syzbot

WARNING: CPU: 1 PID: 8738 at net/mac80211/tx.c:4154 __ieee80211_csa_update_counter net/mac80211/tx.c:4154 [inline]
WARNING: CPU: 1 PID: 8738 at net/mac80211/tx.c:4154 __ieee80211_csa_update_counter net/mac80211/tx.c:4149 [inline]
WARNING: CPU: 1 PID: 8738 at net/mac80211/tx.c:4154 __ieee80211_beacon_get+0x1678/0x1a30 net/mac80211/tx.c:4347
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 8738 Comm: syz-executor152 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 panic+0x26a/0x50e kernel/panic.c:186
 __warn.cold+0x20/0x5a kernel/panic.c:541
 report_bug+0x262/0x2b0 lib/bug.c:183
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:__ieee80211_csa_update_counter net/mac80211/tx.c:4154 [inline]
RIP: 0010:__ieee80211_csa_update_counter net/mac80211/tx.c:4149 [inline]
RIP: 0010:__ieee80211_beacon_get+0x1678/0x1a30 net/mac80211/tx.c:4347
Code: 85 70 03 00 00 41 0f b6 45 24 31 ff 44 8d 60 ff 45 88 65 24 44 89 e6 e8 e6 9f bf f9 45 84 e4 0f 85 4f f5 ff ff e8 a8 9e bf f9 <0f> 0b e9 43 f5 ff ff e8 9c 9e bf f9 e8 c7 c6 ad f9 31 ff 41 89 c4
RSP: 0018:ffff8880ba107c18 EFLAGS: 00010206
RAX: ffff8880a53d8200 RBX: ffff888098752cf8 RCX: ffffffff87a2e6ba
RDX: 0000000000000100 RSI: ffffffff87a2e6c8 RDI: 0000000000000001
RBP: ffff888096e113c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b30bb400 R14: 0000000000000000 R15: ffff8880ba107d60
 ieee80211_beacon_get_tim+0x88/0x890 net/mac80211/tx.c:4463
 ieee80211_beacon_get include/net/mac80211.h:4484 [inline]
 mac80211_hwsim_beacon_tx+0xff/0x680 drivers/net/wireless/mac80211_hwsim.c:1577
 __iterate_interfaces+0x2e1/0x4a0 net/mac80211/util.c:614
 ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 net/mac80211/util.c:650
 mac80211_hwsim_beacon+0xc9/0x190 drivers/net/wireless/mac80211_hwsim.c:1615
 __tasklet_hrtimer_trampoline+0x29/0xa0 kernel/softirq.c:601
 tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:___sys_recvmsg+0x389/0x570 net/socket.c:2409
Code: 03 80 3c 02 00 0f 85 f7 01 00 00 31 ff 44 89 fe 48 8b 5b 38 e8 78 ab f4 fa 45 85 ff 0f 88 28 01 00 00 e8 fa a9 f4 fa 0f 01 cb <48> 89 d8 31 db 48 2b 44 24 30 49 89 45 28 0f 01 ca 48 63 db e8 de
RSP: 0018:ffff88808f5afa70 EFLAGS: 00040293 ORIG_RAX: ffffffffffffff13
RAX: ffff8880a53d8200 RBX: 0000000000000000 RCX: ffffffff866ddb68
RDX: 0000000000000000 RSI: ffffffff866ddb76 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
R13: 00000000201ae0c0 R14: 0000000000000000 R15: 0000000000000002
 __sys_recvmmsg+0x254/0x6d0 net/socket.c:2501
 do_sys_recvmmsg+0x172/0x190 net/socket.c:2577
 __do_sys_recvmmsg net/socket.c:2595 [inline]
 __se_sys_recvmmsg net/socket.c:2591 [inline]
 __x64_sys_recvmmsg+0xba/0x150 net/socket.c:2591
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb6d4bade89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb6d4b3c308 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00007fb6d4c364f8 RCX: 00007fb6d4bade89
RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00007fb6d4c364f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 00007fb6d4c364fc
R13: 00007fb6d4c033b4 R14: 0031313230386c6e R15: 0000000000022000
Kernel Offset: disabled
Rebooting in 86400 seconds..
----------------
Code disassembly (best guess):
   0:	03 80 3c 02 00 0f    	add    0xf00023c(%rax),%eax
   6:	85 f7                	test   %esi,%edi
   8:	01 00                	add    %eax,(%rax)
   a:	00 31                	add    %dh,(%rcx)
   c:	ff 44 89 fe          	incl   -0x2(%rcx,%rcx,4)
  10:	48 8b 5b 38          	mov    0x38(%rbx),%rbx
  14:	e8 78 ab f4 fa       	callq  0xfaf4ab91
  19:	45 85 ff             	test   %r15d,%r15d
  1c:	0f 88 28 01 00 00    	js     0x14a
  22:	e8 fa a9 f4 fa       	callq  0xfaf4aa21
  27:	0f 01 cb             	stac
* 2a:	48 89 d8             	mov    %rbx,%rax <-- trapping instruction
  2d:	31 db                	xor    %ebx,%ebx
  2f:	48 2b 44 24 30       	sub    0x30(%rsp),%rax
  34:	49 89 45 28          	mov    %rax,0x28(%r13)
  38:	0f 01 ca             	clac
  3b:	48 63 db             	movslq %ebx,%rbx
  3e:	e8                   	.byte 0xe8
  3f:	de                   	.byte 0xde