Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts.
2026/04/05 13:42:46 parsed 1 programs
[   89.604651][ T5771] cgroup: Unknown subsys name 'net'
[   89.715553][ T5771] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   91.502484][ T5771] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.174589][  T967] cfg80211: failed to load regulatory.db
[   94.382143][ T5802] chnl_net:caif_netlink_parms(): no params data found
[   94.480817][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.488718][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.495922][ T5802] bridge_slave_0: entered allmulticast mode
[   94.503457][ T5802] bridge_slave_0: entered promiscuous mode
[   94.513285][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.521017][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.528675][ T5802] bridge_slave_1: entered allmulticast mode
[   94.535740][ T5802] bridge_slave_1: entered promiscuous mode
[   94.568741][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.580658][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.613158][ T5802] team0: Port device team_slave_0 added
[   94.621302][ T5802] team0: Port device team_slave_1 added
[   94.645707][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.653043][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.679430][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.694639][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.702463][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.730253][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.794933][ T5802] hsr_slave_0: entered promiscuous mode
[   94.802270][ T5802] hsr_slave_1: entered promiscuous mode
[   94.968720][ T5802] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.987939][ T5802] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.999859][ T5802] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.011112][ T5802] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.102449][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.135939][ T5802] 8021q: adding VLAN 0 to HW filter on device team0
[   95.152794][   T33] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.160177][   T33] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.176167][   T33] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.183349][   T33] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.427858][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.485164][ T5802] veth0_vlan: entered promiscuous mode
[   95.501180][ T5802] veth1_vlan: entered promiscuous mode
[   95.544950][ T5802] veth0_macvtap: entered promiscuous mode
[   95.555517][ T5802] veth1_macvtap: entered promiscuous mode
[   95.581067][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.594228][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.607296][ T5802] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.616373][ T5802] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.625110][ T5802] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.634513][ T5802] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.806000][   T33] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.985986][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.994411][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.004139][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.015620][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.024314][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   96.031974][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.335545][ T1325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.344424][ T1325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.380491][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.389200][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.224850][   T33] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/04/05 13:42:58 executed programs: 0
[   98.741909][ T5083] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.752054][ T5083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.767308][ T5083] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.775987][ T5083] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.784698][ T5083] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   98.792980][ T5083] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.939780][ T5870] chnl_net:caif_netlink_parms(): no params data found
[   99.012467][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.019840][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.028093][ T5870] bridge_slave_0: entered allmulticast mode
[   99.035185][ T5870] bridge_slave_0: entered promiscuous mode
[   99.043879][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.051275][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.058618][ T5870] bridge_slave_1: entered allmulticast mode
[   99.065693][ T5870] bridge_slave_1: entered promiscuous mode
[   99.096225][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.108471][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.139991][ T5870] team0: Port device team_slave_0 added
[   99.149100][ T5870] team0: Port device team_slave_1 added
[   99.175135][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.182176][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.208868][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.223189][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.230518][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.256636][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.299528][ T5870] hsr_slave_0: entered promiscuous mode
[   99.306215][ T5870] hsr_slave_1: entered promiscuous mode
[   99.312697][ T5870] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.321178][ T5870] Cannot create hsr debugfs directory
[  100.591219][   T33] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.653033][   T33] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.880331][ T5083] Bluetooth: hci0: command tx timeout
[  101.579802][   T33] hsr_slave_0: left promiscuous mode
[  101.587466][   T33] hsr_slave_1: left promiscuous mode
[  101.594048][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.604252][   T33] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.619349][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.627044][   T33] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.635143][   T33] bridge_slave_1: left allmulticast mode
[  101.644284][   T33] bridge_slave_1: left promiscuous mode
[  101.651486][   T33] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.668732][   T33] bridge_slave_0: left allmulticast mode
[  101.674464][   T33] bridge_slave_0: left promiscuous mode
[  101.682955][   T33] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.719219][   T33] veth1_macvtap: left promiscuous mode
[  101.725211][   T33] veth0_macvtap: left promiscuous mode
[  101.731649][   T33] veth1_vlan: left promiscuous mode
[  101.737410][   T33] veth0_vlan: left promiscuous mode
[  102.261864][   T33] team0 (unregistering): Port device team_slave_1 removed
[  102.296357][   T33] team0 (unregistering): Port device team_slave_0 removed
[  102.339078][   T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.373897][   T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.618230][   T33] bond0 (unregistering): Released all slaves
[  102.720595][ T5870] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.730755][ T5870] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.741794][ T5870] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.753130][ T5870] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.873731][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.909256][ T5870] 8021q: adding VLAN 0 to HW filter on device team0
[  102.932541][ T1325] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.939726][ T1325] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.955326][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.962553][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.966552][ T5083] Bluetooth: hci0: command tx timeout
[  103.265696][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.345263][ T5870] veth0_vlan: entered promiscuous mode
[  103.378227][ T5870] veth1_vlan: entered promiscuous mode
[  103.426098][ T5870] veth0_macvtap: entered promiscuous mode
[  103.438378][ T5870] veth1_macvtap: entered promiscuous mode
[  103.460188][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.474524][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.489314][ T5870] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.498358][ T5870] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.507681][ T5870] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.516772][ T5870] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.588228][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.602329][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.628799][  T993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.637948][  T993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.693246][ T5910] ------------[ cut here ]------------
[  103.694262][   T61] ------------[ cut here ]------------
[  103.699128][ T5910] WARNING: CPU: 0 PID: 5910 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  103.699209][ T5910] Modules linked in:
[  103.704801][   T61] WARNING: CPU: 1 PID: 61 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  103.715876][ T5910] CPU: 0 PID: 5910 Comm: syz.0.17 Not tainted syzkaller #0
[  103.719758][   T61] Modules linked in:
[  103.719775][   T61] CPU: 1 PID: 61 Comm: kworker/u4:5 Not tainted syzkaller #0
[  103.719796][   T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  103.719810][   T61] Workqueue: events_unbound cfg80211_wiphy_work
[  103.730652][ T5910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  103.730682][ T5910] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  103.730716][ T5910] Code: 48 89 df e8 da 9e d6 f7 e9 dc fc ff ff e8 e0 62 7e f7 eb 24 e8 d9 62 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 c8 62 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ba 62 7e f7 48 8b 7c 24 08 4c 8b 7c
[  103.738032][   T61] 
[  103.738045][   T61] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  103.741952][ T5910] RSP: 0018:ffffc90002e56e00 EFLAGS: 00010293
[  103.754891][   T61] Code: 48 89 df e8 da 9e d6 f7 e9 dc fc ff ff e8 e0 62 7e f7 eb 24 e8 d9 62 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 c8 62 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ba 62 7e f7 48 8b 7c 24 08 4c 8b 7c
[  103.759983][ T5910] 
[  103.759994][ T5910] RAX: ffffffff8a08b95e RBX: 0000000000000001 RCX: ffff88801a3cbc00
[  103.760013][ T5910] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  103.760027][ T5910] RBP: dffffc0000000000 R08: ffffffff911c35c7 R09: 1ffffffff22386b8
[  103.760049][ T5910] R10: dffffc0000000000 R11: fffffbfff22386b9 R12: 0000000000000001
[  103.760066][ T5910] R13: ffff88806096a5d9 R14: ffff888028512c70 R15: ffff888028512ce8
[  103.760083][ T5910] FS:  000055557e602500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  103.760103][ T5910] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.760118][ T5910] CR2: 0000001b33963fff CR3: 000000007eba7000 CR4: 00000000003506f0
[  103.760138][ T5910] Call Trace:
[  103.760158][ T5910]  <TASK>
[  103.760190][ T5910]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  103.760233][ T5910]  ieee80211_csa_finalize+0x5a6/0xf20
[  103.760270][ T5910]  ? ieee80211_csa_finalize_work+0x140/0x140
[  103.760301][ T5910]  ? cfg80211_ch_switch_started_notify+0x253/0x490
[  103.760338][ T5910]  ieee80211_channel_switch+0xad5/0xe70
[  103.760382][ T5910]  ? ieee80211_csa_finalize+0xf20/0xf20
[  103.760419][ T5910]  ? mutex_lock_nested+0x20/0x20
[  103.760445][ T5910]  ? ieee80211_get_channel_khz+0x15b/0x8a0
[  103.767036][   T61] RSP: 0018:ffffc900015c7200 EFLAGS: 00010293
[  103.777152][ T5910]  rdev_channel_switch+0xeb/0x240
[  103.784256][   T61] 
[  103.784266][   T61] RAX: ffffffff8a08b95e RBX: 0000000000000001 RCX: ffff88801e275a00
[  103.804017][ T5910]  nl80211_channel_switch+0xae8/0x1120
[  103.804062][ T5910]  ? genl_family_rcv_msg_doit+0xce/0x310
[  103.806448][   T61] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  103.806466][   T61] RBP: dffffc0000000000 R08: ffffffff911c35c7 R09: 1ffffffff22386b8
[  103.813774][ T5910]  ? __mutex_trylock_common+0x159/0x260
[  103.819868][   T61] R10: dffffc0000000000 R11: fffffbfff22386b9 R12: 0000000000000001
[  103.819887][   T61] R13: ffff888060a425d9 R14: ffff88802922ac70 R15: ffff88802922ace8
[  103.819904][   T61] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  103.840584][ T5910]  ? mutex_unlock+0x10/0x10
[  103.842022][   T61] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.850141][ T5910]  ? nl80211_set_coalesce+0x1340/0x1340
[  103.850226][ T5910]  ? __nla_parse+0x40/0x50
[  103.858256][   T61] CR2: 000055b818dfbed8 CR3: 0000000076c31000 CR4: 00000000003506e0
[  103.866552][ T5910]  ? nl80211_pre_doit+0x4f1/0x930
[  103.866594][ T5910]  genl_family_rcv_msg_doit+0x211/0x310
[  103.874591][   T61] Call Trace:
[  103.882890][ T5910]  ? end_current_label_crit_section+0x170/0x170
[  103.891629][   T61]  <TASK>
[  103.891696][   T61]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  103.898447][ T5910]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  103.906335][   T61]  ieee80211_csa_finalize+0x5a6/0xf20
[  103.909631][ T5910]  ? bpf_lsm_capable+0x9/0x10
[  103.912840][   T61]  ? ieee80211_csa_finalize_work+0x140/0x140
[  103.920087][ T5910]  ? security_capable+0x89/0xb0
[  103.925010][   T61]  ? cfg80211_ch_switch_started_notify+0x253/0x490
[  103.931074][ T5910]  genl_rcv_msg+0x619/0x7a0
[  103.931129][ T5910]  ? genl_bind+0x360/0x360
[  103.937640][   T61]  ieee80211_channel_switch+0xad5/0xe70
[  103.943217][ T5910]  ? nl80211_exit+0x30/0x30
[  103.948882][   T61]  ? ieee80211_csa_finalize+0xf20/0xf20
[  103.953799][ T5910]  ? nl80211_set_coalesce+0x1340/0x1340
[  103.959701][   T61]  ? rcu_is_watching+0x15/0xb0
[  103.966140][ T5910]  ? nl80211_pre_doit+0x930/0x930
[  103.966181][ T5910]  ? ref_tracker_free+0x690/0x840
[  103.966220][ T5910]  netlink_rcv_skb+0x241/0x4d0
[  103.966255][ T5910]  ? genl_bind+0x360/0x360
[  103.966280][ T5910]  ? netlink_ack+0x1180/0x1180
[  103.966328][ T5910]  ? __lock_acquire+0x7d40/0x7d40
[  103.966365][ T5910]  ? down_read+0x1ac/0x2e0
[  103.966391][ T5910]  genl_rcv+0x28/0x40
[  103.966412][ T5910]  netlink_unicast+0x751/0x8d0
[  103.966456][ T5910]  netlink_sendmsg+0x8d0/0xbf0
[  103.971512][   T61]  ? ieee80211_get_channel_khz+0x15b/0x8a0
[  103.973872][ T5910]  ? netlink_getsockopt+0x590/0x590
[  103.982086][   T61]  ieee80211_ibss_process_chanswitch+0x9d6/0xd70
[  103.987626][ T5910]  ? aa_sock_msg_perm+0x94/0x150
[  103.987661][ T5910]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  103.993314][   T61]  ? trace_drv_return_int+0x1c0/0x1c0
[  104.001575][ T5910]  ? security_socket_sendmsg+0x80/0xa0
[  104.001609][ T5910]  ? netlink_getsockopt+0x590/0x590
[  104.009656][   T61]  ? cfg80211_find_elem_match+0x1bc/0x1f0
[  104.009747][   T61]  ? mutex_lock_nested+0x20/0x20
[  104.015322][ T5910]  ____sys_sendmsg+0x5ba/0x960
[  104.023463][   T61]  ieee80211_ibss_rx_queued_mgmt+0x1045/0x2c80
[  104.031507][ T5910]  ? __asan_memset+0x22/0x40
[  104.031546][ T5910]  ? __sys_sendmsg_sock+0x30/0x30
[  104.040831][   T61]  ? ieee80211_ibss_rx_no_sta+0x7a0/0x7a0
[  104.045369][ T5910]  ? __import_iovec+0x5f2/0x850
[  104.052067][   T61]  ? mark_lock+0x94/0x320
[  104.052101][   T61]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  104.057962][ T5910]  ? import_iovec+0x73/0xa0
[  104.062232][   T61]  ? lock_chain_count+0x20/0x20
[  104.070547][ T5910]  ___sys_sendmsg+0x2a6/0x360
[  104.070584][ T5910]  ? __sys_sendmsg+0x2a0/0x2a0
[  104.070616][ T5910]  ? futex_wake+0x3fa/0x4f0
[  104.070655][ T5910]  ? put_user_ifreq+0x85/0xb0
[  104.070707][ T5910]  __se_sys_sendmsg+0x1c2/0x2b0
[  104.070734][ T5910]  ? __x64_sys_sendmsg+0x80/0x80
[  104.070776][ T5910]  ? lockdep_hardirqs_on+0x98/0x150
[  104.070809][ T5910]  do_syscall_64+0x55/0xa0
[  104.070841][ T5910]  ? clear_bhb_loop+0x40/0x90
[  104.070868][ T5910]  ? clear_bhb_loop+0x40/0x90
[  104.075924][   T61]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  104.081928][ T5910]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  104.085061][   T61]  ? kcov_remote_start+0x186/0x7e0
[  104.091387][ T5910] RIP: 0033:0x7f51f539c819
[  104.094389][   T61]  ? lockdep_hardirqs_on+0x98/0x150
[  104.101009][ T5910] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.106915][   T61]  ? skb_dequeue+0x124/0x160
[  104.106950][   T61]  ieee80211_iface_work+0x717/0xc70
[  104.106992][   T61]  ? _raw_spin_unlock_irq+0x23/0x50
[  104.112347][ T5910] RSP: 002b:00007ffe20438c68 EFLAGS: 00000246
[  104.117092][   T61]  cfg80211_wiphy_work+0x225/0x260
[  104.117125][   T61]  ? process_scheduled_works+0x96f/0x15d0
[  104.123218][ T5910]  ORIG_RAX: 000000000000002e
[  104.128476][   T61]  process_scheduled_works+0xa5d/0x15d0
[  104.134993][ T5910] RAX: ffffffffffffffda RBX: 00007f51f5615fa0 RCX: 00007f51f539c819
[  104.139642][   T61]  ? worker_attach_to_pool+0x380/0x380
[  104.144041][ T5910] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  104.149648][   T61]  ? assign_work+0x3d2/0x5d0
[  104.154157][ T5910] RBP: 00007f51f5432c91 R08: 0000000000000000 R09: 0000000000000000
[  104.160226][   T61]  worker_thread+0xa55/0xfc0
[  104.165819][ T5910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.165837][ T5910] R13: 00007f51f5615fac R14: 00007f51f5615fa0 R15: 00007f51f5615fa0
[  104.165874][ T5910]  </TASK>
[  104.165886][ T5910] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  104.165896][ T5910] CPU: 0 PID: 5910 Comm: syz.0.17 Not tainted syzkaller #0
[  104.165915][ T5910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.165926][ T5910] Call Trace:
[  104.165933][ T5910]  <TASK>
[  104.165941][ T5910]  dump_stack_lvl+0x18c/0x250
[  104.166002][ T5910]  ? show_regs_print_info+0x20/0x20
[  104.166120][ T5910]  ? load_image+0x400/0x400
[  104.166249][ T5910]  panic+0x2dc/0x730
[  104.166334][ T5910]  ? bpf_jit_dump+0xd0/0xd0
[  104.166447][ T5910]  __warn+0x2e0/0x470
[  104.166511][ T5910]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  104.166588][ T5910]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  104.166655][ T5910]  report_bug+0x2be/0x4f0
[  104.166710][ T5910]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  104.166779][ T5910]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  104.166848][ T5910]  ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  104.166913][ T5910]  handle_bug+0xcf/0x120
[  104.166967][ T5910]  exc_invalid_op+0x1a/0x50
[  104.167025][ T5910]  asm_exc_invalid_op+0x1a/0x20
[  104.167083][ T5910] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  104.167170][ T5910] Code: 48 89 df e8 da 9e d6 f7 e9 dc fc ff ff e8 e0 62 7e f7 eb 24 e8 d9 62 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 c8 62 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ba 62 7e f7 48 8b 7c 24 08 4c 8b 7c
[  104.167214][ T5910] RSP: 0018:ffffc90002e56e00 EFLAGS: 00010293
[  104.167261][ T5910] RAX: ffffffff8a08b95e RBX: 0000000000000001 RCX: ffff88801a3cbc00
[  104.167303][ T5910] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  104.167336][ T5910] RBP: dffffc0000000000 R08: ffffffff911c35c7 R09: 1ffffffff22386b8
[  104.167372][ T5910] R10: dffffc0000000000 R11: fffffbfff22386b9 R12: 0000000000000001
[  104.167413][ T5910] R13: ffff88806096a5d9 R14: ffff888028512c70 R15: ffff888028512ce8
[  104.167487][ T5910]  ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0
[  104.167648][ T5910]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  104.167737][ T5910]  ieee80211_csa_finalize+0x5a6/0xf20
[  104.167834][ T5910]  ? ieee80211_csa_finalize_work+0x140/0x140
[  104.167907][ T5910]  ? cfg80211_ch_switch_started_notify+0x253/0x490
[  104.167997][ T5910]  ieee80211_channel_switch+0xad5/0xe70
[  104.168107][ T5910]  ? ieee80211_csa_finalize+0xf20/0xf20
[  104.168206][ T5910]  ? mutex_lock_nested+0x20/0x20
[  104.168265][ T5910]  ? ieee80211_get_channel_khz+0x15b/0x8a0
[  104.168343][ T5910]  rdev_channel_switch+0xeb/0x240
[  104.168412][ T5910]  nl80211_channel_switch+0xae8/0x1120
[  104.168488][ T5910]  ? genl_family_rcv_msg_doit+0xce/0x310
[  104.168565][ T5910]  ? __mutex_trylock_common+0x159/0x260
[  104.168621][ T5910]  ? mutex_unlock+0x10/0x10
[  104.168675][ T5910]  ? nl80211_set_coalesce+0x1340/0x1340
[  104.168878][ T5910]  ? __nla_parse+0x40/0x50
[  104.168951][ T5910]  ? nl80211_pre_doit+0x4f1/0x930
[  104.169047][ T5910]  genl_family_rcv_msg_doit+0x211/0x310
[  104.169103][ T5910]  ? end_current_label_crit_section+0x170/0x170
[  104.169190][ T5910]  ? genl_family_rcv_msg_dumpit+0x310/0x310
[  104.169276][ T5910]  ? bpf_lsm_capable+0x9/0x10
[  104.169352][ T5910]  ? security_capable+0x89/0xb0
[  104.169442][ T5910]  genl_rcv_msg+0x619/0x7a0
[  104.169518][ T5910]  ? genl_bind+0x360/0x360
[  104.169563][ T5910]  ? nl80211_exit+0x30/0x30
[  104.169618][ T5910]  ? nl80211_set_coalesce+0x1340/0x1340
[  104.169686][ T5910]  ? nl80211_pre_doit+0x930/0x930
[  104.169753][ T5910]  ? ref_tracker_free+0x690/0x840
[  104.169843][ T5910]  netlink_rcv_skb+0x241/0x4d0
[  104.169917][ T5910]  ? genl_bind+0x360/0x360
[  104.169973][ T5910]  ? netlink_ack+0x1180/0x1180
[  104.170087][ T5910]  ? __lock_acquire+0x7d40/0x7d40
[  104.170188][ T5910]  ? down_read+0x1ac/0x2e0
[  104.170267][ T5910]  genl_rcv+0x28/0x40
[  104.170315][ T5910]  netlink_unicast+0x751/0x8d0
[  104.170425][ T5910]  netlink_sendmsg+0x8d0/0xbf0
[  104.170534][ T5910]  ? netlink_getsockopt+0x590/0x590
[  104.170621][ T5910]  ? aa_sock_msg_perm+0x94/0x150
[  104.170708][ T5910]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  104.170758][ T5910]  ? security_socket_sendmsg+0x80/0xa0
[  104.170778][ T5910]  ? netlink_getsockopt+0x590/0x590
[  104.170810][ T5910]  ____sys_sendmsg+0x5ba/0x960
[  104.170837][ T5910]  ? __asan_memset+0x22/0x40
[  104.170864][ T5910]  ? __sys_sendmsg_sock+0x30/0x30
[  104.170886][ T5910]  ? __import_iovec+0x5f2/0x850
[  104.170915][ T5910]  ? import_iovec+0x73/0xa0
[  104.170938][ T5910]  ___sys_sendmsg+0x2a6/0x360
[  104.170972][ T5910]  ? __sys_sendmsg+0x2a0/0x2a0
[  104.171000][ T5910]  ? futex_wake+0x3fa/0x4f0
[  104.171041][ T5910]  ? put_user_ifreq+0x85/0xb0
[  104.171101][ T5910]  __se_sys_sendmsg+0x1c2/0x2b0
[  104.171106][   T61]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  104.171144][   T61]  ? _raw_spin_unlock+0x40/0x40
[  104.171215][   T61]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  104.171403][   T61]  kthread+0x2fa/0x390
[  104.171454][   T61]  ? pr_cont_work+0x560/0x560
[  104.171532][   T61]  ? kthread_blkcg+0xd0/0xd0
[  104.171580][   T61]  ret_from_fork+0x48/0x80
[  104.171646][   T61]  ? kthread_blkcg+0xd0/0xd0
[  104.171701][   T61]  ret_from_fork_asm+0x11/0x20
[  104.171824][   T61]  </TASK>
[  104.171854][   T61] irq event stamp: 261739
[  104.171869][   T61] hardirqs last  enabled at (261741): [<ffffffff816b6b13>] vprintk_store+0xa33/0xda0
[  104.171979][   T61] hardirqs last disabled at (261742): [<ffffffff816b6270>] vprintk_store+0x190/0xda0
[  104.172056][   T61] softirqs last  enabled at (261716): [<ffffffff81527213>] __irq_exit_rcu+0xd3/0x190
[  104.172122][   T61] softirqs last disabled at (261647): [<ffffffff81527213>] __irq_exit_rcu+0xd3/0x190
[  104.172203][   T61] ---[ end trace 0000000000000000 ]---
[  104.213326][   T61] ------------[ cut here ]------------
[  104.213360][   T61] WARNING: CPU: 1 PID: 61 at net/mac80211/chan.c:1423 ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  104.213460][   T61] Modules linked in:
[  104.213495][   T61] CPU: 1 PID: 61 Comm: kworker/u4:5 Tainted: G        W          syzkaller #0
[  104.213540][   T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.213574][   T61] Workqueue: events_unbound cfg80211_wiphy_work
[  104.213638][   T61] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  104.213689][   T61] Code: df e8 da 9e d6 f7 e9 dc fc ff ff e8 e0 62 7e f7 eb 24 e8 d9 62 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 c8 62 7e f7 0f 0b <0f> 0b e9 cf f5 ff ff e8 ba 62 7e f7 48 8b 7c 24 08 4c 8b 7c 24 30
[  104.213713][   T61] RSP: 0018:ffffc900015c7200 EFLAGS: 00010293
[  104.213775][   T61] RAX: ffffffff8a08b95e RBX: 0000000000000001 RCX: ffff88801e275a00
[  104.213824][   T61] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  104.213870][   T61] RBP: dffffc0000000000 R08: ffffffff911c35c7 R09: 1ffffffff22386b8
[  104.213920][   T61] R10: dffffc0000000000 R11: fffffbfff22386b9 R12: 0000000000000001
[  104.213954][   T61] R13: ffff888060a425d9 R14: ffff88802922ac70 R15: ffff88802922ace8
[  104.213989][   T61] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  104.214034][   T61] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.214069][   T61] CR2: 000055b818dfbed8 CR3: 0000000018ab6000 CR4: 00000000003506e0
[  104.214110][   T61] Call Trace:
[  104.214124][   T61]  <TASK>
[  104.214183][   T61]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  104.214269][   T61]  ieee80211_csa_finalize+0x5a6/0xf20
[  104.214358][   T61]  ? ieee80211_csa_finalize_work+0x140/0x140
[  104.214438][   T61]  ? cfg80211_ch_switch_started_notify+0x253/0x490
[  104.214527][   T61]  ieee80211_channel_switch+0xad5/0xe70
[  104.214628][   T61]  ? ieee80211_csa_finalize+0xf20/0xf20
[  104.214713][   T61]  ? rcu_is_watching+0x15/0xb0
[  104.214780][   T61]  ? ieee80211_get_channel_khz+0x15b/0x8a0
[  104.214893][   T61]  ieee80211_ibss_process_chanswitch+0x9d6/0xd70
[  104.214973][   T61]  ? trace_drv_return_int+0x1c0/0x1c0
[  104.215026][   T61]  ? cfg80211_find_elem_match+0x1bc/0x1f0
[  104.215240][   T61]  ? mutex_lock_nested+0x20/0x20
[  104.215369][   T61]  ieee80211_ibss_rx_queued_mgmt+0x1045/0x2c80
[  104.215492][   T61]  ? ieee80211_ibss_rx_no_sta+0x7a0/0x7a0
[  104.215579][   T61]  ? mark_lock+0x94/0x320
[  104.215646][   T61]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  104.215723][   T61]  ? lock_chain_count+0x20/0x20
[  104.215771][   T61]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  104.215857][   T61]  ? kcov_remote_start+0x186/0x7e0
[  104.215927][   T61]  ? lockdep_hardirqs_on+0x98/0x150
[  104.216007][   T61]  ? skb_dequeue+0x124/0x160
[  104.216475][   T61]  ieee80211_iface_work+0x717/0xc70
[  104.216542][   T61]  ? _raw_spin_unlock_irq+0x23/0x50
[  104.216647][   T61]  cfg80211_wiphy_work+0x225/0x260
[  104.216728][   T61]  ? process_scheduled_works+0x96f/0x15d0
[  104.216797][   T61]  process_scheduled_works+0xa5d/0x15d0
[  104.216962][   T61]  ? worker_attach_to_pool+0x380/0x380
[  104.217052][   T61]  ? assign_work+0x3d2/0x5d0
[  104.217126][   T61]  worker_thread+0xa55/0xfc0
[  104.217196][   T61]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  104.217261][   T61]  ? _raw_spin_unlock+0x40/0x40
[  104.217314][   T61]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  104.217444][   T61]  kthread+0x2fa/0x390
[  104.217492][   T61]  ? pr_cont_work+0x560/0x560
[  104.217566][   T61]  ? kthread_blkcg+0xd0/0xd0
[  104.217614][   T61]  ret_from_fork+0x48/0x80
[  104.217680][   T61]  ? kthread_blkcg+0xd0/0xd0
[  104.217735][   T61]  ret_from_fork_asm+0x11/0x20
[  104.217857][   T61]  </TASK>
[  104.217877][   T61] irq event stamp: 261891
[  104.217891][   T61] hardirqs last  enabled at (261893): [<ffffffff816b6b13>] vprintk_store+0xa33/0xda0
[  104.217982][   T61] hardirqs last disabled at (261894): [<ffffffff816b6270>] vprintk_store+0x190/0xda0
[  104.218051][   T61] softirqs last  enabled at (261854): [<ffffffff81527213>] __irq_exit_rcu+0xd3/0x190
[  104.218117][   T61] softirqs last disabled at (261841): [<ffffffff81527213>] __irq_exit_rcu+0xd3/0x190
[  104.218180][   T61] ---[ end trace 0000000000000000 ]---
[  104.253251][   T61] wlan1: failed to finalize CSA, disconnecting
[  105.466972][ T5910]  ? __x64_sys_sendmsg+0x80/0x80
[  105.471959][ T5910]  ? lockdep_hardirqs_on+0x98/0x150
[  105.477569][ T5910]  do_syscall_64+0x55/0xa0
[  105.482022][ T5910]  ? clear_bhb_loop+0x40/0x90
[  105.486819][ T5910]  ? clear_bhb_loop+0x40/0x90
[  105.491541][ T5910]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  105.497469][ T5910] RIP: 0033:0x7f51f539c819
[  105.501950][ T5910] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  105.521697][ T5910] RSP: 002b:00007ffe20438c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  105.530178][ T5910] RAX: ffffffffffffffda RBX: 00007f51f5615fa0 RCX: 00007f51f539c819
[  105.538203][ T5910] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  105.546198][ T5910] RBP: 00007f51f5432c91 R08: 0000000000000000 R09: 0000000000000000
[  105.554197][ T5910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.562214][ T5910] R13: 00007f51f5615fac R14: 00007f51f5615fa0 R15: 00007f51f5615fa0
[  105.570241][ T5910]  </TASK>
[  105.573854][ T5910] Kernel Offset: disabled
[  105.578249][ T5910] Rebooting in 86400 seconds..