[  466.341282][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.352390][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.444018][ T7810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.479435][    T9] wlan1: No basic rates, using min rate instead
[  466.479519][ T7810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.497955][    T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  466.500779][ T7810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.536925][    T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  466.652889][   T50] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  466.767004][ T3640] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  466.876971][ T3640] wlan1: authentication with 08:02:11:00:00:00 timed out
[  468.147103][ T3789] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.648295][ T3789] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.716535][ T3789] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.809520][ T3789] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.947160][ T3789] bridge_slave_1: left allmulticast mode
[  469.958013][ T3789] bridge_slave_1: left promiscuous mode
[  469.963916][ T3789] bridge0: port 2(bridge_slave_1) entered disabled state
[  469.976050][ T3789] bridge_slave_0: left allmulticast mode
[  469.982639][ T3789] bridge_slave_0: left promiscuous mode
[  469.989689][ T3789] bridge0: port 1(bridge_slave_0) entered disabled state
[  470.172454][ T3789] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  470.182882][ T3789] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  470.192689][ T3789] bond0 (unregistering): Released all slaves
[  470.448618][ T3789] hsr_slave_0: left promiscuous mode
[  470.454667][ T3789] hsr_slave_1: left promiscuous mode
[  470.461772][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  470.473651][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_0
[  470.482421][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  470.489889][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_1
[  470.508898][ T3789] veth1_macvtap: left promiscuous mode
[  470.514423][ T3789] veth0_macvtap: left promiscuous mode
[  470.520321][ T3789] veth1_vlan: left promiscuous mode
[  470.525661][ T3789] veth0_vlan: left promiscuous mode
[  470.810488][ T3789] team0 (unregistering): Port device team_slave_1 removed
[  470.840900][ T3789] team0 (unregistering): Port device team_slave_0 removed
Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts.
executing program
[  472.373594][ T3789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  472.381550][ T3789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  472.401479][ T4472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  472.409515][ T4472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[  472.437806][ T7881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.450300][ T7881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.461087][ T7881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.471580][ T6018] wlan1: No basic rates, using min rate instead
[  472.479027][ T6018] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  472.488006][ T6018] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  472.505824][ T7882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.516361][ T4472] wlan1: authenticated
[  472.516568][ T7882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.521005][  T107] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response
[  472.531967][ T7882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.548595][ T4472] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12)
[  472.557546][ T4472] wlan1: No basic rates, using min rate instead
[  472.564095][ T4472] wlan1: associated
[  472.569458][ T7882] ------------[ cut here ]------------
[  472.575006][ T7882] WARNING: net/mac80211/tdls.c:611 at ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010, CPU#1: syz-executor124/7882
[  472.587720][ T7882] Modules linked in:
[  472.591731][ T7882] CPU: 1 UID: 0 PID: 7882 Comm: syz-executor124 Not tainted syzkaller #0 PREEMPT(full) 
[  472.601685][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  472.611809][ T7882] RIP: 0010:ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010
[  472.619504][ T7882] Code: fc ff df e9 9f fe ff ff e8 4c 76 d5 f6 90 0f 0b 90 e9 91 fe ff ff e8 3e 76 d5 f6 90 0f 0b 90 e9 83 fe ff ff e8 30 76 d5 f6 90 <0f> 0b 90 e9 75 fe ff ff e8 22 76 d5 f6 48 c7 c7 90 e3 5c 8f 4c 89
[  472.639163][ T7882] RSP: 0018:ffffc90003357080 EFLAGS: 00010293
[  472.645242][ T7882] RAX: ffffffff8aeb8190 RBX: ffff88806b774d80 RCX: ffff88802cbc0000
[  472.653242][ T7882] RDX: 0000000000000000 RSI: ffffffff8d976251 RDI: ffff88802cbc0000
[  472.661313][ T7882] RBP: ffffc90003357200 R08: 0000000000000000 R09: 000000000000000c
[  472.669341][ T7882] R10: 000000000000000c R11: 0000000000000000 R12: ffff88806b776590
[  472.677348][ T7882] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88807c858e80
[  472.685317][ T7882] FS:  000055557c7ba380(0000) GS:ffff888125f1f000(0000) knlGS:0000000000000000
[  472.694283][ T7882] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  472.700981][ T7882] CR2: 00002000000021c0 CR3: 00000000766d2000 CR4: 00000000003526f0
[  472.708988][ T7882] Call Trace:
[  472.712267][ T7882]  <TASK>
[  472.715188][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0xe5/0x4010
[  472.722093][ T7882]  ? __pfx_ieee80211_tdls_build_mgmt_packet_data+0x10/0x10
[  472.729350][ T7882]  ? sta_info_get+0x4f/0x300
[  472.733967][ T7882]  ieee80211_tdls_prep_mgmt_packet+0x3a4/0x820
[  472.740152][ T7882]  ? ieee80211_tdls_prep_mgmt_packet+0x40/0x820
[  472.746404][ T7882]  ieee80211_tdls_mgmt+0x32e/0x840
[  472.751573][ T7882]  ? __pfx___cfg80211_wdev_from_attrs+0x10/0x10
[  472.757863][ T7882]  nl80211_tdls_mgmt+0x4da/0x750
[  472.762818][ T7882]  genl_family_rcv_msg_doit+0x215/0x300
[  472.768393][ T7882]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  472.774497][ T7882]  ? bpf_lsm_capable+0x9/0x20
[  472.779237][ T7882]  ? security_capable+0x7e/0x2e0
[  472.784181][ T7882]  genl_rcv_msg+0x60e/0x790
[  472.788717][ T7882]  ? __pfx_genl_rcv_msg+0x10/0x10
[  472.793742][ T7882]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  472.799138][ T7882]  ? __pfx_nl80211_tdls_mgmt+0x10/0x10
[  472.804656][ T7882]  ? __pfx_nl80211_post_doit+0x10/0x10
[  472.810163][ T7882]  netlink_rcv_skb+0x208/0x470
[  472.814936][ T7882]  ? __pfx_genl_rcv_msg+0x10/0x10
[  472.820162][ T7882]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  472.825668][ T7882]  ? genl_rcv+0x19/0x40
[  472.829904][ T7882]  ? down_read+0x274/0x2e0
[  472.834329][ T7882]  ? genl_rcv+0xd/0x40
[  472.838419][ T7882]  genl_rcv+0x28/0x40
[  472.842401][ T7882]  netlink_unicast+0x82f/0x9e0
[  472.847224][ T7882]  ? __pfx_netlink_unicast+0x10/0x10
[  472.852602][ T7882]  ? __alloc_skb+0x198/0x3a0
[  472.857288][ T7882]  ? netlink_sendmsg+0x642/0xb30
[  472.862237][ T7882]  ? skb_put+0x11b/0x210
[  472.866505][ T7882]  netlink_sendmsg+0x805/0xb30
[  472.871352][ T7882]  ? __pfx_netlink_sendmsg+0x10/0x10
[  472.876660][ T7882]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  472.882363][ T7882]  ? security_file_ioctl+0xcb/0x2d0
[  472.887594][ T7882]  ? aa_sock_msg_perm+0xf1/0x1b0
[  472.892648][ T7882]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  472.897952][ T7882]  ? __pfx_netlink_sendmsg+0x10/0x10
[  472.903259][ T7882]  __sock_sendmsg+0x21c/0x270
[  472.907984][ T7882]  ____sys_sendmsg+0x505/0x820
[  472.912761][ T7882]  ? __pfx_____sys_sendmsg+0x10/0x10
[  472.918171][ T7882]  ? import_iovec+0x74/0xa0
[  472.922684][ T7882]  ___sys_sendmsg+0x21f/0x2a0
[  472.927401][ T7882]  ? __pfx____sys_sendmsg+0x10/0x10
[  472.932814][ T7882]  ? _copy_to_user+0x8a/0xb0
[  472.937487][ T7882]  __x64_sys_sendmsg+0x19b/0x260
[  472.942450][ T7882]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  472.948045][ T7882]  do_syscall_64+0xec/0xf80
[  472.952557][ T7882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.958658][ T7882]  ? trace_irq_disable+0x37/0x100
[  472.963692][ T7882]  ? clear_bhb_loop+0x60/0xb0
[  472.968394][ T7882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.974294][ T7882] RIP: 0033:0x7f01affecc69
[  472.978749][ T7882] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  472.998480][ T7882] RSP: 002b:00007fff492d7338 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  473.006998][ T7882] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f01affecc69
[  473.014978][ T7882] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  473.023045][ T7882] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  473.031066][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  473.039078][ T7882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  473.047116][ T7882]  </TASK>
[  473.050152][ T7882] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  473.057429][ T7882] CPU: 1 UID: 0 PID: 7882 Comm: syz-executor124 Not tainted syzkaller #0 PREEMPT(full) 
[  473.067158][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  473.077217][ T7882] Call Trace:
[  473.080504][ T7882]  <TASK>
[  473.083432][ T7882]  vpanic+0x1e0/0x670
[  473.087419][ T7882]  panic+0xb9/0xc0
[  473.091150][ T7882]  ? __pfx_panic+0x10/0x10
[  473.095572][ T7882]  __warn+0x317/0x4b0
[  473.099640][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010
[  473.106655][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010
[  473.113673][ T7882]  __report_bug+0x288/0x500
[  473.118183][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010
[  473.125204][ T7882]  ? __pfx___report_bug+0x10/0x10
[  473.130238][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010
[  473.137253][ T7882]  report_bug+0x16a/0x220
[  473.141589][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010
[  473.148608][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0x2e63/0x4010
[  473.155627][ T7882]  handle_bug+0x98/0x200
[  473.159875][ T7882]  exc_invalid_op+0x1a/0x50
[  473.164377][ T7882]  asm_exc_invalid_op+0x1a/0x20
[  473.169218][ T7882] RIP: 0010:ieee80211_tdls_build_mgmt_packet_data+0x2e61/0x4010
[  473.176841][ T7882] Code: fc ff df e9 9f fe ff ff e8 4c 76 d5 f6 90 0f 0b 90 e9 91 fe ff ff e8 3e 76 d5 f6 90 0f 0b 90 e9 83 fe ff ff e8 30 76 d5 f6 90 <0f> 0b 90 e9 75 fe ff ff e8 22 76 d5 f6 48 c7 c7 90 e3 5c 8f 4c 89
[  473.196496][ T7882] RSP: 0018:ffffc90003357080 EFLAGS: 00010293
[  473.202555][ T7882] RAX: ffffffff8aeb8190 RBX: ffff88806b774d80 RCX: ffff88802cbc0000
[  473.210527][ T7882] RDX: 0000000000000000 RSI: ffffffff8d976251 RDI: ffff88802cbc0000
[  473.218492][ T7882] RBP: ffffc90003357200 R08: 0000000000000000 R09: 000000000000000c
[  473.226451][ T7882] R10: 000000000000000c R11: 0000000000000000 R12: ffff88806b776590
[  473.234409][ T7882] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88807c858e80
[  473.242382][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0x2e60/0x4010
[  473.249418][ T7882]  ? ieee80211_tdls_build_mgmt_packet_data+0xe5/0x4010
[  473.256358][ T7882]  ? __pfx_ieee80211_tdls_build_mgmt_packet_data+0x10/0x10
[  473.263561][ T7882]  ? sta_info_get+0x4f/0x300
[  473.268200][ T7882]  ieee80211_tdls_prep_mgmt_packet+0x3a4/0x820
[  473.274347][ T7882]  ? ieee80211_tdls_prep_mgmt_packet+0x40/0x820
[  473.280581][ T7882]  ieee80211_tdls_mgmt+0x32e/0x840
[  473.285682][ T7882]  ? __pfx___cfg80211_wdev_from_attrs+0x10/0x10
[  473.291919][ T7882]  nl80211_tdls_mgmt+0x4da/0x750
[  473.296945][ T7882]  genl_family_rcv_msg_doit+0x215/0x300
[  473.302487][ T7882]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  473.308549][ T7882]  ? bpf_lsm_capable+0x9/0x20
[  473.313226][ T7882]  ? security_capable+0x7e/0x2e0
[  473.318160][ T7882]  genl_rcv_msg+0x60e/0x790
[  473.322674][ T7882]  ? __pfx_genl_rcv_msg+0x10/0x10
[  473.327688][ T7882]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  473.333068][ T7882]  ? __pfx_nl80211_tdls_mgmt+0x10/0x10
[  473.338513][ T7882]  ? __pfx_nl80211_post_doit+0x10/0x10
[  473.343980][ T7882]  netlink_rcv_skb+0x208/0x470
[  473.348741][ T7882]  ? __pfx_genl_rcv_msg+0x10/0x10
[  473.353765][ T7882]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  473.359040][ T7882]  ? genl_rcv+0x19/0x40
[  473.363197][ T7882]  ? down_read+0x274/0x2e0
[  473.367603][ T7882]  ? genl_rcv+0xd/0x40
[  473.371664][ T7882]  genl_rcv+0x28/0x40
[  473.375636][ T7882]  netlink_unicast+0x82f/0x9e0
[  473.380398][ T7882]  ? __pfx_netlink_unicast+0x10/0x10
[  473.385682][ T7882]  ? __alloc_skb+0x198/0x3a0
[  473.390264][ T7882]  ? netlink_sendmsg+0x642/0xb30
[  473.395203][ T7882]  ? skb_put+0x11b/0x210
[  473.399437][ T7882]  netlink_sendmsg+0x805/0xb30
[  473.404202][ T7882]  ? __pfx_netlink_sendmsg+0x10/0x10
[  473.409501][ T7882]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  473.415128][ T7882]  ? security_file_ioctl+0xcb/0x2d0
[  473.420311][ T7882]  ? aa_sock_msg_perm+0xf1/0x1b0
[  473.425248][ T7882]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  473.430518][ T7882]  ? __pfx_netlink_sendmsg+0x10/0x10
[  473.435799][ T7882]  __sock_sendmsg+0x21c/0x270
[  473.440477][ T7882]  ____sys_sendmsg+0x505/0x820
[  473.445255][ T7882]  ? __pfx_____sys_sendmsg+0x10/0x10
[  473.450594][ T7882]  ? import_iovec+0x74/0xa0
[  473.455104][ T7882]  ___sys_sendmsg+0x21f/0x2a0
[  473.459791][ T7882]  ? __pfx____sys_sendmsg+0x10/0x10
[  473.465008][ T7882]  ? _copy_to_user+0x8a/0xb0
[  473.469625][ T7882]  __x64_sys_sendmsg+0x19b/0x260
[  473.474561][ T7882]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  473.480117][ T7882]  do_syscall_64+0xec/0xf80
[  473.484622][ T7882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.490766][ T7882]  ? trace_irq_disable+0x37/0x100
[  473.495783][ T7882]  ? clear_bhb_loop+0x60/0xb0
[  473.500471][ T7882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.506360][ T7882] RIP: 0033:0x7f01affecc69
[  473.510782][ T7882] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  473.530451][ T7882] RSP: 002b:00007fff492d7338 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  473.538955][ T7882] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f01affecc69
[  473.546926][ T7882] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  473.554894][ T7882] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  473.562855][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  473.570820][ T7882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  473.578884][ T7882]  </TASK>
[  473.582255][ T7882] Kernel Offset: disabled
[  473.586568][ T7882] Rebooting in 86400 seconds..