------------[ cut here ]------------
WARNING: CPU: 0 PID: 13446 at net/mac80211/tx.c:5040 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
WARNING: CPU: 0 PID: 13446 at net/mac80211/tx.c:5040 __ieee80211_beacon_get+0x120b/0x15d0 net/mac80211/tx.c:5469
Modules linked in:
CPU: 0 UID: 0 PID: 13446 Comm: kworker/u4:8 Not tainted 6.14.0-rc5-syzkaller-00234-gb7c90e3e717a #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
RIP: 0010:__ieee80211_beacon_get+0x120b/0x15d0 net/mac80211/tx.c:5469
Code: e8 ba 70 40 f6 eb 0d e8 b3 70 40 f6 4c 8b bc 24 98 00 00 00 4c 89 ef e8 d3 27 9c f6 45 31 ed e9 4d fe ff ff e8 96 70 40 f6 90 <0f> 0b 90 e9 f9 f6 ff ff e8 88 70 40 f6 90 0f 0b 90 e9 e7 f8 ff ff
RSP: 0018:ffffc900000079e0 EFLAGS: 00010246
RAX: ffffffff8b816e7a RBX: 0000000000000000 RCX: ffff8880333d0000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffffffff8b81656f R09: ffffffff8b815f6f
R10: 0000000000000003 R11: ffff8880333d0000 R12: ffff88804f57a500
R13: ffff888051d7ec00 R14: ffff88804f57a9d0 R15: ffff88804f578d80
FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa0874d56c0 CR3: 0000000055f48000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 ieee80211_beacon_get_tim+0xb4/0x320 net/mac80211/tx.c:5596
 ieee80211_beacon_get include/net/mac80211.h:5641 [inline]
 mac80211_hwsim_beacon_tx+0x39d/0x850 drivers/net/wireless/virtual/mac80211_hwsim.c:2311
 __iterate_interfaces+0x297/0x570 net/mac80211/util.c:761
 ieee80211_iterate_active_interfaces_atomic+0xd8/0x170 net/mac80211/util.c:797
 mac80211_hwsim_beacon+0xd4/0x1f0 drivers/net/wireless/virtual/mac80211_hwsim.c:2345
 __run_hrtimer kernel/time/hrtimer.c:1801 [inline]
 __hrtimer_run_queues+0x59b/0xd30 kernel/time/hrtimer.c:1865
 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1882
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 kernel/kcov.c:217
Code: 80 d6 03 00 65 8b 15 60 f7 41 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 2c 16 00 00 00 74 2c 8b 91 08 16 00 00 <83> fa 02 75 21 48 8b 91 10 16 00 00 48 8b 32 48 8d 7e 01 8b 89 0c
RSP: 0018:ffffc9000d3efa48 EFLAGS: 00000246
RAX: ffffffff816ecbc1 RBX: ffffffff823c697b RCX: ffff8880333d0000
RDX: 0000000000000000 RSI: ffffffff8c80ff00 RDI: ffff88804f3f5500
RBP: ffffc9000d3efcf0 R08: ffffffff823d8b4a R09: 1ffff11009e7eaa2
R10: dffffc0000000000 R11: ffffed1009e7eaa3 R12: dffffc0000000000
R13: ffff88804f3f5500 R14: ffff88804f3f5500 R15: 1ffff92001a7df84
 __phys_addr+0x11/0x170 arch/x86/mm/physaddr.c:16
 virt_to_folio include/linux/mm.h:1295 [inline]
 virt_to_slab mm/slab.h:211 [inline]
 kmem_cache_free+0x78/0x410 mm/slub.c:4711
 open_exec+0x4b/0x60 fs/exec.c:933
 load_elf_binary+0x1957/0x2820 fs/binfmt_elf.c:899
 search_binary_handler fs/exec.c:1775 [inline]
 exec_binprm fs/exec.c:1807 [inline]
 bprm_execve+0x979/0x1430 fs/exec.c:1859
 kernel_execve+0x931/0xa50 fs/exec.c:2026
 call_usermodehelper_exec_async+0x237/0x380 kernel/umh.c:109
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess):
   0:	80 d6 03             	adc    $0x3,%dh
   3:	00 65 8b             	add    %ah,-0x75(%rbp)
   6:	15 60 f7 41 7e       	adc    $0x7e41f760,%eax
   b:	81 e2 00 01 ff 00    	and    $0xff0100,%edx
  11:	74 11                	je     0x24
  13:	81 fa 00 01 00 00    	cmp    $0x100,%edx
  19:	75 35                	jne    0x50
  1b:	83 b9 2c 16 00 00 00 	cmpl   $0x0,0x162c(%rcx)
  22:	74 2c                	je     0x50
  24:	8b 91 08 16 00 00    	mov    0x1608(%rcx),%edx
* 2a:	83 fa 02             	cmp    $0x2,%edx <-- trapping instruction
  2d:	75 21                	jne    0x50
  2f:	48 8b 91 10 16 00 00 	mov    0x1610(%rcx),%rdx
  36:	48 8b 32             	mov    (%rdx),%rsi
  39:	48 8d 7e 01          	lea    0x1(%rsi),%rdi
  3d:	8b                   	.byte 0x8b
  3e:	89                   	.byte 0x89
  3f:	0c                   	.byte 0xc