[  131.627794] general protection fault, probably for non-canonical address 0xdffffc0000000064: 0000 [#1] PREEMPT SMP KASAN PTI
[  131.629167] KASAN: null-ptr-deref in range [0x0000000000000320-0x0000000000000327]
[  131.630984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[  131.632158] RIP: 0010:cfg80211_rx_unprot_mlme_mgmt (net/wireless/nl80211.c:17551) 
[ 131.632779] Code: 00 00 fc ff df 41 57 41 56 41 55 41 54 49 89 d4 55 48 89 fd 48 81 c7 20 03 00 00 53 48 89 fa 48 89 f3 48 c1 ea 0

Code starting with the faulting instruction
===========================================
   0:	00 00                	add    %al,(%rax)
   2:	fc                   	cld
   3:	ff                   	(bad)
   4:	df 41 57             	filds  0x57(%rcx)
   7:	41 56                	push   %r14
   9:	41 55                	push   %r13
   b:	41 54                	push   %r12
   d:	49 89 d4             	mov    %rdx,%r12
  10:	55                   	push   %rbp
  11:	48 89 fd             	mov    %rdi,%rbp
  14:	48 81 c7 20 03 00 00 	add    $0x320,%rdi
  1b:	53                   	push   %rbx
  1c:	48 89 fa             	mov    %rdi,%rdx
  1f:	48 89 f3             	mov    %rsi,%rbx
  22:	48 c1 ea 00          	shr    $0x0,%rdx
[  131.635032] RSP: 0018:ffffc9000015f690 EFLAGS: 00010286
[  131.635716] RAX: dffffc0000000000 RBX: ffff88800bc78204 RCX: 000000000000ffaa
[  131.636481] RDX: 0000000000000064 RSI: ffff88800bc78204 RDI: 0000000000000320
[  131.637237] RBP: 0000000000000000 R08: ffff8880112aa958 R09: 0000000000000003
[  131.637995] R10: ffff88800bc78208 R11: ffffc9000015fa50 R12: 0000000000000032
[  131.638747] R13: 0000000000003480 R14: ffff88800c932000 R15: dffffc0000000000
[  131.639521] FS:  0000000000000000(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  131.640494] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  131.641193] CR2: 0000555b0a56a778 CR3: 00000000111da000 CR4: 00000000000006e0
[  131.642054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  131.642912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  131.643780] Call Trace:
[  131.644091]  <TASK>
[  131.644364] ieee80211_rx_handlers (net/mac80211/rx.c:3999) 
[  131.644942] ? lock_chain_count (kernel/locking/lockdep.c:4593) 
[  131.645437] ? __ieee80211_rx_h_amsdu (net/mac80211/rx.c:3966) 
[  131.646016] ? __lock_acquire (./arch/x86/include/asm/bitops.h:228 ./arch/x86/include/asm/bitops.h:240 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:227 kernel/locking/lockdep.c:5050) 
[  131.646521] ? skb_copy_header (./include/linux/skbuff.h:1570 net/core/skbuff.c:1578) 
[  131.647016] ieee80211_prepare_and_rx_handle (net/mac80211/rx.c:4763) 
[  131.647680] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4911) 
[  131.648305] ? lock_is_held_type (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5710) 
[  131.648820] ? lock_is_held_type (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5710) 
[  131.649333] ? ieee80211_mark_rx_ba_filtered_frames (net/mac80211/rx.c:4742) 
[  131.650049] ? reacquire_held_locks (kernel/locking/lockdep.c:5674) 
[  131.650605] ? find_held_lock (kernel/locking/lockdep.c:5156) 
[  131.651090] ? sta_info_get_bss (net/mac80211/sta_info.c:244) 
[  131.651603] ieee80211_rx_list (net/mac80211/rx.c:5008 net/mac80211/rx.c:5131) 
[  131.652132] ? ieee80211_rx_for_interface (net/mac80211/rx.c:5022) 
[  131.652746] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5668 kernel/locking/lockdep.c:5631) 
[  131.653223] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5668 kernel/locking/lockdep.c:5631) 
[  131.653696] ? lock_downgrade (kernel/locking/lockdep.c:5634) 
[  131.654190] ? lock_release (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5688) 
[  131.654663] ? skb_dequeue (net/core/skbuff.c:3299) 
[  131.655127] ? reacquire_held_locks (kernel/locking/lockdep.c:5674) 
[  131.655683] ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155) 
[  131.656176] ? ieee80211_rx_list (net/mac80211/rx.c:5143) 
[  131.656724] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4383) 
[  131.657259] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:103 ./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) 
[  131.657865] ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315) 
[  131.658438] tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801) 
[  131.659103] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572) 
[  131.659555] ? smpboot_thread_fn (kernel/smpboot.c:112) 
[  131.660067] ? __entry_text_end (kernel/softirq.c:529) 
[  131.660644] ? run_ksoftirqd (kernel/softirq.c:420 kernel/softirq.c:928) 
[  131.661109] ? lockdep_hardirqs_off (./arch/x86/include/asm/current.h:15 kernel/locking/lockdep.c:4415) 
[  131.661642] ? smpboot_thread_fn (kernel/smpboot.c:112) 
[  131.662153] run_ksoftirqd (kernel/softirq.c:425 kernel/softirq.c:935 kernel/softirq.c:926) 
[  131.662592] smpboot_thread_fn (kernel/smpboot.c:164 (discriminator 3)) 
[  131.663096] ? sort_range (kernel/smpboot.c:109) 
[  131.663529] kthread (kernel/kthread.c:376) 
[  131.663897] ? kthread_complete_and_exit (kernel/kthread.c:335) 
[  131.664409] ret_from_fork (arch/x86/entry/entry_64.S:312) 
[  131.664797]  </TASK>
[  131.665042] Modules linked in:
[  131.665431] ---[ end trace 0000000000000000 ]---
[  131.665929] RIP: 0010:cfg80211_rx_unprot_mlme_mgmt (net/wireless/nl80211.c:17551) 
[  131.666002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 131.666549] Code: 00 00 fc ff df 41 57 41 56 41 55 41 54 49 89 d4 55 48 89 fd 48 81 c7 20 03 00 00 53 48 89 fa 48 89 f3 48 c1 ea 0

Code starting with the faulting instruction
===========================================
   0:	00 00                	add    %al,(%rax)
   2:	fc                   	cld
   3:	ff                   	(bad)
   4:	df 41 57             	filds  0x57(%rcx)
   7:	41 56                	push   %r14
   9:	41 55                	push   %r13
   b:	41 54                	push   %r12
   d:	49 89 d4             	mov    %rdx,%r12
  10:	55                   	push   %rbp
  11:	48 89 fd             	mov    %rdi,%rbp
  14:	48 81 c7 20 03 00 00 	add    $0x320,%rdi
  1b:	53                   	push   %rbx
  1c:	48 89 fa             	mov    %rdi,%rdx
  1f:	48 89 f3             	mov    %rsi,%rbx
  22:	48 c1 ea 00          	shr    $0x0,%rdx
[  131.669653] RSP: 0018:ffffc9000015f690 EFLAGS: 00010286
root@fuzzingimage:~# [  131.670593] RAX: dffffc0000000000 RBX: ffff88800bc78204 RCX: 000000000000ffaa
[  131.671406] RDX: 0000000000000064 RSI: ffff88800bc78204 RDI: 0000000000000320
[  131.672210] RBP: 0000000000000000 R08: ffff8880112aa958 R09: 0000000000000003
[  131.673199] R10: ffff88800bc78208 R11: ffffc9000015fa50 R12: 0000000000000032
[  131.674053] R13: 0000000000003480 R14: ffff88800c932000 R15: dffffc0000000000
[  131.674938] FS:  0000000000000000(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[  131.675933] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  131.676655] CR2: 0000555b0a56a778 CR3: 0000000004c26000 CR4: 00000000000006e0
[  131.677605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  131.678485] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  131.679364] Kernel panic - not syncing: Fatal exception in interrupt
[  131.680234] Kernel Offset: disabled
[  131.680665] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---