------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x1
WARNING: CPU: 1 PID: 24602 at net/mac80211/driver-ops.c:343 drv_unassign_vif_chanctx+0x49c/0x92c net/mac80211/driver-ops.c:343
Modules linked in:
CPU: 1 PID: 24602 Comm: syz-executor.4 Tainted: G    B              6.8.0-rc5-syzkaller-g59a96b711109 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drv_unassign_vif_chanctx+0x49c/0x92c net/mac80211/driver-ops.c:343
lr : drv_unassign_vif_chanctx+0x49c/0x92c net/mac80211/driver-ops.c:343
sp : ffff800098016c50
x29: ffff800098016c50
 x28: 0000000000000000
 x27: ffff0000dc0dcca0

x26: ffff0000dc0de638
 x25: dfff800000000000
 x24: ffff800091cb1000

x23: 0000000000000001
 x22: ffff0000dc0dcca0
 x21: ffff00011a90b000

x20: ffff0000dc0de760
 x19: ffff0000ce5e8e40
 x18: 1fffe00036804796

x17: ffff80008ec8d000 x16: ffff80008ad5a610 x15: 0000000000000001
x14: 1fffe00036806fe8 x13: 0000000000000000 x12: 0000000000000000
x11: ffff80009800ffff x10: 0000000000ff0100 x9 : f6729aa71c1ef900
x8 : f6729aa71c1ef900 x7 : 1fffe00036804797 x6 : ffff800080297af0
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0000cc6fda00 x1 : 0000000000000000 x0 : ffff800080297b90
Call trace:
 drv_unassign_vif_chanctx+0x49c/0x92c net/mac80211/driver-ops.c:343
 ieee80211_assign_link_chanctx+0x158/0x884 net/mac80211/chan.c:878
 __ieee80211_link_release_channel+0x2f4/0x5f4 net/mac80211/chan.c:1801
 ieee80211_link_release_channel+0x134/0x16c net/mac80211/chan.c:2002
 ieee80211_link_stop+0x9c/0xc4 net/mac80211/link.c:76
 ieee80211_teardown_sdata net/mac80211/iface.c:810 [inline]
 ieee80211_uninit+0xa4/0xdc net/mac80211/iface.c:815
 unregister_netdevice_many_notify+0x10cc/0x1718 net/core/dev.c:11103
 unregister_netdevice_many net/core/dev.c:11139 [inline]
 unregister_netdevice_queue+0x2d8/0x324 net/core/dev.c:11019
 unregister_netdevice include/linux/netdevice.h:3195 [inline]
 _cfg80211_unregister_wdev+0x164/0x6c4 net/wireless/core.c:1206
 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1261
 ieee80211_if_remove+0x23c/0x37c net/mac80211/iface.c:2226
 ieee80211_del_iface+0x20/0x34 net/mac80211/cfg.c:202
 rdev_del_virtual_intf net/wireless/rdev-ops.h:62 [inline]
 cfg80211_remove_virtual_intf+0x244/0x710 net/wireless/util.c:2765
 nl80211_del_interface+0x110/0x12c net/wireless/nl80211.c:4388
 genl_family_rcv_msg_doit net/netlink/genetlink.c:1113 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline]
 genl_rcv_msg+0x874/0xb6c net/netlink/genetlink.c:1208
 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1217
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x56c/0x840 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffff8000801b57f4>] copy_process+0x1318/0x3478 kernel/fork.c:2441
softirqs last  enabled at (0): [<ffff8000801b581c>] copy_process+0x1340/0x3478 kernel/fork.c:2442
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x1
WARNING: CPU: 1 PID: 24602 at net/mac80211/driver-ops.h:166 drv_vif_cfg_changed net/mac80211/driver-ops.h:166 [inline]
WARNING: CPU: 1 PID: 24602 at net/mac80211/driver-ops.h:166 ieee80211_vif_cfg_change_notify+0x47c/0x8b8 net/mac80211/main.c:276
Modules linked in:
CPU: 1 PID: 24602 Comm: syz-executor.4 Tainted: G    B   W          6.8.0-rc5-syzkaller-g59a96b711109 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drv_vif_cfg_changed net/mac80211/driver-ops.h:166 [inline]
pc : ieee80211_vif_cfg_change_notify+0x47c/0x8b8 net/mac80211/main.c:276
lr : drv_vif_cfg_changed net/mac80211/driver-ops.h:166 [inline]
lr : ieee80211_vif_cfg_change_notify+0x47c/0x8b8 net/mac80211/main.c:276
sp : ffff800098016c60
x29: ffff800098016c60 x28: ffff80008ec90000 x27: ffff80008ec90454
x26: 1fffe0001b81ba9d x25: dfff800000000000 x24: ffff800091cb1000
x23: 0000000000000001 x22: ffff0000dc0de708 x21: ffff0000dc0dcca0
x20: 0000000000004000 x19: ffff0000ce5e8e40 x18: 1fffe00036804796
x17: ffff80008ec8d000 x16: ffff80008ad5a610 x15: 0000000000000001
x14: 1fffe00036806fe8 x13: 0000000000000000 x12: 0000000000000000
x11: ffff80009800ffff x10: 0000000000ff0100 x9 : f6729aa71c1ef900
x8 : f6729aa71c1ef900 x7 : 1fffe00036804797 x6 : ffff800080297af0
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0000cc6fda00 x1 : 0000000000000000 x0 : ffff800080297b90
Call trace:
 drv_vif_cfg_changed net/mac80211/driver-ops.h:166 [inline]
 ieee80211_vif_cfg_change_notify+0x47c/0x8b8 net/mac80211/main.c:276
 ieee80211_assign_link_chanctx+0x740/0x884 net/mac80211/chan.c:915
 __ieee80211_link_release_channel+0x2f4/0x5f4 net/mac80211/chan.c:1801
 ieee80211_link_release_channel+0x134/0x16c net/mac80211/chan.c:2002
 ieee80211_link_stop+0x9c/0xc4 net/mac80211/link.c:76
 ieee80211_teardown_sdata net/mac80211/iface.c:810 [inline]
 ieee80211_uninit+0xa4/0xdc net/mac80211/iface.c:815
 unregister_netdevice_many_notify+0x10cc/0x1718 net/core/dev.c:11103
 unregister_netdevice_many net/core/dev.c:11139 [inline]
 unregister_netdevice_queue+0x2d8/0x324 net/core/dev.c:11019
 unregister_netdevice include/linux/netdevice.h:3195 [inline]
 _cfg80211_unregister_wdev+0x164/0x6c4 net/wireless/core.c:1206
 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1261
 ieee80211_if_remove+0x23c/0x37c net/mac80211/iface.c:2226
 ieee80211_del_iface+0x20/0x34 net/mac80211/cfg.c:202
 rdev_del_virtual_intf net/wireless/rdev-ops.h:62 [inline]
 cfg80211_remove_virtual_intf+0x244/0x710 net/wireless/util.c:2765
 nl80211_del_interface+0x110/0x12c net/wireless/nl80211.c:4388
 genl_family_rcv_msg_doit net/netlink/genetlink.c:1113 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline]
 genl_rcv_msg+0x874/0xb6c net/netlink/genetlink.c:1208
 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1217
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x56c/0x840 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffff8000801b57f4>] copy_process+0x1318/0x3478 kernel/fork.c:2441
softirqs last  enabled at (0): [<ffff8000801b581c>] copy_process+0x1340/0x3478 kernel/fork.c:2442
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: 00000000cd1b3e2b object type: timer_list hint: ieee80211_mesh_housekeeping_timer+0x0/0xb8 net/mac80211/mesh.c:1785
WARNING: CPU: 1 PID: 24602 at lib/debugobjects.c:517 debug_print_object lib/debugobjects.c:514 [inline]
WARNING: CPU: 1 PID: 24602 at lib/debugobjects.c:517 __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
WARNING: CPU: 1 PID: 24602 at lib/debugobjects.c:517 debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
Modules linked in:
CPU: 1 PID: 24602 Comm: syz-executor.4 Tainted: G    B   W          6.8.0-rc5-syzkaller-g59a96b711109 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_print_object lib/debugobjects.c:514 [inline]
pc : __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
pc : debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
lr : debug_print_object lib/debugobjects.c:514 [inline]
lr : __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
lr : debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
sp : ffff800098016d20
x29: ffff800098016d60 x28: 0000000000000000 x27: ffff80008aeec4c0
x26: ffff0000dc0dd8f0 x25: dfff800000000000 x24: 0000000000000012
x23: ffff8000936b54d8 x22: ffff0000dc0dd000 x21: 0000000000000004
x20: ffff80008a7589b8 x19: ffff0000dc0dc000 x18: 1fffe00036804796
x17: ffff80008ec8d000 x16: ffff80008ad5a610 x15: 0000000000000001
x14: 1fffe00036806fe8 x13: 0000000000000000 x12: 0000000000000000
x11: ffff80009800ffff x10: 0000000000ff0100 x9 : f6729aa71c1ef900
x8 : f6729aa71c1ef900 x7 : 1fffe00036804797 x6 : ffff800080297af0
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0000cc6fda00 x1 : 0000000000000000 x0 : ffff800080297b90
Call trace:
 debug_print_object lib/debugobjects.c:514 [inline]
 __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
 debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
 free_pages_prepare mm/page_alloc.c:1146 [inline]
 free_unref_page_prepare+0x348/0xa70 mm/page_alloc.c:2346
 free_unref_page+0x84/0x428 mm/page_alloc.c:2486
 free_the_page mm/page_alloc.c:563 [inline]
 destroy_large_folio+0x180/0x230 mm/page_alloc.c:603
 __folio_put_large+0x114/0x174 mm/swap.c:119
 __folio_put+0x104/0x12c mm/swap.c:127
 folio_put include/linux/mm.h:1494 [inline]
 free_large_kmalloc+0xe4/0x188 mm/slub.c:4380
 kfree+0x238/0x3cc mm/slub.c:4403
 kvfree+0x40/0x50 mm/util.c:663
 netdev_freemem+0x4c/0x64 net/core/dev.c:10780
 netdev_release+0x88/0xb0 net/core/net-sysfs.c:1950
 device_release+0x8c/0x1ac
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x2a8/0x41c lib/kobject.c:737
 netdev_run_todo+0xd5c/0xe8c net/core/dev.c:10581
 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:152
 nl80211_post_doit+0x1dc/0x30c net/wireless/nl80211.c:16574
 genl_family_rcv_msg_doit net/netlink/genetlink.c:1116 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline]
 genl_rcv_msg+0x8ac/0xb6c net/netlink/genetlink.c:1208
 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1217
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x56c/0x840 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffff8000801b57f4>] copy_process+0x1318/0x3478 kernel/fork.c:2441
softirqs last  enabled at (0): [<ffff8000801b581c>] copy_process+0x1340/0x3478 kernel/fork.c:2442
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---