------------[ cut here ]------------
WARNING: CPU: 1 PID: 11947 at net/mac80211/rx.c:5360 ieee80211_rx_list+0x2a05/0x3780 net/mac80211/rx.c:5360
Modules linked in:
CPU: 1 PID: 11947 Comm: vhost-11945 Not tainted 6.9.0-rc5-syzkaller-00007-g4d2008430ce8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:ieee80211_rx_list+0x2a05/0x3780 net/mac80211/rx.c:5360
Code: 90 e9 23 da ff ff e8 da ea 9e f6 e9 19 da ff ff e8 d0 ea 9e f6 e9 0f da ff ff e8 c6 ea 9e f6 e9 05 da ff ff e8 bc ea 9e f6 90 <0f> 0b 90 e9 f7 d9 ff ff e8 ae ea 9e f6 31 c0 48 89 44 24 60 e9 e5
RSP: 0018:ffffc90000a089a0 EFLAGS: 00010246
RAX: ffffffff8af716a4 RBX: 0000000000000000 RCX: ffff888020e85a00
RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000a08bf0 R08: ffffffff8af6eee2 R09: 1ffffffff25e64a0
R10: dffffc0000000000 R11: fffffbfff25e64a1 R12: dffffc0000000000
R13: ffff88802bb0c500 R14: ffff88802d848e20 R15: ffff88802d84b088
FS:  00007f309c7766c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000203bf000 CR3: 0000000067dc4000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 ieee80211_rx_napi+0x18a/0x3c0 net/mac80211/rx.c:5470
 ieee80211_rx include/net/mac80211.h:5083 [inline]
 ieee80211_tasklet_handler+0xeb/0x1f0 net/mac80211/main.c:438
 tasklet_action_common+0x323/0x4d0 kernel/softirq.c:781
 __do_softirq+0x2c8/0x980 kernel/softirq.c:554
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:kcov_remote_start+0x2e/0x7e0 kernel/kcov.c:923
Code: 55 41 57 41 56 41 55 41 54 53 48 83 ec 18 65 48 8b 1c 25 c0 d3 03 00 48 b8 00 00 00 00 ff ff ff 00 48 85 c7 74 17 90 0f 0b 90 <48> 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 5a 36 1a 0a 48 89 fd
RSP: 0018:ffffc90002f5fd78 EFLAGS: 00000206
RAX: 6a9723e513a47700 RBX: ffff888020e85a00 RCX: ffffffff9472a603
RDX: dffffc0000000000 RSI: ffffffff8bcab8a0 RDI: ffffffff8c1f8560
RBP: ffff8880b952d4c8 R08: ffffffff8fa8e2af R09: 1ffffffff1f51c55
R10: dffffc0000000000 R11: fffffbfff1f51c56 R12: 0000000000040000
R13: dffffc0000000000 R14: 0000000000000246 R15: ffff88801efed700
 kcov_remote_start_common include/linux/kcov.h:48 [inline]
 vhost_worker+0x122/0x1c0 drivers/vhost/vhost.c:410
 vhost_task_fn+0x287/0x320 kernel/vhost_task.c:55
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess):
   0:	55                   	push   %rbp
   1:	41 57                	push   %r15
   3:	41 56                	push   %r14
   5:	41 55                	push   %r13
   7:	41 54                	push   %r12
   9:	53                   	push   %rbx
   a:	48 83 ec 18          	sub    $0x18,%rsp
   e:	65 48 8b 1c 25 c0 d3 	mov    %gs:0x3d3c0,%rbx
  15:	03 00
  17:	48 b8 00 00 00 00 ff 	movabs $0xffffff00000000,%rax
  1e:	ff ff 00
  21:	48 85 c7             	test   %rax,%rdi
  24:	74 17                	je     0x3d
  26:	90                   	nop
  27:	0f 0b                	ud2
  29:	90                   	nop
* 2a:	48 83 c4 18          	add    $0x18,%rsp <-- trapping instruction
  2e:	5b                   	pop    %rbx
  2f:	41 5c                	pop    %r12
  31:	41 5d                	pop    %r13
  33:	41 5e                	pop    %r14
  35:	41 5f                	pop    %r15
  37:	5d                   	pop    %rbp
  38:	e9 5a 36 1a 0a       	jmp    0xa1a3697
  3d:	48 89 fd             	mov    %rdi,%rbp