------------[ cut here ]------------
WARNING: CPU: 3 PID: 35 at net/mac80211/tx.c:5040 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
WARNING: CPU: 3 PID: 35 at net/mac80211/tx.c:5040 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
WARNING: CPU: 3 PID: 35 at net/mac80211/tx.c:5040 __ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5469
Modules linked in:
CPU: 3 UID: 0 PID: 35 Comm: kworker/3:0 Not tainted 6.12.0-syzkaller-11677-g2ba9f676d0a2 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events nsim_fib_event_work
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
RIP: 0010:__ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5469
Code: 00 89 df 44 89 e6 e8 c3 51 ee f6 44 38 e3 72 a1 e8 99 50 ee f6 48 89 ef e8 61 55 46 f7 31 ed e9 9c fe ff ff e8 85 50 ee f6 90 <0f> 0b 90 e9 86 f6 ff ff 48 89 c6 48 c7 c7 40 50 2d 90 48 89 04 24
RSP: 0018:ffffc90000708b70 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8aa06b22
RDX: ffff88801dee8000 RSI: ffffffff8aa0749b RDI: 0000000000000001
RBP: ffffc90000708c20 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000005 R12: ffff888023334800
R13: 0000000000000041 R14: ffff88802ac28d80 R15: ffff88802ac2a9d8
FS:  0000000000000000(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0b3e4f7100 CR3: 00000000302c2000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 ieee80211_beacon_get_tim+0xa7/0x280 net/mac80211/tx.c:5596
 ieee80211_beacon_get include/net/mac80211.h:5632 [inline]
 mac80211_hwsim_beacon_tx+0x4ea/0xa00 drivers/net/wireless/virtual/mac80211_hwsim.c:2311
 __iterate_interfaces+0x2e5/0x640 net/mac80211/util.c:775
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 net/mac80211/util.c:811
 mac80211_hwsim_beacon+0x105/0x200 drivers/net/wireless/virtual/mac80211_hwsim.c:2345
 __run_hrtimer kernel/time/hrtimer.c:1739 [inline]
 __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:655
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:qlink_free mm/kasan/quarantine.c:146 [inline]
RIP: 0010:qlist_free_all+0x25/0x120 mm/kasan/quarantine.c:179
Code: 90 90 90 90 90 41 57 41 56 41 55 41 54 55 53 48 8b 2f 48 85 ed 0f 84 c9 00 00 00 49 89 fe 49 89 f5 eb 38 48 63 83 c0 00 00 00 <48> 89 df 4c 8b 65 00 48 29 c5 48 89 ee e8 19 ec ff ff 49 89 c7 66
RSP: 0018:ffffc900006efae0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff888100afcb40 RCX: ffffea0000000000
RDX: 0000000000000000 RSI: ffffffff813f9bb6 RDI: 0000000000000007
RBP: ffff888024a16100 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000004 R12: ffff888024a16100
R13: 0000000000000000 R14: ffffc900006efb18 R15: ffff888024a16000
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 nsim_fib6_rt_create drivers/net/netdevsim/fib.c:547 [inline]
 nsim_fib6_rt_insert drivers/net/netdevsim/fib.c:752 [inline]
 nsim_fib6_event drivers/net/netdevsim/fib.c:856 [inline]
 nsim_fib_event drivers/net/netdevsim/fib.c:889 [inline]
 nsim_fib_event_work+0x1384/0x26d0 drivers/net/netdevsim/fib.c:1493
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	41 57                	push   %r15
   7:	41 56                	push   %r14
   9:	41 55                	push   %r13
   b:	41 54                	push   %r12
   d:	55                   	push   %rbp
   e:	53                   	push   %rbx
   f:	48 8b 2f             	mov    (%rdi),%rbp
  12:	48 85 ed             	test   %rbp,%rbp
  15:	0f 84 c9 00 00 00    	je     0xe4
  1b:	49 89 fe             	mov    %rdi,%r14
  1e:	49 89 f5             	mov    %rsi,%r13
  21:	eb 38                	jmp    0x5b
  23:	48 63 83 c0 00 00 00 	movslq 0xc0(%rbx),%rax
* 2a:	48 89 df             	mov    %rbx,%rdi <-- trapping instruction
  2d:	4c 8b 65 00          	mov    0x0(%rbp),%r12
  31:	48 29 c5             	sub    %rax,%rbp
  34:	48 89 ee             	mov    %rbp,%rsi
  37:	e8 19 ec ff ff       	call   0xffffec55
  3c:	49 89 c7             	mov    %rax,%r15
  3f:	66                   	data16