netlink: 'syz.0.18': attribute type 10 has an invalid length. ------------[ cut here ]------------ wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 1 PID: 6717 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 Modules linked in: CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 lr : drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 sp : ffff80009de57080 x29: ffff80009de57080 x28: ffff0000cb8038b0 x27: ffff0000c65465d0 x26: dfff800000000000 x25: ffff800092c2b000 x24: 0000000000000000 x23: ffff0000c6544dc0 x22: ffff0000c6546ac0 x21: ffff0000cb803800 x20: ffff0000c6546b18 x19: ffff0000d17b8e80 x18: 00000000ffffffff x17: ffff800093335000 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1ffff00013bcad84 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000786 x10: 0000000000ff0100 x9 : 0cf65b3cf5d87700 x8 : 0cf65b3cf5d87700 x7 : ffff800080565b88 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807d6f80 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: drv_unassign_vif_chanctx+0x480/0x774 net/mac80211/driver-ops.c:366 (P) ieee80211_assign_link_chanctx+0x200/0xbd0 net/mac80211/chan.c:905 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1879 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2154 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:875 ieee80211_if_change_type+0x13c/0xba0 net/mac80211/iface.c:2015 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 6588 hardirqs last enabled at (6587): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (6588): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (5142): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (5142): [] cfg80211_mgmt_registrations_update+0x444/0x7e4 net/wireless/mlme.c:641 softirqs last disabled at (5140): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (5140): [] cfg80211_mgmt_registrations_update+0x10c/0x7e4 net/wireless/mlme.c:614 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ wlan1: Failed check-sdata-in wlan1: Failed check-sdata-in-driver check, flags: 0x0 WARNING: CPU: 1 PID: 6717 at net/mac80211/driver-ops.h:168 drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] WARNING: CPU: 1 PID: 6717 at net/mac80211/driver-ops.h:168 ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 Modules linked in: CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] pc : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 lr : drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] lr : ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 sp : ffff80009de57090 x29: ffff80009de57090 x28: 0000000000000000 x27: ffff0000c65465d0 x26: 1fffe00018ca8afe x25: dfff800000000000 x24: ffff800092c2b000 x23: 0000000000000000 x22: ffff0000c6546ac0 x21: ffff0000c6544dc0 x20: ffff0000d17b8e80 x19: 0000000000004000 x18: 1fffe000337d9290 x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1fffe000337dbd18 x13: 0000000000000000 x12: 0000000000000000 x11: ffff800093134c88 x10: 0000000000000003 x9 : 0cf65b3cf5d87700 x8 : 0cf65b3cf5d87700 x7 : ffff8000804936c4 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 x2 : 0000000000000006 x1 : ffff80008b40b540 x0 : 0000000000000001 Call trace: drv_vif_cfg_changed net/mac80211/driver-ops.h:168 [inline] (P) ieee80211_vif_cfg_change_notify+0x31c/0x3b8 net/mac80211/main.c:400 (P) ieee80211_assign_link_chanctx+0xa3c/0xbd0 net/mac80211/chan.c:963 __ieee80211_link_release_channel+0x2ec/0x5e8 net/mac80211/chan.c:1879 ieee80211_link_release_channel+0x15c/0x1b8 net/mac80211/chan.c:2154 ieee80211_link_stop+0x2cc/0x35c net/mac80211/link.c:171 ieee80211_teardown_sdata+0xc4/0x140 net/mac80211/iface.c:875 ieee80211_if_change_type+0x13c/0xba0 net/mac80211/iface.c:2015 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 6724 hardirqs last enabled at (6723): [] raw_spin_rq_unlock_irq kernel/sched/sched.h:1559 [inline] hardirqs last enabled at (6723): [] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5073 hardirqs last disabled at (6724): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (6708): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (6708): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (6591): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ ODEBUG: init active (active state 0) object: 000000006d4d68da object type: timer_list hint: 0x0 WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline] WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 Modules linked in: CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:612 [inline] pc : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 lr : debug_print_object lib/debugobjects.c:612 [inline] lr : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 sp : ffff80009de57100 x29: ffff80009de57100 x28: dfff800000000000 x27: dfff800000000000 x26: ffff80008aee8100 x25: 0000000000000000 x24: 0000000000000003 x23: ffff0000c6545bf8 x22: ffff80008b40c040 x21: 0000000000000000 x20: ffff80008aee8100 x19: ffff0000c6545bf8 x18: 00000000ffffffff x17: 626f206164383664 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1ffff00013bcad58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000829 x10: 0000000000ff0100 x9 : 0cf65b3cf5d87700 x8 : 0cf65b3cf5d87700 x7 : ffff800080565b88 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:612 [inline] (P) __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 (P) debug_object_init+0x20/0x2c lib/debugobjects.c:779 debug_timer_init kernel/time/timer.c:788 [inline] debug_init kernel/time/timer.c:836 [inline] timer_init_key+0x54/0x41c kernel/time/timer.c:880 ieee80211_ibss_setup_sdata+0x48/0x104 net/mac80211/ibss.c:1685 ieee80211_setup_sdata+0x5d8/0x974 net/mac80211/iface.c:1873 ieee80211_if_change_type+0x148/0xba0 net/mac80211/iface.c:2016 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 7036 hardirqs last enabled at (7035): [] vprintk_store+0x898/0xac8 kernel/printk/printk.c:2329 hardirqs last disabled at (7036): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412 softirqs last enabled at (7014): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (7012): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 assign_lock_key+0x178/0x188 kernel/locking/lockdep.c:984 register_lock_class+0xf0/0x348 kernel/locking/lockdep.c:1299 __lock_acquire+0xbc/0x30a4 kernel/locking/lockdep.c:5112 lock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5868 __timer_delete_sync+0x78/0x1d4 kernel/time/timer.c:1603 timer_delete_sync kernel/time/timer.c:1676 [inline] timer_fixup_init+0x40/0x70 kernel/time/timer.c:705 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 debug_timer_init kernel/time/timer.c:788 [inline] debug_init kernel/time/timer.c:836 [inline] timer_init_key+0x54/0x41c kernel/time/timer.c:880 ieee80211_ibss_setup_sdata+0x48/0x104 net/mac80211/ibss.c:1685 ieee80211_setup_sdata+0x5d8/0x974 net/mac80211/iface.c:1873 ieee80211_if_change_type+0x148/0xba0 net/mac80211/iface.c:2016 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 ------------[ cut here ]------------ ODEBUG: init active (active state 0) object: 000000006d4d68da object type: timer_list hint: 0x0 WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline] WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 Modules linked in: CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:612 [inline] pc : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 lr : debug_print_object lib/debugobjects.c:612 [inline] lr : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 sp : ffff80009de57070 x29: ffff80009de57070 x28: dfff800000000000 x27: dfff800000000000 x26: ffff80008aee8100 x25: 0000000000000000 x24: 0000000000000003 x23: ffff0000c6545bf8 x22: ffff80008b40c040 x21: 0000000000000000 x20: ffff80008aee8100 x19: ffff0000c6545bf8 x18: 00000000ffffffff x17: 626f206164383664 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1ffff00013bcad44 x13: 0000000000000000 x12: 0000000000000000 x11: 00000000000008a4 x10: 0000000000ff0100 x9 : 0cf65b3cf5d87700 x8 : 0cf65b3cf5d87700 x7 : 0000000000000001 x6 : ffff800080565b88 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:612 [inline] (P) __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 (P) debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 debug_timer_init kernel/time/timer.c:788 [inline] debug_init kernel/time/timer.c:836 [inline] timer_init_key+0x54/0x41c kernel/time/timer.c:880 ieee80211_ibss_setup_sdata+0x48/0x104 net/mac80211/ibss.c:1685 ieee80211_setup_sdata+0x5d8/0x974 net/mac80211/iface.c:1873 ieee80211_if_change_type+0x148/0xba0 net/mac80211/iface.c:2016 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 7070 hardirqs last enabled at (7069): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (7070): [] __timer_delete_sync+0x48/0x1d4 kernel/time/timer.c:1602 softirqs last enabled at (7064): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (7064): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (7039): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ ODEBUG: init active (active state 0) object: 000000006d4d68da object type: timer_list hint: 0x0 WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline] WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 Modules linked in: CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:612 [inline] pc : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 lr : debug_print_object lib/debugobjects.c:612 [inline] lr : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 sp : ffff80009de56fe0 x29: ffff80009de56fe0 x28: dfff800000000000 x27: dfff800000000000 x26: ffff80008aee8100 x25: 0000000000000000 x24: 0000000000000003 x23: ffff0000c6545bf8 x22: ffff80008b40c040 x21: 0000000000000000 x20: ffff80008aee8100 x19: ffff0000c6545bf8 x18: 00000000ffffffff x17: 626f206164383664 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1ffff00013bcad70 x13: 0000000000000000 x12: 0000000000000000 x11: 00000000000008f9 x10: 0000000000ff0100 x9 : 0cf65b3cf5d87700 x8 : 0cf65b3cf5d87700 x7 : 0000000000000001 x6 : ffff800080565b88 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807d6f80 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:612 [inline] (P) __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 (P) debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 debug_timer_init kernel/time/timer.c:788 [inline] debug_init kernel/time/timer.c:836 [inline] timer_init_key+0x54/0x41c kernel/time/timer.c:880 ieee80211_ibss_setup_sdata+0x48/0x104 net/mac80211/ibss.c:1685 ieee80211_setup_sdata+0x5d8/0x974 net/mac80211/iface.c:1873 ieee80211_if_change_type+0x148/0xba0 net/mac80211/iface.c:2016 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 7070 hardirqs last enabled at (7069): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (7070): [] __timer_delete_sync+0x48/0x1d4 kernel/time/timer.c:1602 softirqs last enabled at (7064): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (7064): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (7039): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ ODEBUG: init active (active state 0) object: 000000006d4d68da object type: timer_list hint: 0x0 WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline] WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 Modules linked in: CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:612 [inline] pc : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 lr : debug_print_object lib/debugobjects.c:612 [inline] lr : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 sp : ffff80009de56f50 x29: ffff80009de56f50 x28: dfff800000000000 x27: dfff800000000000 x26: ffff80008aee8100 x25: 0000000000000000 x24: 0000000000000003 x23: ffff0000c6545bf8 x22: ffff80008b40c040 x21: 0000000000000000 x20: ffff80008aee8100 x19: ffff0000c6545bf8 x18: 00000000ffffffff x17: 626f206164383664 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1ffff00013bcad5c x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000951 x10: 0000000000ff0100 x9 : 0cf65b3cf5d87700 x8 : 0cf65b3cf5d87700 x7 : 0000000000000001 x6 : ffff800080565b88 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807d6f80 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:612 [inline] (P) __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 (P) debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 debug_timer_init kernel/time/timer.c:788 [inline] debug_init kernel/time/timer.c:836 [inline] timer_init_key+0x54/0x41c kernel/time/timer.c:880 ieee80211_ibss_setup_sdata+0x48/0x104 net/mac80211/ibss.c:1685 ieee80211_setup_sdata+0x5d8/0x974 net/mac80211/iface.c:1873 ieee80211_if_change_type+0x148/0xba0 net/mac80211/iface.c:2016 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 7070 hardirqs last enabled at (7069): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (7070): [] __timer_delete_sync+0x48/0x1d4 kernel/time/timer.c:1602 softirqs last enabled at (7064): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (7064): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (7039): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ ODEBUG: init active (active state 0) object: 000000006d4d68da object type: timer_list hint: 0x0 WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 debug_print_object lib/debugobjects.c:612 [inline] WARNING: CPU: 1 PID: 6717 at lib/debugobjects.c:615 __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 Modules linked in: CPU: 1 UID: 0 PID: 6717 Comm: syz.0.18 Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:612 [inline] pc : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 lr : debug_print_object lib/debugobjects.c:612 [inline] lr : __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 sp : ffff80009de56ec0 x29: ffff80009de56ec0 x28: dfff800000000000 x27: dfff800000000000 x26: ffff80008aee8100 x25: 0000000000000000 x24: 0000000000000003 x23: ffff0000c6545bf8 x22: ffff80008b40c040 x21: 0000000000000000 x20: ffff80008aee8100 x19: ffff0000c6545bf8 x18: 00000000ffffffff x17: 626f206164383664 x16: ffff800082defcc0 x15: 0000000000000001 x14: 1ffff00013bcad4c x13: 0000000000000000 x12: 0000000000000000 x11: 00000000000009ac x10: 0000000000ff0100 x9 : 0cf65b3cf5d87700 x8 : 0cf65b3cf5d87700 x7 : 0000000000000001 x6 : ffff800080565b88 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807d6f80 x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:612 [inline] (P) __debug_object_init+0x2c0/0x40c lib/debugobjects.c:763 (P) debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 timer_fixup_init+0x50/0x70 kernel/time/timer.c:706 debug_object_fixup lib/debugobjects.c:628 [inline] __debug_object_init+0x308/0x40c lib/debugobjects.c:766 debug_object_init+0x20/0x2c lib/debugobjects.c:779 debug_timer_init kernel/time/timer.c:788 [inline] debug_init kernel/time/timer.c:836 [inline] timer_init_key+0x54/0x41c kernel/time/timer.c:880 ieee80211_ibss_setup_sdata+0x48/0x104 net/mac80211/ibss.c:1685 ieee80211_setup_sdata+0x5d8/0x974 net/mac80211/iface.c:1873 ieee80211_if_change_type+0x148/0xba0 net/mac80211/iface.c:2016 ieee80211_change_iface+0xdc/0x498 net/mac80211/cfg.c:254 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x6a0/0xdd4 net/wireless/util.c:1238 nl80211_set_interface+0x5c4/0x89c net/wireless/nl80211.c:4632 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x36c/0x4f4 net/socket.c:2244 __do_sys_sendto net/socket.c:2251 [inline] __se_sys_sendto net/socket.c:2247 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2247 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 irq event stamp: 7070 hardirqs last enabled at (7069): [] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214 hardirqs last disabled at (7070): [] __timer_delete_sync+0x48/0x1d4 kernel/time/timer.c:1602 softirqs last enabled at (7064): [] softirq_handle_end kernel/softirq.c:468 [inline] softirqs last enabled at (7064): [] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650 softirqs last disabled at (7039): [] __do_softirq+0x14/0x20 kernel/softirq.c:656 ---[ end trace 0000000000000000 ]---