------------[ cut here ]------------
WARNING: CPU: 1 PID: 13195 at kernel/softirq.c:362 __local_bh_enable_ip+0x1be/0x200 kernel/softirq.c:362
Modules linked in:
CPU: 1 PID: 13195 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00007-gf06ce441457d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:__local_bh_enable_ip+0x1be/0x200 kernel/softirq.c:362
Code: 3b 44 24 60 75 52 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 0f 0b 90 e9 ca fe ff ff e8 55 00 00 00 eb 9c 90 <0f> 0b 90 e9 fa fe ff ff 48 c7 c1 6c 78 ad 8f 80 e1 07 80 c1 03 38
RSP: 0018:ffffc9000bd6e860 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 1ffff920017add10 RCX: ffffc9000bd6e803
RDX: 0000000000000006 RSI: 0000000000000200 RDI: ffffffff895804c2
RBP: ffffc9000bd6e910 R08: ffffffff8fad462f R09: 1ffffffff1f5a8c5
R10: dffffc0000000000 R11: fffffbfff1f5a8c6 R12: dffffc0000000000
R13: 1ffff11004935820 R14: ffffc9000bd6e8a0 R15: 0000000000000200
FS:  0000000000000000(0000) GS:ffff8880b9500000(0063) knlGS:00000000f5eb9b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f5eb8578 CR3: 000000005995e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:851 [inline]
 __dev_queue_xmit+0x16c9/0x3d30 net/core/dev.c:4420
 dev_queue_xmit include/linux/netdevice.h:3095 [inline]
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]
 __netlink_deliver_tap+0x54d/0x7c0 net/netlink/af_netlink.c:325
 netlink_deliver_tap+0x19d/0x1b0 net/netlink/af_netlink.c:338
 __netlink_sendskb net/netlink/af_netlink.c:1279 [inline]
 netlink_broadcast_deliver net/netlink/af_netlink.c:1412 [inline]
 do_one_broadcast net/netlink/af_netlink.c:1499 [inline]
 netlink_broadcast_filtered+0xe5b/0x1290 net/netlink/af_netlink.c:1544
 nlmsg_multicast_filtered include/net/netlink.h:1125 [inline]
 genlmsg_multicast_netns_filtered include/net/genetlink.h:491 [inline]
 genlmsg_multicast_netns+0x93/0xd0 include/net/genetlink.h:508
 nl80211_frame_tx_status+0x8f6/0xda0 net/wireless/nl80211.c:18948
 ieee80211_report_ack_skb net/mac80211/status.c:645 [inline]
 ieee80211_report_used_skb+0x19eb/0x2470 net/mac80211/status.c:778
 ieee80211_free_txskb+0x24/0x40 net/mac80211/status.c:1291
 ieee80211_do_stop+0x13ab/0x1ec0 net/mac80211/iface.c:650
 ieee80211_runtime_change_iftype net/mac80211/iface.c:1875 [inline]
 ieee80211_if_change_type+0x4cd/0xad0 net/mac80211/iface.c:1913
 ieee80211_change_iface+0xd2/0x4f0 net/mac80211/cfg.c:219
 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
 cfg80211_change_iface+0x782/0xf30 net/wireless/util.c:1215
 nl80211_set_interface+0x5b5/0x830 net/wireless/nl80211.c:4234
 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
 netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2585
 ___sys_sendmsg net/socket.c:2639 [inline]
 __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2668
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb4/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7430579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f5eb95ac EFLAGS: 00000206 ORIG_RAX: 0000000000000172
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000100
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	10 06                	adc    %al,(%rsi)
   2:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
   6:	10 07                	adc    %al,(%rdi)
   8:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
   c:	10 08                	adc    %cl,(%rax)
   e:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1e:	00 51 52             	add    %dl,0x52(%rcx)
  21:	55                   	push   %rbp
  22:	89 e5                	mov    %esp,%ebp
  24:	0f 34                	sysenter
  26:	cd 80                	int    $0x80
* 28:	5d                   	pop    %rbp <-- trapping instruction
  29:	5a                   	pop    %rdx
  2a:	59                   	pop    %rcx
  2b:	c3                   	ret
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	90                   	nop
  33:	90                   	nop
  34:	90                   	nop
  35:	90                   	nop
  36:	90                   	nop
  37:	90                   	nop
  38:	90                   	nop
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop