-1 kobject_cleanup lib/kobject.c:681 [inline] kobject_release lib/kobject.c:712 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x2b0/0x438 lib/kobject.c:729 netdev_run_todo+0xbe4/0xd08 net/core/dev.c:10521 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:147 ieee80211_unregister_hw+0xfc/0x278 net/mac80211/main.c:1490 mac80211_hwsim_del_radio+0x210/0x3a8 drivers/net/wireless/mac80211_hwsim.c:4688 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/mac80211_hwsim.c:5475 ops_exit_list net/core/net_namespace.c:172 [inline] cleanup_net+0x5c4/0xa74 net/core/net_namespace.c:640 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850 irq event stamp: 3429844 hardirqs last enabled at (3429843): [] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (3429844): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (3429130): [] softirq_handle_end kernel/softirq.c:439 [inline] softirqs last enabled at (3429130): [] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624 softirqs last disabled at (3428705): [] __do_softirq+0x14/0x20 kernel/softirq.c:630 ---[ end trace 0000000000000000 ]--- device hsr_slave_0 left promiscuous mode device hsr_slave_1 left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode bond5 (unregistering): Released all slaves bond4 (unregistering): Released all slaves bond3 (unregistering): Released all slaves bond2 (unregistering): Released all slaves bond1 (unregistering): Released all slaves team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0