wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4356 Comm: syz-executor.6 Not tainted 4.20.0-rc1-syzkaller #0
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:vb2_vmalloc_put_userptr+0x74/0x250
Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 d3 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 09 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 6e 01 00 00
kobject: 'loop3' (00000000fba4b269): kobject_uevent_env
RSP: 0018:ffff8801cab57940 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff113b5a4
RDX: 0000000000000001 RSI: ffffffff8553cd29 RDI: 0000000000000009
RBP: ffff8801cab57970 R08: 0000000000000001 R09: 0000000000000005
R10: 0000000000000000 R11: 1ffff100395695ec R12: ffffc900023f1000
kobject: 'loop3' (00000000fba4b269): fill_kobj_path: path = '/devices/virtual/block/loop3'
R13: ffff8801f0a52980 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007f06de10e480(0000) GS:ffff8801f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0d84bc9c98 CR3: 00000001f3424003 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
kobject: 'hwsim12' (00000000bfcb7a75): kobject_add_internal: parent: 'mac80211_hwsim', set: 'devices'
Call Trace:
kobject: 'hwsim12' (00000000bfcb7a75): kobject_uevent_env
 __vb2_queue_free+0x4bd/0xa30
kobject: 'hwsim12' (00000000bfcb7a75): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim12'
 vb2_core_queue_release+0x62/0x80
 vb2_queue_release+0x15/0x20
 v4l2_m2m_ctx_release+0x1e/0x40
kobject: 'hwsim12' (00000000bfcb7a75): kobject_uevent_env
 vicodec_release+0xbd/0x120
 v4l2_release+0x2f2/0x3a0
 __fput+0x37e/0xa30
kobject: 'hwsim12' (00000000bfcb7a75): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim12'
kobject: 'ieee80211' (000000001c561dc5): kobject_add_internal: parent: 'hwsim12', set: '(null)'
 ____fput+0x15/0x20
kobject: 'phy12' (000000008b4629ed): kobject_add_internal: parent: 'ieee80211', set: 'devices'
 task_work_run+0x1fc/0x2b0
 exit_to_usermode_loop+0x321/0x380
kobject: 'phy12' (000000008b4629ed): kobject_uevent_env
 syscall_return_slowpath+0x695/0xbc0
kobject: 'phy12' (000000008b4629ed): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim12/ieee80211/phy12'
kobject: 'rfkill22' (00000000322e4527): kobject_add_internal: parent: 'phy12', set: 'devices'
 do_syscall_64+0x1b5/0x270
kobject: 'rfkill22' (00000000322e4527): kobject_uevent_env
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f06dd3f1e5a
kobject: 'rfkill22' (00000000322e4527): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim12/ieee80211/phy12/rfkill22'
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 13 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 73 7f 02 00 8b 44 24
RSP: 002b:00007ffd2b945420 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f06dd3f1e5a
ieee80211 phy12: Selected rate control algorithm 'minstrel_ht'
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f06dd522980 R08: 0000001b32560000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000293 R12: 000000000000bcb1
R13: 000000000000b998 R14: 00007ffd2b9455e0 R15: 00007f06dd3a9cb0
Modules linked in:
---[ end trace 3e9c9d7d20e0157e ]---
kobject: 'net' (00000000a5b230f4): kobject_add_internal: parent: 'hwsim12', set: '(null)'
RIP: 0010:vb2_vmalloc_put_userptr+0x74/0x250
kobject: 'wlan0' (00000000f5202214): kobject_add_internal: parent: 'net', set: 'devices'
Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 d3 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 09 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 6e 01 00 00
kobject: 'wlan0' (00000000f5202214): kobject_uevent_env
RSP: 0018:ffff8801cab57940 EFLAGS: 00010202
kobject: 'wlan0' (00000000f5202214): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim12/net/wlan0'
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff113b5a4
kobject: 'queues' (0000000052a07644): kobject_add_internal: parent: 'wlan0', set: '<NULL>'
RDX: 0000000000000001 RSI: ffffffff8553cd29 RDI: 0000000000000009
kobject: 'queues' (0000000052a07644): kobject_uevent_env
RBP: ffff8801cab57970 R08: 0000000000000001 R09: 0000000000000005
kobject: 'queues' (0000000052a07644): kobject_uevent_env: filter function caused the event to drop!
R10: 0000000000000000 R11: 1ffff100395695ec R12: ffffc900023f1000
kobject: 'rx-0' (000000004408f6e6): kobject_add_internal: parent: 'queues', set: 'queues'
R13: ffff8801f0a52980 R14: dffffc0000000000 R15: 0000000000000000
kobject: 'rx-0' (000000004408f6e6): kobject_uevent_env
FS:  00007f06de10e480(0000) GS:ffff8801f6700000(0000) knlGS:0000000000000000
kobject: 'rx-0' (000000004408f6e6): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim12/net/wlan0/queues/rx-0'
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kobject: 'tx-0' (0000000096f3166d): kobject_add_internal: parent: 'queues', set: 'queues'
CR2: 00007effb1646d58 CR3: 00000001f3424006 CR4: 00000000003606e0
kobject: 'tx-0' (0000000096f3166d): kobject_uevent_env
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kobject: 'tx-0' (0000000096f3166d): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim12/net/wlan0/queues/tx-0'
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
kobject: 'tx-1' (0000000022bf9d6a): kobject_add_internal: parent: 'queues', set: 'queues'
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	48 c1 ea 03          	shr    $0x3,%rdx
   4:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   8:	0f 85 d3 01 00 00    	jne    0x1e1
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	49 8b 5d 08          	mov    0x8(%r13),%rbx
  1c:	48 8d 7b 09          	lea    0x9(%rbx),%rdi
  20:	48 89 fa             	mov    %rdi,%rdx
  23:	48 c1 ea 03          	shr    $0x3,%rdx
* 27:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax <-- trapping instruction
  2b:	48 89 fa             	mov    %rdi,%rdx
  2e:	83 e2 07             	and    $0x7,%edx
  31:	38 d0                	cmp    %dl,%al
  33:	7f 08                	jg     0x3d
  35:	84 c0                	test   %al,%al
  37:	0f 85 6e 01 00 00    	jne    0x1ab
