------------[ cut here ]------------
WARNING: CPU: 1 PID: 6741 at drivers/net/wireless/mac80211_hwsim.c:1906 mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
Modules linked in:
CPU: 1 PID: 6741 Comm: syz.0.570 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
lr : mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
sp : ffff800021516ee0
x29: ffff800021516f60 x28: ffff0000f5e38e80 x27: ffff0000cf28b3f0
x26: 0000000000000000 x25: ffff0000f5e3b5d8 x24: 1fffe00019e5167e
x23: 0000000000000014 x22: 0000000000000028 x21: 0000000000000028
x20: dfff800000000000 x19: ffff0000cf28b3c0 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d93d8 x15: 0000000000000002
x14: 0000000000000002 x13: 1fffe00019e51678 x12: 0000000000080000
x11: 00000000000005ac x10: ffff800022619000 x9 : ffff80000d472c34
x8 : 00000000000005ad x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000010
x2 : ffff0000cf28b3c0 x1 : 0000000000000014 x0 : 0000000000000028
Call trace:
 mac80211_hwsim_tx+0x1698/0x1fa0 drivers/net/wireless/mac80211_hwsim.c:1906
 drv_tx net/mac80211/driver-ops.h:35 [inline]
 ieee80211_tx_frags+0x304/0x6ec net/mac80211/tx.c:1773
 __ieee80211_tx+0x1a4/0x3f4 net/mac80211/tx.c:1827
 ieee80211_tx+0x290/0x3dc net/mac80211/tx.c:2007
 ieee80211_xmit+0x274/0x350 net/mac80211/tx.c:2099
 ieee80211_monitor_start_xmit+0x780/0xe0c net/mac80211/tx.c:2468
 __netdev_start_xmit include/linux/netdevice.h:4894 [inline]
 netdev_start_xmit include/linux/netdevice.h:4908 [inline]
 xmit_one net/core/dev.c:3695 [inline]
 dev_hard_start_xmit+0x234/0x8cc net/core/dev.c:3711
 sch_direct_xmit+0x210/0x474 net/sched/sch_generic.c:345
 __dev_xmit_skb net/core/dev.c:3932 [inline]
 __dev_queue_xmit+0x13bc/0x3118 net/core/dev.c:4337
 dev_queue_xmit+0x24/0x34 include/linux/netdevice.h:3051
 packet_snd net/packet/af_packet.c:3127 [inline]
 packet_sendmsg+0x2f9c/0x3fd0 net/packet/af_packet.c:3158
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg net/socket.c:730 [inline]
 __sys_sendto+0x324/0x440 net/socket.c:2152
 __do_sys_sendto net/socket.c:2164 [inline]
 __se_sys_sendto net/socket.c:2160 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2160
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1027
hardirqs last  enabled at (1026): [<ffff800011b2cf6c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (1026): [<ffff800011b2cf6c>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (1027): [<ffff800011a41dec>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (1018): [<ffff800008030954>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1024): [<ffff80000fddb77c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---