------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at net/mac80211/tx.c:5024 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5024 [inline]
WARNING: CPU: 1 PID: 0 at net/mac80211/tx.c:5024 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5019 [inline]
WARNING: CPU: 1 PID: 0 at net/mac80211/tx.c:5024 __ieee80211_beacon_get+0x14f4/0x1720 net/mac80211/tx.c:5453
Modules linked in:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5024 [inline]
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5019 [inline]
RIP: 0010:__ieee80211_beacon_get+0x14f4/0x1720 net/mac80211/tx.c:5453
Code: 24 89 df 89 ee e8 2c ef bc f6 40 38 eb 72 a2 e8 02 f5 bc f6 4c 89 e7 e8 8a c5 18 f7 45 31 e4 e9 9b fe ff ff e8 ed f4 bc f6 90 <0f> 0b 90 e9 3e f6 ff ff 48 89 c6 48 c7 c7 e0 0b 75 90 48 89 44 24
RSP: 0018:ffffc90000a08b70 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888057f369d0 RCX: ffffffff8aff1d81
RDX: ffff88801e6b2440 RSI: ffffffff8aff2743 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffc90000a08c28
R13: ffff88802a1dbc00 R14: 0000000000000041 R15: ffff888057f36500
FS: 0000000000000000(0000) GS:ffff888124853000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f806ff8 CR3: 0000000033cde000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee80211_beacon_get_tim+0xa6/0x280 net/mac80211/tx.c:5580
ieee80211_beacon_get include/net/mac80211.h:5638 [inline]
mac80211_hwsim_beacon_tx+0x4d9/0xa40 drivers/net/wireless/virtual/mac80211_hwsim.c:2319
__iterate_interfaces+0x2e5/0x650 net/mac80211/util.c:761
ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 net/mac80211/util.c:797
mac80211_hwsim_beacon+0x105/0x200 drivers/net/wireless/virtual/mac80211_hwsim.c:2353
__run_hrtimer kernel/time/hrtimer.c:1761 [inline]
__hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1825
hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1842
handle_softirqs+0x216/0x8e0 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:do_idle+0x110/0x510 kernel/sched/idle.c:327
Code: 16 0f 0f 83 05 02 00 00 e8 6d 80 ce ff 8b 05 f3 1b 16 0f 85 c0 75 09 e8 ae 0e ee 09 85 c0 74 3d e8 a5 37 1b 00 e8 30 28 ee 09 7b fe ff ff 80 7d 00 00 0f 85 35 03 00 00 49 8b 45 00 a8 08 0f
RSP: 0018:ffffc90000197e10 EFLAGS: 00000206
RAX: 000000000015b587 RBX: 0000000000000001 RCX: ffffffff81c3ebdf
RDX: 0000000000000000 RSI: ffffffff8de1a120 RDI: ffffffff8c1579e0
RBP: ffffed1003cd6488 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90a81557 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88801e6b2440 R14: ffffffff90a81550 R15: 0000000000000000
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148
----------------
Code disassembly (best guess), 2 bytes skipped:
0: 0f 83 05 02 00 00 jae 0x20b
6: e8 6d 80 ce ff call 0xffce8078
b: 8b 05 f3 1b 16 0f mov 0xf161bf3(%rip),%eax # 0xf161c04
11: 85 c0 test %eax,%eax
13: 75 09 jne 0x1e
15: e8 ae 0e ee 09 call 0x9ee0ec8
1a: 85 c0 test %eax,%eax
1c: 74 3d je 0x5b
1e: e8 a5 37 1b 00 call 0x1b37c8
23: e8 30 28 ee 09 call 0x9ee2858
* 28: e8 7b fe ff ff call 0xfffffea8 <-- trapping instruction
2d: 80 7d 00 00 cmpb $0x0,0x0(%rbp)
31: 0f 85 35 03 00 00 jne 0x36c
37: 49 8b 45 00 mov 0x0(%r13),%rax
3b: a8 08 test $0x8,%al
3d: 0f .byte 0xf