general protection fault, probably for non-canonical address 0xe0edfc00f4de63ea: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0x07700007a6f31f50-0x07700007a6f31f57]
CPU: 1 PID: 8264 Comm: kworker/u4:5 Not tainted 5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy65 ieee80211_iface_work
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:956 [inline]
RIP: 0010:debug_check_no_obj_freed+0x1d3/0x41c lib/debugobjects.c:998
Code: 39 00 0f 85 0f 02 00 00 48 89 45 08 4d 89 30 4c 89 c7 4d 89 68 08 e8 bc c9 ff ff 48 85 ed 74 2c 49 89 e8 4c 89 c0 48 c1 e8 03 <42> 80 3c 38 00 0f 84 2e ff ff ff 4c 89 c7 4c 89 44 24 38 e8 c5 1f
RSP: 0018:ffffc90015a5fb20 EFLAGS: 00010002
RAX: 00ee0000f4de63ea RBX: ffff8880a2bbfc00 RCX: ffffffff815cf800
RDX: 1ffffffff1ad4ae2 RSI: 0000000000000004 RDI: ffff88800087d6e0
RBP: 07700007a6f31f50 R08: 07700007a6f31f50 R09: ffff888007700077
R10: fffff52002b4bf52 R11: 0000000000000000 R12: 0000000000000001
R13: dead000000000122 R14: dead000000000100 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ae500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558cae530e50 CR3: 00000000a201b000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kfree+0xfb/0x2b0 mm/slab.c:3759
 skb_free_head net/core/skbuff.c:590 [inline]
 skb_release_data+0x6d9/0x910 net/core/skbuff.c:610
 skb_release_all net/core/skbuff.c:664 [inline]
 __kfree_skb net/core/skbuff.c:678 [inline]
 kfree_skb.part.0+0xc2/0x350 net/core/skbuff.c:696
 kfree_skb+0x7d/0x100 include/linux/refcount.h:270
 ieee80211_iface_work+0x2ae/0x8f0 net/mac80211/iface.c:1429
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
---[ end trace 3c143127ebd87d94 ]---
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:956 [inline]
RIP: 0010:debug_check_no_obj_freed+0x1d3/0x41c lib/debugobjects.c:998
Code: 39 00 0f 85 0f 02 00 00 48 89 45 08 4d 89 30 4c 89 c7 4d 89 68 08 e8 bc c9 ff ff 48 85 ed 74 2c 49 89 e8 4c 89 c0 48 c1 e8 03 <42> 80 3c 38 00 0f 84 2e ff ff ff 4c 89 c7 4c 89 44 24 38 e8 c5 1f
RSP: 0018:ffffc90015a5fb20 EFLAGS: 00010002
RAX: 00ee0000f4de63ea RBX: ffff8880a2bbfc00 RCX: ffffffff815cf800
RDX: 1ffffffff1ad4ae2 RSI: 0000000000000004 RDI: ffff88800087d6e0
RBP: 07700007a6f31f50 R08: 07700007a6f31f50 R09: ffff888007700077
R10: fffff52002b4bf52 R11: 0000000000000000 R12: 0000000000000001
R13: dead000000000122 R14: dead000000000100 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ae500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558cae530e50 CR3: 00000000a201b000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400