netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.7:4637]
Modules linked in:
irq event stamp: 5618909
hardirqs last  enabled at (5618908): [<ffffffff84000d02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
hardirqs last disabled at (5618909): [<ffffffff83e5e28b>] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094
softirqs last  enabled at (5574908): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
softirqs last disabled at (5574911): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
CPU: 1 PID: 4637 Comm: syz-executor.7 Not tainted 5.10.224 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lock_acquire+0x1b9/0x470 kernel/locking/lockdep.c:5534
Code: 45 db 7e e8 39 91 ff ff b8 ff ff ff ff 48 83 c4 20 65 0f c1 05 f8 44 db 7e 83 f8 01 4c 8b 54 24 08 0f 85 48 02 00 00 41 52 9d <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffff88806cf09ac0 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff1100d9e135a RCX: 0000000000e45a65
RDX: 1ffff11008ee17b8 RSI: c2be682c00bf480b RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff868686e7
R10: 0000000000000246 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000000 R14: ffffffff84ff8c20 R15: 0000000000000000
FS:  00007f8e159f6700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005038 CR3: 0000000048568000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 rcu_lock_acquire include/linux/rcupdate.h:303 [inline]
 rcu_read_lock include/linux/rcupdate.h:717 [inline]
 ieee80211_get_buffered_bc+0xb6/0x8a0 net/mac80211/tx.c:5295
 mac80211_hwsim_beacon_tx+0x4dd/0x940 drivers/net/wireless/mac80211_hwsim.c:1773
 __iterate_interfaces+0x1f0/0x550 net/mac80211/util.c:792
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0 net/mac80211/util.c:828
 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1793
 __run_hrtimer kernel/time/hrtimer.c:1584 [inline]
 __hrtimer_run_queues+0x632/0xb40 kernel/time/hrtimer.c:1648
 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1665
 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:lock_acquire+0x1b9/0x470 kernel/locking/lockdep.c:5534
Code: 45 db 7e e8 39 91 ff ff b8 ff ff ff ff 48 83 c4 20 65 0f c1 05 f8 44 db 7e 83 f8 01 4c 8b 54 24 08 0f 85 48 02 00 00 41 52 9d <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffff888049b0e5c8 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff11009361cbb RCX: 00000000973d5c17
RDX: 1ffff11008ee17b8 RSI: 56921b07051d0604 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff868686e7
R10: 0000000000000246 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000000 R14: ffffffff84ff8c20 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:303 [inline]
 rcu_read_lock include/linux/rcupdate.h:717 [inline]
 ext4_get_group_desc+0x11e/0x560 fs/ext4/balloc.c:284
 ext4_mb_prefetch+0x170/0x520 fs/ext4/mballoc.c:2258
 ext4_mb_regular_allocator+0xfa2/0x2320 fs/ext4/mballoc.c:2427
 ext4_mb_new_blocks+0x20a1/0x45c0 fs/ext4/mballoc.c:5243
 ext4_new_meta_blocks+0x1e1/0x320 fs/ext4/balloc.c:732
 ext4_alloc_branch fs/ext4/indirect.c:342 [inline]
 ext4_ind_map_blocks+0x95d/0x2150 fs/ext4/indirect.c:633
 ext4_map_blocks+0x902/0x1910 fs/ext4/inode.c:674
 mpage_map_one_extent fs/ext4/inode.c:2438 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2491 [inline]
 ext4_writepages+0x19bf/0x3350 fs/ext4/inode.c:2859
 do_writepages+0xee/0x2a0 mm/page-writeback.c:2374
 __filemap_fdatawrite_range+0x24b/0x2f0 mm/filemap.c:422
 file_write_and_wait_range+0xb6/0x130 mm/filemap.c:761
 ext4_sync_file+0x225/0xde0 fs/ext4/fsync.c:151
 vfs_fsync_range+0x13d/0x230 fs/sync.c:202
 generic_write_sync include/linux/fs.h:2842 [inline]
 ext4_buffered_write_iter+0x34b/0x4a0 fs/ext4/file.c:276
 ext4_dio_write_iter fs/ext4/file.c:590 [inline]
 ext4_file_write_iter+0xc11/0x18d0 fs/ext4/file.c:681
 call_write_iter include/linux/fs.h:2002 [inline]
 do_iter_readv_writev+0x476/0x750 fs/read_write.c:740
 do_iter_write+0x191/0x700 fs/read_write.c:866
 vfs_iter_write+0x70/0xa0 fs/read_write.c:907
 iter_file_splice_write+0x762/0xc30 fs/splice.c:686
 do_splice_from fs/splice.c:764 [inline]
 direct_splice_actor+0x10f/0x170 fs/splice.c:933
 splice_direct_to_actor+0x387/0x980 fs/splice.c:888
 do_splice_direct+0x1c4/0x290 fs/splice.c:976
 generic_copy_file_range fs/read_write.c:1386 [inline]
 vfs_copy_file_range+0x4f8/0x13c0 fs/read_write.c:1532
 __do_sys_copy_file_range+0x193/0x420 fs/read_write.c:1589
 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f8e18480b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8e159f6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
RAX: ffffffffffffffda RBX: 00007f8e18593f60 RCX: 00007f8e18480b19
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 00007f8e184daf6d R08: 000000000200f5ef R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffe91bd16f R14: 00007f8e159f6300 R15: 0000000000022000
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4630 Comm: syz-executor.5 Not tainted 5.10.224 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:pte_pfn arch/x86/include/asm/pgtable.h:215 [inline]
RIP: 0010:vm_normal_page+0xbb/0x2e0 mm/memory.c:597
Code: e0 ff 4d 85 f6 74 79 e8 23 cf e0 ff 4c 89 f3 45 89 f7 31 ff 83 e3 01 41 81 e7 00 02 00 00 48 89 de 48 83 eb 01 e8 75 c8 e0 ff <4c> 31 f3 31 ff 44 89 fe 48 c1 e3 0c 48 c1 eb 18 e8 40 c8 e0 ff 45
RSP: 0018:ffff88804967f6c0 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815fd65b
RDX: 0000000000000001 RSI: ffff88804795cec0 RDI: 0000000000000007
RBP: 1ffff110092cfed9 R08: 0000000000000000 R09: ffff88804795cec7
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801cd20300
R13: 00007f24ab364000 R14: 8000000043468007 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00069a000 CR3: 000000000bdc0000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 zap_pte_range mm/memory.c:1260 [inline]
 zap_pmd_range mm/memory.c:1404 [inline]
 zap_pud_range mm/memory.c:1433 [inline]
 zap_p4d_range mm/memory.c:1454 [inline]
 unmap_page_range+0xdb5/0x1fe0 mm/memory.c:1475
 unmap_single_vma+0x198/0x300 mm/memory.c:1520
 unmap_vmas+0x16d/0x300 mm/memory.c:1552
 exit_mmap+0x27f/0x4f0 mm/mmap.c:3235
 __mmput kernel/fork.c:1101 [inline]
 mmput+0xca/0x340 kernel/fork.c:1122
 exit_mm kernel/exit.c:536 [inline]
 do_exit+0xa96/0x2600 kernel/exit.c:847
 do_group_exit+0x125/0x310 kernel/exit.c:982
 get_signal+0x4bc/0x2350 kernel/signal.c:2759
 arch_do_signal_or_restart+0x2b7/0x1990 arch/x86/kernel/signal.c:805
 handle_signal_work kernel/entry/common.c:145 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:169 [inline]
 exit_to_user_mode_prepare+0x10f/0x190 kernel/entry/common.c:199
 syscall_exit_to_user_mode+0x38/0x1d0 kernel/entry/common.c:274
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f24acef2b19
Code: Unable to access opcode bytes at RIP 0x7f24acef2aef.
RSP: 002b:00007f24aa468188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
RAX: fffffffffffffe00 RBX: 00007f24ad005f60 RCX: 00007f24acef2b19
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000008
RBP: 00007f24acf4cf6d R08: 000000000200f5ef R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc8c43434f R14: 00007f24aa468300 R15: 0000000000022000
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	e8 39 91 ff ff       	callq  0xffff913e
   5:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
   a:	48 83 c4 20          	add    $0x20,%rsp
   e:	65 0f c1 05 f8 44 db 	xadd   %eax,%gs:0x7edb44f8(%rip)        # 0x7edb450e
  15:	7e
  16:	83 f8 01             	cmp    $0x1,%eax
  19:	4c 8b 54 24 08       	mov    0x8(%rsp),%r10
  1e:	0f 85 48 02 00 00    	jne    0x26c
  24:	41 52                	push   %r10
  26:	9d                   	popfq
* 27:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  2e:	fc ff df
  31:	48 01 c3             	add    %rax,%rbx
  34:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  3b:	48                   	rex.W
  3c:	c7                   	.byte 0xc7