------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x0
WARNING: net/mac80211/driver-ops.c:366 at 0x0, CPU#0: kworker/u32:26/19782
Modules linked in:
CPU: 0 UID: 0 PID: 19782 Comm: kworker/u32:26 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: netns cleanup_net
RIP: 0010:drv_unassign_vif_chanctx+0x204/0x7f0 net/mac80211/driver-ops.c:366
Code: 42 12 f2 f6 48 8b 74 24 10 48 81 c6 20 01 00 00 48 89 74 24 10 e8 2c 12 f2 f6 48 8d 3d c5 47 c9 05 8b 54 24 04 48 8b 74 24 10 <67> 48 0f b9 3a e8 12 12 f2 f6 4c 89 f2 48 b8 00 00 00 00 00 fc ff
RSP: 0018:ffffc900045cf538 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88804519cd80 RCX: ffffffff8acbbb61
RDX: 0000000000000000 RSI: ffff88804519c120 RDI: ffffffff90950390
RBP: ffff8880404c0e80 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 00000000d8c67d05 R12: ffff88804519ead8
R13: 0000000000000000 R14: ffff88804519d7b8 R15: ffff88804519ea80
FS:  0000000000000000(0000) GS:ffff8880d699e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557d4ba808 CR3: 000000011bfd3000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 ieee80211_assign_link_chanctx+0x3f1/0xf00 net/mac80211/chan.c:905
 __ieee80211_link_release_channel+0x273/0x4b0 net/mac80211/chan.c:1879
 ieee80211_link_release_channel+0x128/0x200 net/mac80211/chan.c:2154
 unregister_netdevice_many_notify+0x13f8/0x2570 net/core/dev.c:12305
 unregister_netdevice_many net/core/dev.c:12347 [inline]
 unregister_netdevice_queue net/core/dev.c:12161 [inline]
 unregister_netdevice_queue+0x305/0x3c0 net/core/dev.c:12151
 unregister_netdevice include/linux/netdevice.h:3389 [inline]
 _cfg80211_unregister_wdev+0x64b/0x800 net/wireless/core.c:1284
 ieee80211_remove_interfaces+0x34e/0x700 net/mac80211/iface.c:2394
 ieee80211_unregister_hw+0x55/0x3a0 net/mac80211/main.c:1681
 mac80211_hwsim_del_radio drivers/net/wireless/virtual/mac80211_hwsim.c:5915 [inline]
 hwsim_exit_net+0x788/0x1590 drivers/net/wireless/virtual/mac80211_hwsim.c:6806
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x2ee/0xab0 net/core/net_namespace.c:252
 cleanup_net+0x41b/0x830 net/core/net_namespace.c:695
 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess):
   0:	42 12 f2             	rex.X adc %dl,%sil
   3:	f6 48 8b 74          	testb  $0x74,-0x75(%rax)
   7:	24 10                	and    $0x10,%al
   9:	48 81 c6 20 01 00 00 	add    $0x120,%rsi
  10:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)
  15:	e8 2c 12 f2 f6       	call   0xf6f21246
  1a:	48 8d 3d c5 47 c9 05 	lea    0x5c947c5(%rip),%rdi        # 0x5c947e6
  21:	8b 54 24 04          	mov    0x4(%rsp),%edx
  25:	48 8b 74 24 10       	mov    0x10(%rsp),%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	e8 12 12 f2 f6       	call   0xf6f21246
  34:	4c 89 f2             	mov    %r14,%rdx
  37:	48                   	rex.W
  38:	b8 00 00 00 00       	mov    $0x0,%eax
  3d:	00 fc                	add    %bh,%ah
  3f:	ff                   	.byte 0xff