program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x6c, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x60}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}]]}, 0x6c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) chdir(&(0x7f0000000140)='./file0\x00') [ 58.654130][ T5317] ------------[ cut here ]------------ [ 58.656316][ T5317] syzkaller0: Failed check-sdata-in-driver check, flags: 0x0 [ 58.679425][ T5317] WARNING: CPU: 0 PID: 5317 at net/mac80211/driver-ops.c:114 drv_remove_interface+0x35d/0x590 [ 58.683462][ T5317] Modules linked in: [ 58.684814][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0 [ 58.688742][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.692567][ T5317] RIP: 0010:drv_remove_interface+0x35d/0x590 [ 58.694596][ T5317] Code: 00 48 85 c0 48 0f 44 d9 42 0f b6 44 2d 00 84 c0 0f 85 f3 00 00 00 41 8b 14 24 48 c7 c7 c0 ac 28 8d 48 89 de e8 94 da 22 f6 90 <0f> 0b 90 90 e9 e3 fd ff ff e8 c5 2a 62 f6 c6 05 55 68 a8 04 01 90 [ 58.701255][ T5317] RSP: 0018:ffffc9000d4af608 EFLAGS: 00010246 [ 58.703486][ T5317] RAX: 64622cb432905b00 RBX: ffff888053244120 RCX: 0000000000100000 [ 58.706290][ T5317] RDX: ffffc9000e8c2000 RSI: 0000000000017bab RDI: 0000000000017bac [ 58.708961][ T5317] RBP: 1ffff1100a648ae5 R08: ffffffff81802a82 R09: fffffbfff1cfa5a4 [ 58.711834][ T5317] R10: dffffc0000000000 R11: fffffbfff1cfa5a4 R12: ffff888053245728 [ 58.714497][ T5317] R13: dffffc0000000000 R14: ffff888053118e40 R15: ffff888053244d80 [ 58.717073][ T5317] FS: 00007fc454d966c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 58.720392][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.722761][ T5317] CR2: 000055d0865ce950 CR3: 0000000000ea4000 CR4: 0000000000352ef0 [ 58.725800][ T5317] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.728577][ T5317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.731581][ T5317] Call Trace: [ 58.732873][ T5317] [ 58.733945][ T5317] ? __warn+0x165/0x4d0 [ 58.735331][ T5317] ? drv_remove_interface+0x35d/0x590 [ 58.737238][ T5317] ? report_bug+0x2b3/0x500 [ 58.739293][ T5317] ? drv_remove_interface+0x35d/0x590 [ 58.741243][ T5317] ? handle_bug+0x60/0x90 [ 58.742842][ T5317] ? exc_invalid_op+0x1a/0x50 [ 58.744701][ T5317] ? asm_exc_invalid_op+0x1a/0x20 [ 58.746522][ T5317] ? __warn_printk+0x292/0x360 [ 58.748332][ T5317] ? drv_remove_interface+0x35d/0x590 [ 58.750594][ T5317] ? drv_remove_interface+0x35c/0x590 [ 58.752586][ T5317] ieee80211_do_stop+0x1b68/0x2370 [ 58.754642][ T5317] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 58.756909][ T5317] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 58.760242][ T5317] ? lockdep_hardirqs_on+0x99/0x150 [ 58.762139][ T5317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.764523][ T5317] ? wiphy_work_cancel+0x1f0/0x3e0 [ 58.766513][ T5317] ieee80211_stop+0x43b/0x490 [ 58.768463][ T5317] ? __pfx_ieee80211_stop+0x10/0x10 [ 58.770464][ T5317] __dev_close_many+0x216/0x350 [ 58.772324][ T5317] ? __pfx___dev_close_many+0x10/0x10 [ 58.774351][ T5317] ? __pfx___mutex_trylock_common+0x10/0x10 [ 58.776509][ T5317] dev_close_many+0x24e/0x4c0 [ 58.778553][ T5317] ? trace_contention_end+0x3c/0x120 [ 58.780555][ T5317] ? __mutex_lock+0x397/0x1010 [ 58.782389][ T5317] ? __pfx_dev_close_many+0x10/0x10 [ 58.784474][ T5317] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.786791][ T5317] dev_close+0x1c0/0x2c0 [ 58.788635][ T5317] ? __pfx_dev_close+0x10/0x10 [ 58.790688][ T5317] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.793044][ T5317] cfg80211_shutdown_all_interfaces+0xbb/0x1d0 [ 58.795423][ T5317] cfg80211_rfkill_set_block+0x2d/0x50 [ 58.797518][ T5317] ? __pfx_cfg80211_rfkill_set_block+0x10/0x10 [ 58.800016][ T5317] rfkill_set_block+0x1f1/0x440 [ 58.801927][ T5317] rfkill_fop_write+0x5b8/0x790 [ 58.803880][ T5317] ? __pfx_rfkill_fop_write+0x10/0x10 [ 58.805928][ T5317] ? bpf_lsm_inode_copy_up_xattr+0x20/0x20 [ 58.808209][ T5317] ? rw_verify_area+0x243/0x630 [ 58.810602][ T5317] ? __pfx_rfkill_fop_write+0x10/0x10 [ 58.813250][ T5317] vfs_write+0x29f/0xd10 [ 58.815260][ T5317] ? __pfx_vfs_write+0x10/0x10 [ 58.817227][ T5317] ? __might_fault+0xaa/0x120 [ 58.819152][ T5317] ? __fget_files+0x2a/0x410 [ 58.820959][ T5317] ? __fget_files+0x395/0x410 [ 58.822700][ T5317] ? __fget_files+0x2a/0x410 [ 58.824455][ T5317] ksys_write+0x18f/0x2b0 [ 58.826186][ T5317] ? __pfx_ksys_write+0x10/0x10 [ 58.827809][ T5317] ? do_syscall_64+0x100/0x230 [ 58.829766][ T5317] ? do_syscall_64+0xb6/0x230 [ 58.831639][ T5317] do_syscall_64+0xf3/0x230 [ 58.833375][ T5317] ? clear_bhb_loop+0x35/0x90 [ 58.835127][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.837375][ T5317] RIP: 0033:0x7fc453f8cd29 [ 58.839319][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.846566][ T5317] RSP: 002b:00007fc454d96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.849784][ T5317] RAX: ffffffffffffffda RBX: 00007fc4541a5fa0 RCX: 00007fc453f8cd29 [ 58.852645][ T5317] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000006 [ 58.855451][ T5317] RBP: 00007fc45400e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 58.858611][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.861687][ T5317] R13: 0000000000000000 R14: 00007fc4541a5fa0 R15: 00007ffd5d5fb708 [ 58.864229][ T5317] [ 58.865275][ T5317] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 58.867897][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0 [ 58.871552][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.875423][ T5317] Call Trace: [ 58.876747][ T5317] [ 58.878094][ T5317] dump_stack_lvl+0x241/0x360 [ 58.879945][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.881772][ T5317] ? __pfx__printk+0x10/0x10 [ 58.884083][ T5317] ? _printk+0xd5/0x120 [ 58.886189][ T5317] ? __init_begin+0x41000/0x41000 [ 58.888280][ T5317] ? vscnprintf+0x5d/0x90 [ 58.889800][ T5317] panic+0x349/0x880 [ 58.891367][ T5317] ? __warn+0x174/0x4d0 [ 58.893007][ T5317] ? __pfx_panic+0x10/0x10 [ 58.894822][ T5317] __warn+0x344/0x4d0 [ 58.896591][ T5317] ? drv_remove_interface+0x35d/0x590 [ 58.898932][ T5317] report_bug+0x2b3/0x500 [ 58.900859][ T5317] ? drv_remove_interface+0x35d/0x590 [ 58.903018][ T5317] handle_bug+0x60/0x90 [ 58.904836][ T5317] exc_invalid_op+0x1a/0x50 [ 58.906832][ T5317] asm_exc_invalid_op+0x1a/0x20 [ 58.909174][ T5317] RIP: 0010:drv_remove_interface+0x35d/0x590 [ 58.912097][ T5317] Code: 00 48 85 c0 48 0f 44 d9 42 0f b6 44 2d 00 84 c0 0f 85 f3 00 00 00 41 8b 14 24 48 c7 c7 c0 ac 28 8d 48 89 de e8 94 da 22 f6 90 <0f> 0b 90 90 e9 e3 fd ff ff e8 c5 2a 62 f6 c6 05 55 68 a8 04 01 90 [ 58.920211][ T5317] RSP: 0018:ffffc9000d4af608 EFLAGS: 00010246 [ 58.922447][ T5317] RAX: 64622cb432905b00 RBX: ffff888053244120 RCX: 0000000000100000 [ 58.925332][ T5317] RDX: ffffc9000e8c2000 RSI: 0000000000017bab RDI: 0000000000017bac [ 58.928225][ T5317] RBP: 1ffff1100a648ae5 R08: ffffffff81802a82 R09: fffffbfff1cfa5a4 [ 58.931142][ T5317] R10: dffffc0000000000 R11: fffffbfff1cfa5a4 R12: ffff888053245728 [ 58.934116][ T5317] R13: dffffc0000000000 R14: ffff888053118e40 R15: ffff888053244d80 [ 58.937177][ T5317] ? __warn_printk+0x292/0x360 [ 58.939060][ T5317] ? drv_remove_interface+0x35c/0x590 [ 58.941230][ T5317] ieee80211_do_stop+0x1b68/0x2370 [ 58.943233][ T5317] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 58.945139][ T5317] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 58.947455][ T5317] ? lockdep_hardirqs_on+0x99/0x150 [ 58.949486][ T5317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.951796][ T5317] ? wiphy_work_cancel+0x1f0/0x3e0 [ 58.953733][ T5317] ieee80211_stop+0x43b/0x490 [ 58.955478][ T5317] ? __pfx_ieee80211_stop+0x10/0x10 [ 58.957424][ T5317] __dev_close_many+0x216/0x350 [ 58.959362][ T5317] ? __pfx___dev_close_many+0x10/0x10 [ 58.961461][ T5317] ? __pfx___mutex_trylock_common+0x10/0x10 [ 58.963497][ T5317] dev_close_many+0x24e/0x4c0 [ 58.965307][ T5317] ? trace_contention_end+0x3c/0x120 [ 58.967304][ T5317] ? __mutex_lock+0x397/0x1010 [ 58.969221][ T5317] ? __pfx_dev_close_many+0x10/0x10 [ 58.971151][ T5317] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.973487][ T5317] dev_close+0x1c0/0x2c0 [ 58.975107][ T5317] ? __pfx_dev_close+0x10/0x10 [ 58.976932][ T5317] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.979225][ T5317] cfg80211_shutdown_all_interfaces+0xbb/0x1d0 [ 58.981588][ T5317] cfg80211_rfkill_set_block+0x2d/0x50 [ 58.983578][ T5317] ? __pfx_cfg80211_rfkill_set_block+0x10/0x10 [ 58.985840][ T5317] rfkill_set_block+0x1f1/0x440 [ 58.987535][ T5317] rfkill_fop_write+0x5b8/0x790 [ 58.989373][ T5317] ? __pfx_rfkill_fop_write+0x10/0x10 [ 58.991374][ T5317] ? bpf_lsm_inode_copy_up_xattr+0x20/0x20 [ 58.993617][ T5317] ? rw_verify_area+0x243/0x630 [ 58.995525][ T5317] ? __pfx_rfkill_fop_write+0x10/0x10 [ 58.997583][ T5317] vfs_write+0x29f/0xd10 [ 58.999191][ T5317] ? __pfx_vfs_write+0x10/0x10 [ 59.000960][ T5317] ? __might_fault+0xaa/0x120 [ 59.002717][ T5317] ? __fget_files+0x2a/0x410 [ 59.004452][ T5317] ? __fget_files+0x395/0x410 [ 59.006066][ T5317] ? __fget_files+0x2a/0x410 [ 59.007590][ T5317] ksys_write+0x18f/0x2b0 [ 59.009278][ T5317] ? __pfx_ksys_write+0x10/0x10 [ 59.010979][ T5317] ? do_syscall_64+0x100/0x230 [ 59.012566][ T5317] ? do_syscall_64+0xb6/0x230 [ 59.014298][ T5317] do_syscall_64+0xf3/0x230 [ 59.015913][ T5317] ? clear_bhb_loop+0x35/0x90 [ 59.017693][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.019877][ T5317] RIP: 0033:0x7fc453f8cd29 [ 59.021495][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.027864][ T5317] RSP: 002b:00007fc454d96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.031008][ T5317] RAX: ffffffffffffffda RBX: 00007fc4541a5fa0 RCX: 00007fc453f8cd29 [ 59.033991][ T5317] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000006 [ 59.037280][ T5317] RBP: 00007fc45400e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 59.040423][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.043214][ T5317] R13: 0000000000000000 R14: 00007fc4541a5fa0 R15: 00007ffd5d5fb708 [ 59.046295][ T5317] [ 59.047794][ T5317] Kernel Offset: disabled [ 59.049511][ T5317] Rebooting in 86400 seconds..