------------[ cut here ]------------
!local->started
WARNING: net/mac80211/rx.c:5462 at ieee80211_rx_list+0x2918/0x3710 net/mac80211/rx.c:5462, CPU#0: kworker/u8:9/10945
Modules linked in:
CPU: 0 UID: 0 PID: 10945 Comm: kworker/u8:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue:  0x0 (events_unbound)
RIP: 0010:ieee80211_rx_list+0x2918/0x3710 net/mac80211/rx.c:5462
Code: 90 e9 70 df ff ff e8 77 96 90 f6 e9 66 df ff ff e8 6d 96 90 f6 e9 5c df ff ff e8 63 96 90 f6 e9 52 df ff ff e8 59 96 90 f6 90 <0f> 0b 90 e9 44 df ff ff e8 4b 96 90 f6 48 c7 44 24 68 00 00 00 00
RSP: 0018:ffffc90000007b20 EFLAGS: 00010246
RAX: ffffffff8b365cd7 RBX: ffff888084581625 RCX: ffff8880586bdb80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffffc90000007d90 R08: ffffffff8b366bb3 R09: ffffffff8eb5d6a0
R10: 0000000000000002 R11: 0000000000000100 R12: ffff88807a8bc500
R13: dffffc0000000000 R14: ffff888084583108 R15: ffffffff8b366bb3
FS:  0000000000000000(0000) GS:ffff888124de2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3001eff8 CR3: 000000008367c000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 ieee80211_rx_napi+0x1b1/0x3e0 net/mac80211/rx.c:5602
 ieee80211_rx include/net/mac80211.h:5271 [inline]
 ieee80211_handle_queued_frames+0xe8/0x1e0 net/mac80211/main.c:452
 tasklet_action_common+0x2da/0x4b0 kernel/softirq.c:942
 handle_softirqs+0x22a/0x870 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x220 kernel/softirq.c:739
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:756
 common_interrupt+0xbb/0xe0 arch/x86/kernel/irq.c:326
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688
RIP: 0010:finish_task_switch+0x427/0xbe0 kernel/sched/core.c:5209
Code: 41 c7 84 24 e0 0d 00 00 00 00 00 00 0f 1f 44 00 00 49 83 c4 48 4c 89 e7 e8 86 be 2b 0a e8 61 d7 38 00 fb 49 8d bd 68 16 00 00 <48> 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 7b 03 00 00 41 80
RSP: 0018:ffffc900042a7a30 EFLAGS: 00000202
RAX: 00000000000044a1 RBX: 1ffff1101708776c RCX: 0000000080000001
RDX: 0000000000000000 RSI: ffffffff8e257836 RDI: ffff8880586bf1e8
RBP: ffffc900042a7a90 R08: ffffffff905441f7 R09: 1ffffffff20a883e
R10: dffffc0000000000 R11: fffffbfff20a883f R12: ffff8880b843adc8
R13: ffff8880586bdb80 R14: ffff88801dec3d00 R15: dffffc0000000000
 context_switch kernel/sched/core.c:5355 [inline]
 __schedule+0x166d/0x5590 kernel/sched/core.c:6964
 __schedule_loop kernel/sched/core.c:7047 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7062
 worker_thread+0xe08/0x11e0 kernel/workqueue.c:3481
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	41 c7 84 24 e0 0d 00 	movl   $0x0,0xde0(%r12)
   7:	00 00 00 00 00
   c:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  11:	49 83 c4 48          	add    $0x48,%r12
  15:	4c 89 e7             	mov    %r12,%rdi
  18:	e8 86 be 2b 0a       	call   0xa2bbea3
  1d:	e8 61 d7 38 00       	call   0x38d783
  22:	fb                   	sti
  23:	49 8d bd 68 16 00 00 	lea    0x1668(%r13),%rdi
* 2a:	48 89 f8             	mov    %rdi,%rax <-- trapping instruction
  2d:	48 c1 e8 03          	shr    $0x3,%rax
  31:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax
  36:	84 c0                	test   %al,%al
  38:	0f 85 7b 03 00 00    	jne    0x3b9
  3e:	41                   	rex.B
  3f:	80                   	.byte 0x80