------------[ cut here ]------------
WARNING: CPU: 0 PID: 6054 at net/mac80211/tx.c:5040 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
WARNING: CPU: 0 PID: 6054 at net/mac80211/tx.c:5040 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
WARNING: CPU: 0 PID: 6054 at net/mac80211/tx.c:5040 __ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5469
Modules linked in:
CPU: 0 UID: 0 PID: 6054 Comm: syz-executor192 Not tainted 6.14.0-rc5-syzkaller-00039-g848e07631744 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
RIP: 0010:__ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5469
Code: 00 89 df 44 89 e6 e8 63 f9 e0 f6 44 38 e3 72 a1 e8 79 ff e0 f6 48 89 ef e8 d1 68 39 f7 31 ed e9 9c fe ff ff e8 65 ff e0 f6 90 <0f> 0b 90 e9 86 f6 ff ff 48 89 c6 48 c7 c7 20 e4 2f 90 48 89 04 24
RSP: 0018:ffffc90000007b70 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8ad8e8e2
RDX: ffff88802b322440 RSI: ffffffff8ad8f25b RDI: 0000000000000001
RBP: ffffc90000007c20 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000002 R12: ffff888025afac00
R13: 0000000000000041 R14: ffff888029408d80 R15: ffff88802940a9d0
FS: 0000000000000000(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1ef9832270 CR3: 000000000df80000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee80211_beacon_get_tim+0xa7/0x280 net/mac80211/tx.c:5596
ieee80211_beacon_get include/net/mac80211.h:5641 [inline]
mac80211_hwsim_beacon_tx+0x4ea/0xa10 drivers/net/wireless/virtual/mac80211_hwsim.c:2311
__iterate_interfaces+0x2e5/0x640 net/mac80211/util.c:760
ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 net/mac80211/util.c:796
mac80211_hwsim_beacon+0x105/0x200 drivers/net/wireless/virtual/mac80211_hwsim.c:2345
__run_hrtimer kernel/time/hrtimer.c:1801 [inline]
__hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1865
hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1882
handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:135 [inline]
RIP: 0010:cpumask_check include/linux/cpumask.h:142 [inline]
RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:570 [inline]
RIP: 0010:cpu_online include/linux/cpumask.h:1116 [inline]
RIP: 0010:trace_lock_release include/trace/events/lock.h:69 [inline]
RIP: 0010:lock_release+0x85/0x6f0 kernel/locking/lockdep.c:5862
Code: c7 40 08 04 f3 f3 f3 65 48 8b 04 25 28 00 00 00 48 89 84 24 88 00 00 00 31 c0 0f 1f 44 00 00 48 c7 c5 4c d9 03 00 65 8b 6d 00 <83> fd 07 0f 87 22 05 00 00 89 ed be 08 00 00 00 48 89 e8 48 c1 e8
RSP: 0018:ffffc9000172f528 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 1ffff920002e5ea7 RCX: ffffffff81f046cc
RDX: 1ffff11005c5ed84 RSI: ffffffff81f046a9 RDI: ffff88802e2f6a98
RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000001000
R10: ffff888038cf0dc2 R11: 0000000000000002 R12: ffff88802e2f6a98
R13: 0000000000000002 R14: 0000000000000000 R15: ffffc9000172f8a8
__raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
_raw_spin_unlock+0x16/0x50 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
filemap_remove_folio+0x199/0x250 mm/filemap.c:260
truncate_inode_folio+0x49/0x70 mm/truncate.c:162
shmem_undo_range+0x36e/0x1170 mm/shmem.c:1108
shmem_truncate_range mm/shmem.c:1224 [inline]
shmem_evict_inode+0x3a3/0xba0 mm/shmem.c:1352
evict+0x409/0x960 fs/inode.c:796
iput_final fs/inode.c:1946 [inline]
iput fs/inode.c:1972 [inline]
iput+0x52a/0x890 fs/inode.c:1958
dentry_unlink_inode+0x29c/0x480 fs/dcache.c:440
__dentry_kill+0x1d0/0x600 fs/dcache.c:643
dput.part.0+0x4b1/0x9b0 fs/dcache.c:885
dput+0x1f/0x30 fs/dcache.c:875
__fput+0x51c/0xb70 fs/file_table.c:472
task_work_run+0x14e/0x250 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0xad8/0x2d70 kernel/exit.c:938
do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
__do_sys_exit_group kernel/exit.c:1098 [inline]
__se_sys_exit_group kernel/exit.c:1096 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096
x64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1ef97afd19
Code: Unable to access opcode bytes at 0x7f1ef97afcef.
RSP: 002b:00007ffe99fa6658 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ef97afd19
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f1ef9830390 R08: ffffffffffffffb8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ef9830390
R13: 0000000000000000 R14: 00007f1ef9831e60 R15: 00007f1ef9780120
----------------
Code disassembly (best guess):
0: c7 40 08 04 f3 f3 f3 movl $0xf3f3f304,0x8(%rax)
7: 65 48 8b 04 25 28 00 mov %gs:0x28,%rax
e: 00 00
10: 48 89 84 24 88 00 00 mov %rax,0x88(%rsp)
17: 00
18: 31 c0 xor %eax,%eax
1a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
1f: 48 c7 c5 4c d9 03 00 mov $0x3d94c,%rbp
26: 65 8b 6d 00 mov %gs:0x0(%rbp),%ebp
* 2a: 83 fd 07 cmp $0x7,%ebp <-- trapping instruction
2d: 0f 87 22 05 00 00 ja 0x555
33: 89 ed mov %ebp,%ebp
35: be 08 00 00 00 mov $0x8,%esi
3a: 48 89 e8 mov %rbp,%rax
3d: 48 rex.W
3e: c1 .byte 0xc1
3f: e8 .byte 0xe8