Warning: Permanently added '10.128.0.228' (ED25519) to the list of known hosts. 2025/09/03 08:39:16 parsed 1 programs syzkaller login: [ 69.450479][ T5785] cgroup: Unknown subsys name 'net' [ 69.583151][ T5785] cgroup: Unknown subsys name 'rlimit' [ 70.974517][ T5785] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.929353][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.935877][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.814901][ T1072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.823625][ T1072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.852475][ T1084] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.860363][ T1084] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.442695][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 75.537268][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.545432][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.553153][ T5858] bridge_slave_0: entered allmulticast mode [ 75.560127][ T5858] bridge_slave_0: entered promiscuous mode [ 75.569247][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.576334][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.583664][ T5858] bridge_slave_1: entered allmulticast mode [ 75.590556][ T5858] bridge_slave_1: entered promiscuous mode [ 75.636222][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.648418][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.680451][ T5858] team0: Port device team_slave_0 added [ 75.689350][ T5858] team0: Port device team_slave_1 added [ 75.723919][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.731222][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.757537][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.772602][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.780721][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.807200][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.863631][ T5858] hsr_slave_0: entered promiscuous mode [ 75.875214][ T5858] hsr_slave_1: entered promiscuous mode [ 76.050551][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.063923][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.076472][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.099270][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.171857][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.195806][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.208548][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.215834][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.232772][ T1084] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.239963][ T1084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.409813][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.446363][ T5858] veth0_vlan: entered promiscuous mode [ 76.457036][ T5858] veth1_vlan: entered promiscuous mode [ 76.486122][ T5858] veth0_macvtap: entered promiscuous mode [ 76.496023][ T5858] veth1_macvtap: entered promiscuous mode [ 76.518543][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.532076][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.543566][ T5858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.554058][ T5858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.563085][ T5858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.572280][ T5858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.715169][ T5881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.724748][ T5881] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.733328][ T5881] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.743579][ T5881] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.751983][ T5881] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.759892][ T5881] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.771158][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/09/03 08:39:25 executed programs: 0 [ 77.260940][ T5881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.269719][ T5881] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.278566][ T5881] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.289387][ T5881] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.297723][ T5881] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.305054][ T5881] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.504515][ T5891] chnl_net:caif_netlink_parms(): no params data found [ 77.589308][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.596595][ T5891] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.603818][ T5891] bridge_slave_0: entered allmulticast mode [ 77.612604][ T5891] bridge_slave_0: entered promiscuous mode [ 77.621602][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.629133][ T5891] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.636339][ T5891] bridge_slave_1: entered allmulticast mode [ 77.643729][ T5891] bridge_slave_1: entered promiscuous mode [ 77.672469][ T5891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.685419][ T5891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.725012][ T5891] team0: Port device team_slave_0 added [ 77.735741][ T5891] team0: Port device team_slave_1 added [ 77.759943][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.767099][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.793329][ T5891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.806110][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.813368][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.840600][ T5891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.889721][ T5891] hsr_slave_0: entered promiscuous mode [ 77.896032][ T5891] hsr_slave_1: entered promiscuous mode [ 77.902224][ T5891] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.910790][ T5891] Cannot create hsr debugfs directory [ 79.377727][ T5881] Bluetooth: hci0: command tx timeout [ 79.440799][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.447545][ T5881] Bluetooth: hci0: command tx timeout [ 81.939514][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.991112][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.170378][ T9] cfg80211: failed to load regulatory.db [ 82.855940][ T11] hsr_slave_0: left promiscuous mode [ 82.864394][ T11] hsr_slave_1: left promiscuous mode [ 82.870746][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.878641][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.887230][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.894795][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.903578][ T11] bridge_slave_1: left allmulticast mode [ 82.909369][ T11] bridge_slave_1: left promiscuous mode [ 82.916060][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.929222][ T11] bridge_slave_0: left allmulticast mode [ 82.934931][ T11] bridge_slave_0: left promiscuous mode [ 82.941057][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.962161][ T11] veth1_macvtap: left promiscuous mode [ 82.968155][ T11] veth0_macvtap: left promiscuous mode [ 82.974657][ T11] veth1_vlan: left promiscuous mode [ 82.980447][ T11] veth0_vlan: left promiscuous mode [ 83.366154][ T11] team0 (unregistering): Port device team_slave_1 removed [ 83.401687][ T11] team0 (unregistering): Port device team_slave_0 removed [ 83.432223][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.470325][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.527822][ T5881] Bluetooth: hci0: command tx timeout [ 83.737004][ T11] bond0 (unregistering): Released all slaves [ 83.830499][ T5891] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.842752][ T5891] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.856273][ T5891] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.872691][ T5891] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.958657][ T5891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.974237][ T5891] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.987413][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.994543][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.009347][ T1072] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.016587][ T1072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.213223][ T5891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.247862][ T5891] veth0_vlan: entered promiscuous mode [ 84.264913][ T5891] veth1_vlan: entered promiscuous mode [ 84.289345][ T5891] veth0_macvtap: entered promiscuous mode [ 84.297860][ T5891] veth1_macvtap: entered promiscuous mode [ 84.323635][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.337913][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.356402][ T5891] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.365571][ T5891] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.374673][ T5891] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.383572][ T5891] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.453971][ T1072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.465694][ T1072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.490245][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.499402][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.548644][ T5941] ------------[ cut here ]------------ [ 84.548831][ T67] ------------[ cut here ]------------ [ 84.554310][ T5941] WARNING: CPU: 1 PID: 5941 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.560282][ T67] WARNING: CPU: 0 PID: 67 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.560318][ T67] Modules linked in: [ 84.560348][ T67] CPU: 0 PID: 67 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 84.560366][ T67] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 84.560377][ T67] Workqueue: events_unbound cfg80211_wiphy_work [ 84.571865][ T5941] Modules linked in: [ 84.582713][ T67] [ 84.582723][ T67] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.582752][ T67] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 84.582767][ T67] RSP: 0018:ffffc90001597200 EFLAGS: 00010293 [ 84.582787][ T67] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88801eaeda00 [ 84.582801][ T67] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 84.582813][ T67] RBP: dffffc0000000000 R08: ffffffff90da55c7 R09: 1ffffffff21b4ab8 [ 84.582826][ T67] R10: dffffc0000000000 R11: fffffbfff21b4ab9 R12: 0000000000000001 [ 84.582840][ T67] R13: ffff88801cff25d9 R14: ffff88802588ac70 R15: ffff88802588ace8 [ 84.582853][ T67] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 84.586988][ T5941] [ 84.594355][ T67] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.604708][ T5941] CPU: 1 PID: 5941 Comm: syz.0.17 Not tainted syzkaller #0 [ 84.604733][ T5941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 84.604744][ T5941] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.604773][ T5941] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 84.604788][ T5941] RSP: 0018:ffffc900036a6e20 EFLAGS: 00010293 [ 84.604807][ T5941] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88807ed33c00 [ 84.604821][ T5941] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 84.604832][ T5941] RBP: dffffc0000000000 R08: ffffffff90da55c7 R09: 1ffffffff21b4ab8 [ 84.604846][ T5941] R10: dffffc0000000000 R11: fffffbfff21b4ab9 R12: 0000000000000001 [ 84.604859][ T5941] R13: ffff88807e56e5d9 R14: ffff88807b8d2c70 R15: ffff88807b8d2ce8 [ 84.604873][ T5941] FS: 000055557663b500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 84.604888][ T5941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.611423][ T67] CR2: 00007f710a9be432 CR3: 000000002c2ad000 CR4: 00000000003506f0 [ 84.615114][ T5941] CR2: 0000001b2ce63fff CR3: 000000007b34e000 CR4: 00000000003506e0 [ 84.617754][ T67] Call Trace: [ 84.624786][ T5941] Call Trace: [ 84.645072][ T67] [ 84.651098][ T5941] [ 84.651133][ T5941] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 84.651170][ T5941] ieee80211_csa_finalize+0x59a/0xf00 [ 84.651203][ T5941] ? ieee80211_csa_finalize_work+0x140/0x140 [ 84.651228][ T5941] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 84.651270][ T5941] ieee80211_channel_switch+0xa8a/0xe30 [ 84.651314][ T5941] ? ieee80211_csa_finalize+0xf00/0xf00 [ 84.659725][ T67] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 84.667422][ T5941] ? mutex_lock_nested+0x20/0x20 [ 84.667453][ T5941] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 84.667483][ T5941] rdev_channel_switch+0xeb/0x240 [ 84.667511][ T5941] nl80211_channel_switch+0xa07/0x1040 [ 84.667529][ T5941] ? genl_family_rcv_msg_doit+0xb9/0x2f0 [ 84.667567][ T5941] ? nl80211_set_coalesce+0x1310/0x1310 [ 84.667620][ T5941] ? __nla_parse+0x40/0x50 [ 84.675581][ T67] ieee80211_csa_finalize+0x59a/0xf00 [ 84.683591][ T5941] ? nl80211_pre_doit+0x4f1/0x930 [ 84.683623][ T5941] genl_family_rcv_msg_doit+0x209/0x2f0 [ 84.683654][ T5941] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 84.683685][ T5941] ? bpf_lsm_capable+0x9/0x10 [ 84.683709][ T5941] ? security_capable+0x89/0xb0 [ 84.683744][ T5941] genl_rcv_msg+0x60b/0x790 [ 84.683773][ T5941] ? genl_bind+0x360/0x360 [ 84.683793][ T5941] ? nl80211_exit+0x30/0x30 [ 84.683813][ T5941] ? nl80211_set_coalesce+0x1310/0x1310 [ 84.683831][ T5941] ? nl80211_pre_doit+0x930/0x930 [ 84.683855][ T5941] ? ref_tracker_free+0x634/0x7d0 [ 84.683871][ T5941] ? __copy_skb_header+0xa7/0x550 [ 84.683909][ T5941] netlink_rcv_skb+0x216/0x480 [ 84.692143][ T67] ? ieee80211_csa_finalize_work+0x140/0x140 [ 84.701108][ T5941] ? genl_bind+0x360/0x360 [ 84.701137][ T5941] ? netlink_ack+0x1110/0x1110 [ 84.701179][ T5941] ? __lock_acquire+0x7c80/0x7c80 [ 84.701210][ T5941] ? down_read+0x1ac/0x2e0 [ 84.701235][ T5941] genl_rcv+0x28/0x40 [ 84.701255][ T5941] netlink_unicast+0x751/0x8d0 [ 84.701290][ T5941] netlink_sendmsg+0x8c1/0xbe0 [ 84.703609][ T67] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 84.710262][ T5941] ? netlink_getsockopt+0x580/0x580 [ 84.710286][ T5941] ? aa_sock_msg_perm+0x94/0x150 [ 84.710316][ T5941] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 84.710337][ T5941] ? security_socket_sendmsg+0x80/0xa0 [ 84.710357][ T5941] ? netlink_getsockopt+0x580/0x580 [ 84.710377][ T5941] ____sys_sendmsg+0x5bf/0x950 [ 84.710408][ T5941] ? __asan_memset+0x22/0x40 [ 84.710430][ T5941] ? __sys_sendmsg_sock+0x30/0x30 [ 84.710450][ T5941] ? __import_iovec+0x5f2/0x860 [ 84.710484][ T5941] ? import_iovec+0x73/0xa0 [ 84.710510][ T5941] ___sys_sendmsg+0x220/0x290 [ 84.710534][ T5941] ? __sys_sendmsg+0x270/0x270 [ 84.717964][ T67] ieee80211_channel_switch+0xa8a/0xe30 [ 84.728030][ T5941] ? futex_wake+0x3e0/0x4b0 [ 84.728062][ T5941] ? put_user_ifreq+0x85/0xb0 [ 84.728104][ T5941] __se_sys_sendmsg+0x1a5/0x270 [ 84.728127][ T5941] ? __x64_sys_sendmsg+0x80/0x80 [ 84.728163][ T5941] ? lockdep_hardirqs_on+0x98/0x150 [ 84.728190][ T5941] do_syscall_64+0x55/0xb0 [ 84.728209][ T5941] ? clear_bhb_loop+0x40/0x90 [ 84.728226][ T5941] ? clear_bhb_loop+0x40/0x90 [ 84.728244][ T5941] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 84.728269][ T5941] RIP: 0033:0x7f827518ebe9 [ 84.728287][ T5941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.728362][ T5941] RSP: 002b:00007ffeb81bd2f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.728385][ T5941] RAX: ffffffffffffffda RBX: 00007f82753c5fa0 RCX: 00007f827518ebe9 [ 84.728399][ T5941] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 84.728411][ T5941] RBP: 00007f8275211e19 R08: 0000000000000000 R09: 0000000000000000 [ 84.728423][ T5941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.728435][ T5941] R13: 00007f82753c5fa0 R14: 00007f82753c5fa0 R15: 0000000000000003 [ 84.728463][ T5941] [ 84.735738][ T67] ? ieee80211_csa_finalize+0xf00/0xf00 [ 84.755430][ T5941] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 84.755440][ T5941] CPU: 1 PID: 5941 Comm: syz.0.17 Not tainted syzkaller #0 [ 84.755455][ T5941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 84.755463][ T5941] Call Trace: [ 84.755469][ T5941] [ 84.755475][ T5941] dump_stack_lvl+0x16c/0x230 [ 84.755498][ T5941] ? show_regs_print_info+0x20/0x20 [ 84.755516][ T5941] ? load_image+0x3b0/0x3b0 [ 84.755542][ T5941] panic+0x2c0/0x710 [ 84.755570][ T5941] ? bpf_jit_dump+0xd0/0xd0 [ 84.755609][ T5941] __warn+0x2e0/0x470 [ 84.755627][ T5941] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.755653][ T5941] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.755673][ T5941] report_bug+0x2be/0x4f0 [ 84.755693][ T5941] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.755714][ T5941] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.755735][ T5941] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 84.755755][ T5941] handle_bug+0xcf/0x120 [ 84.755774][ T5941] exc_invalid_op+0x1a/0x50 [ 84.755791][ T5941] asm_exc_invalid_op+0x1a/0x20 [ 84.755810][ T5941] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 84.755831][ T5941] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 84.755842][ T5941] RSP: 0018:ffffc900036a6e20 EFLAGS: 00010293 [ 84.755857][ T5941] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88807ed33c00 [ 84.755868][ T5941] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 84.755877][ T5941] RBP: dffffc0000000000 R08: ffffffff90da55c7 R09: 1ffffffff21b4ab8 [ 84.755887][ T5941] R10: dffffc0000000000 R11: fffffbfff21b4ab9 R12: 0000000000000001 [ 84.755897][ T5941] R13: ffff88807e56e5d9 R14: ffff88807b8d2c70 R15: ffff88807b8d2ce8 [ 84.755916][ T5941] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 84.755955][ T5941] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 84.755981][ T5941] ieee80211_csa_finalize+0x59a/0xf00 [ 84.756008][ T5941] ? ieee80211_csa_finalize_work+0x140/0x140 [ 84.756030][ T5941] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 84.756059][ T5941] ieee80211_channel_switch+0xa8a/0xe30 [ 84.756092][ T5941] ? ieee80211_csa_finalize+0xf00/0xf00 [ 84.756118][ T5941] ? mutex_lock_nested+0x20/0x20 [ 84.756140][ T5941] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 84.756166][ T5941] rdev_channel_switch+0xeb/0x240 [ 84.756189][ T5941] nl80211_channel_switch+0xa07/0x1040 [ 84.756203][ T5941] ? genl_family_rcv_msg_doit+0xb9/0x2f0 [ 84.756235][ T5941] ? nl80211_set_coalesce+0x1310/0x1310 [ 84.756287][ T5941] ? __nla_parse+0x40/0x50 [ 84.756317][ T5941] ? nl80211_pre_doit+0x4f1/0x930 [ 84.756343][ T5941] genl_family_rcv_msg_doit+0x209/0x2f0 [ 84.756369][ T5941] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 84.756396][ T5941] ? bpf_lsm_capable+0x9/0x10 [ 84.756415][ T5941] ? security_capable+0x89/0xb0 [ 84.756440][ T5941] genl_rcv_msg+0x60b/0x790 [ 84.756465][ T5941] ? genl_bind+0x360/0x360 [ 84.756486][ T5941] ? nl80211_exit+0x30/0x30 [ 84.756502][ T5941] ? nl80211_set_coalesce+0x1310/0x1310 [ 84.756517][ T5941] ? nl80211_pre_doit+0x930/0x930 [ 84.756538][ T5941] ? ref_tracker_free+0x634/0x7d0 [ 84.756551][ T5941] ? __copy_skb_header+0xa7/0x550 [ 84.756580][ T5941] netlink_rcv_skb+0x216/0x480 [ 84.756597][ T5941] ? genl_bind+0x360/0x360 [ 84.756617][ T5941] ? netlink_ack+0x1110/0x1110 [ 84.756645][ T5941] ? __lock_acquire+0x7c80/0x7c80 [ 84.756670][ T5941] ? down_read+0x1ac/0x2e0 [ 84.756690][ T5941] genl_rcv+0x28/0x40 [ 84.756708][ T5941] netlink_unicast+0x751/0x8d0 [ 84.756735][ T5941] netlink_sendmsg+0x8c1/0xbe0 [ 84.756761][ T5941] ? netlink_getsockopt+0x580/0x580 [ 84.756781][ T5941] ? aa_sock_msg_perm+0x94/0x150 [ 84.756799][ T5941] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 84.756815][ T5941] ? security_socket_sendmsg+0x80/0xa0 [ 84.756831][ T5941] ? netlink_getsockopt+0x580/0x580 [ 84.756848][ T5941] ____sys_sendmsg+0x5bf/0x950 [ 84.756873][ T5941] ? __asan_memset+0x22/0x40 [ 84.756891][ T5941] ? __sys_sendmsg_sock+0x30/0x30 [ 84.756908][ T5941] ? __import_iovec+0x5f2/0x860 [ 84.756936][ T5941] ? import_iovec+0x73/0xa0 [ 84.756959][ T5941] ___sys_sendmsg+0x220/0x290 [ 84.756980][ T5941] ? __sys_sendmsg+0x270/0x270 [ 84.757005][ T5941] ? futex_wake+0x3e0/0x4b0 [ 84.757032][ T5941] ? put_user_ifreq+0x85/0xb0 [ 84.757075][ T5941] __se_sys_sendmsg+0x1a5/0x270 [ 84.757097][ T5941] ? __x64_sys_sendmsg+0x80/0x80 [ 84.757132][ T5941] ? lockdep_hardirqs_on+0x98/0x150 [ 84.757155][ T5941] do_syscall_64+0x55/0xb0 [ 84.757169][ T5941] ? clear_bhb_loop+0x40/0x90 [ 84.757182][ T5941] ? clear_bhb_loop+0x40/0x90 [ 84.757198][ T5941] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 84.757218][ T5941] RIP: 0033:0x7f827518ebe9 [ 84.757232][ T5941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.757243][ T5941] RSP: 002b:00007ffeb81bd2f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.757258][ T5941] RAX: ffffffffffffffda RBX: 00007f82753c5fa0 RCX: 00007f827518ebe9 [ 84.757268][ T5941] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 84.757278][ T5941] RBP: 00007f8275211e19 R08: 0000000000000000 R09: 0000000000000000 [ 84.757287][ T5941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.757302][ T5941] R13: 00007f82753c5fa0 R14: 00007f82753c5fa0 R15: 0000000000000003 [ 84.757327][ T5941] [ 84.762098][ T5941] Kernel Offset: disabled