------------[ cut here ]------------
in_task() && kcov_mode_enabled(mode)
WARNING: kernel/kcov.c:884 at kcov_remote_start+0x527/0x7a0 kernel/kcov.c:884, CPU#1: syz.3.579/7937
Modules linked in:
CPU: 1 UID: 0 PID: 7937 Comm: syz.3.579 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:kcov_remote_start+0x527/0x7a0 kernel/kcov.c:884
Code: 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d e9 00 87 e8 02 e8 eb 88 e7 09 f7 c3 00 02 00 00 0f 84 0c fb ff ff e9 72 fc ff ff 90 <0f> 0b 90 e8 e1 a2 e7 09 89 c0 48 c7 c7 08 1f 1c 93 48 03 3c c5 90
RSP: 0000:ffffc90003b16a78 EFLAGS: 00010002
RAX: 0000000080000200 RBX: 0000000000000246 RCX: 0000000000000002
RDX: 0000000000000003 RSI: ffffffff8e16297b RDI: ffffffff8c27a880
RBP: ffffc90003b16d10 R08: ffffc90003b16880 R09: 0000000000000020
R10: dffffc0000000000 R11: ffffffff81a1e900 R12: ffff8880b8728f08
R13: ffffffff81c59518 R14: ffff88802d05dac0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125567000(0063) knlGS:00000000f53fdb40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f71652e0 CR3: 0000000035992000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 kcov_remote_start_common include/linux/kcov.h:50 [inline]
 ieee80211_rx_list+0xae6/0x3710 net/mac80211/rx.c:5570
 ieee80211_rx_napi+0x1b1/0x3e0 net/mac80211/rx.c:5611
 ieee80211_rx include/net/mac80211.h:5267 [inline]
 ieee80211_handle_queued_frames+0xe8/0x1e0 net/mac80211/main.c:452
 ieee80211_stop_device+0x3e/0xf0 net/mac80211/util.c:1622
 ieee80211_do_stop+0x17fc/0x2010 net/mac80211/iface.c:738
 ieee80211_stop+0x1b1/0x240 net/mac80211/iface.c:832
 __dev_close_many+0x368/0x6d0 net/core/dev.c:1775
 netif_close_many+0x225/0x420 net/core/dev.c:1800
 netif_close+0x160/0x220 net/core/dev.c:1817
 dev_close+0x10a/0x220 net/core/dev_api.c:220
 nl80211_del_interface+0xd2/0x140 net/wireless/nl80211.c:4852
 genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1114
 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
 genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xa68/0xad0 net/socket.c:2592
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2646
 __sys_sendmsg+0x183/0x260 net/socket.c:2678
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 __do_fast_syscall_32+0x20d/0x640 arch/x86/entry/syscall_32.c:307
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf700ef6c
Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
RSP: 002b:00000000f53fd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	85 d2                	test   %edx,%edx
   3:	74 0a                	je     0xf
   5:	89 ce                	mov    %ecx,%esi
   7:	81 e6 ff 0f 00 00    	and    $0xfff,%esi
   d:	89 32                	mov    %esi,(%rdx)
   f:	85 c0                	test   %eax,%eax
  11:	74 05                	je     0x18
  13:	c1 e9 0c             	shr    $0xc,%ecx
  16:	89 08                	mov    %ecx,(%rax)
  18:	31 c0                	xor    %eax,%eax
  1a:	5e                   	pop    %rsi
  1b:	5d                   	pop    %rbp
  1c:	c3                   	ret
  1d:	90                   	nop
  1e:	0f 1f 00             	nopl   (%rax)
  21:	51                   	push   %rcx
  22:	52                   	push   %rdx
  23:	55                   	push   %rbp
  24:	89 e5                	mov    %esp,%ebp
  26:	0f 34                	sysenter
  28:	cd 80                	int    $0x80
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	ret
  2e:	58                   	pop    %rax
  2f:	b8 77 00 00 00       	mov    $0x77,%eax
  34:	cd 80                	int    $0x80
  36:	0f 0b                	ud2
  38:	90                   	nop
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	b8                   	.byte 0xb8
  3f:	ad                   	lods   %ds:(%rsi),%eax