general protection fault, probably for non-canonical address 0xeeeeeaeeeeeeeeee: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0x7777777777777770-0x7777777777777777]
CPU: 0 PID: 8622 Comm: kworker/u4:8 Not tainted 5.15.0-rc2-next-20210924-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:sctp_inet6addr_event+0x16c/0x910 net/sctp/ipv6.c:100
Code: 00 00 00 00 fc ff df 48 89 04 24 48 c1 e8 03 4c 01 e8 48 89 44 24 18 eb 31 e8 a0 f9 17 f9 4c 89 e0 48 c1 e8 03 4c 89 64 24 38 <42> 80 3c 28 00 0f 85 99 05 00 00 4c 39 64 24 40 4c 89 e3 49 8b 04
RSP: 0018:ffffc90016def578 EFLAGS: 00010207
RAX: 0eeeeeeeeeeeeeee RBX: ffff88800014a500 RCX: 0000000000000000
RDX: ffff88803e703a00 RSI: ffffffff885e47a0 RDI: 0000000000000003
RBP: ffffc90016def5e8 R08: 0000000000000000 R09: 000000000000000a
R10: ffffffff885e487b R11: 000000000000000a R12: 7777777777777777
R13: dffffc0000000000 R14: ffff888079296400 R15: 000000000000000a
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000007018e000 CR4: 00000000001526f0
Call Trace:
<TASK>
notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
atomic_notifier_call_chain+0x70/0x180 kernel/notifier.c:198
addrconf_ifdown.isra.0+0xa58/0x1630 net/ipv6/addrconf.c:3836
addrconf_notify+0xeb/0x1bb0 net/ipv6/addrconf.c:3646
notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1996
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
dev_close_many+0x2ff/0x620 net/core/dev.c:1597
dev_close net/core/dev.c:1619 [inline]
dev_close+0x16d/0x210 net/core/dev.c:1613
cfg80211_shutdown_all_interfaces+0x96/0x1f0 net/wireless/core.c:273
ieee80211_remove_interfaces+0xed/0x820 net/mac80211/iface.c:2122
ieee80211_unregister_hw+0x47/0x1f0 net/mac80211/main.c:1391
mac80211_hwsim_del_radio drivers/net/wireless/mac80211_hwsim.c:3457 [inline]
hwsim_exit_net+0x50e/0xca0 drivers/net/wireless/mac80211_hwsim.c:4217
ops_exit_list+0xb0/0x160 net/core/net_namespace.c:168
cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:593
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2297
worker_thread+0x658/0x11f0 kernel/workqueue.c:2444
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
Modules linked in:
---[ end trace c2246c19a22e9c81 ]---
RIP: 0010:sctp_inet6addr_event+0x16c/0x910 net/sctp/ipv6.c:100
Code: 00 00 00 00 fc ff df 48 89 04 24 48 c1 e8 03 4c 01 e8 48 89 44 24 18 eb 31 e8 a0 f9 17 f9 4c 89 e0 48 c1 e8 03 4c 89 64 24 38 <42> 80 3c 28 00 0f 85 99 05 00 00 4c 39 64 24 40 4c 89 e3 49 8b 04
RSP: 0018:ffffc90016def578 EFLAGS: 00010207
RAX: 0eeeeeeeeeeeeeee RBX: ffff88800014a500 RCX: 0000000000000000
RDX: ffff88803e703a00 RSI: ffffffff885e47a0 RDI: 0000000000000003
RBP: ffffc90016def5e8 R08: 0000000000000000 R09: 000000000000000a
R10: ffffffff885e487b R11: 000000000000000a R12: 7777777777777777
R13: dffffc0000000000 R14: ffff888079296400 R15: 000000000000000a
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000007018e000 CR4: 00000000001526f0
----------------
Code disassembly (best guess), 6 bytes skipped:
0: df 48 89 fisttps -0x77(%rax)
3: 04 24 add $0x24,%al
5: 48 c1 e8 03 shr $0x3,%rax
9: 4c 01 e8 add %r13,%rax
c: 48 89 44 24 18 mov %rax,0x18(%rsp)
11: eb 31 jmp 0x44
13: e8 a0 f9 17 f9 callq 0xf917f9b8
18: 4c 89 e0 mov %r12,%rax
1b: 48 c1 e8 03 shr $0x3,%rax
1f: 4c 89 64 24 38 mov %r12,0x38(%rsp)
* 24: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) <-- trapping instruction
29: 0f 85 99 05 00 00 jne 0x5c8
2f: 4c 39 64 24 40 cmp %r12,0x40(%rsp)
34: 4c 89 e3 mov %r12,%rbx
37: 49 rex.WB
38: 8b .byte 0x8b
39: 04 .byte 0x4