DUID 00:04:b0:7e:30:9f:4d:11:81:da:bf:2d:3d:77:4c:17:c1:ba
forked to background, child pid 3173
[ 29.177733][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[ 29.194133][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 76.231685][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 183.726038][ T54] ==================================================================
[ 183.734455][ T54] BUG: KASAN: use-after-free in ip6mr_sk_done+0x11b/0x410
[ 183.741623][ T54] Read of size 4 at addr ffff88801599c088 by task kworker/u4:3/54
[ 183.749436][ T54]
[ 183.751785][ T54] CPU: 0 PID: 54 Comm: kworker/u4:3 Not tainted 5.17.0-rc2-syzkaller-00650-g5a8fb33e5305 #0
[ 183.761871][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
executing program
[ 183.771939][ T54] Workqueue: netns cleanup_net
[ 183.776728][ T54] Call Trace:
[ 183.780017][ T54]
[ 183.783917][ T54] dump_stack_lvl+0xcd/0x134
[ 183.788621][ T54] print_address_description.constprop.0.cold+0x8d/0x336
[ 183.795672][ T54] ? ip6mr_sk_done+0x11b/0x410
[ 183.800453][ T54] ? ip6mr_sk_done+0x11b/0x410
[ 183.805252][ T54] kasan_report.cold+0x83/0xdf
[ 183.810047][ T54] ? ip6mr_sk_done+0x11b/0x410
[ 183.814921][ T54] kasan_check_range+0x13d/0x180
[ 183.819882][ T54] ip6mr_sk_done+0x11b/0x410
executing program
executing program
[ 183.824502][ T54] ? pde_put+0x15d/0x1e0
[ 183.828857][ T54] rawv6_close+0x58/0x80
[ 183.833121][ T54] inet_release+0x12e/0x280
[ 183.837645][ T54] inet6_release+0x4c/0x70
[ 183.842093][ T54] sock_release+0x87/0x1b0
[ 183.846540][ T54] igmp6_net_exit+0x6b/0x170
[ 183.851145][ T54] ? dst_output+0x170/0x170
[ 183.855661][ T54] ops_exit_list+0xb0/0x170
[ 183.860189][ T54] cleanup_net+0x4ea/0xb00
[ 183.864630][ T54] ? unregister_pernet_device+0x70/0x70
[ 183.870205][ T54] process_one_work+0x9ac/0x1650
executing program
executing program
[ 183.875169][ T54] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 183.880560][ T54] ? rwlock_bug.part.0+0x90/0x90
[ 183.885513][ T54] ? _raw_spin_lock_irq+0x41/0x50
[ 183.890565][ T54] worker_thread+0x657/0x1110
[ 183.895296][ T54] ? process_one_work+0x1650/0x1650
[ 183.900535][ T54] kthread+0x2e9/0x3a0
[ 183.904620][ T54] ? kthread_complete_and_exit+0x40/0x40
[ 183.910364][ T54] ret_from_fork+0x1f/0x30
[ 183.914907][ T54]
[ 183.917932][ T54]
[ 183.920369][ T54] Allocated by task 10:
executing program
[ 183.924538][ T54] kasan_save_stack+0x1e/0x40
[ 183.929235][ T54] __kasan_kmalloc+0xa9/0xd0
[ 183.934012][ T54] set_kthread_struct+0xc5/0x250
[ 183.938965][ T54] copy_process+0x3783/0x7300
[ 183.943654][ T54] kernel_clone+0xe7/0xab0
[ 183.948080][ T54] kernel_thread+0xb5/0xf0
[ 183.952509][ T54] call_usermodehelper_exec_work+0xcc/0x180
[ 183.958421][ T54] process_one_work+0x9ac/0x1650
[ 183.963368][ T54] worker_thread+0x657/0x1110
[ 183.968054][ T54] kthread+0x2e9/0x3a0
[ 183.972227][ T54] ret_from_fork+0x1f/0x30
executing program
executing program
[ 183.976653][ T54]
[ 183.978977][ T54] Freed by task 54:
[ 183.982785][ T54] kasan_save_stack+0x1e/0x40
[ 183.987568][ T54] kasan_set_track+0x21/0x30
[ 183.992166][ T54] kasan_set_free_info+0x20/0x30
[ 183.997117][ T54] ____kasan_slab_free+0x130/0x160
[ 184.002239][ T54] slab_free_freelist_hook+0x8b/0x1c0
[ 184.007628][ T54] kfree+0xcb/0x280
[ 184.011455][ T54] ops_exit_list+0xb0/0x170
[ 184.015968][ T54] cleanup_net+0x4ea/0xb00
[ 184.020393][ T54] process_one_work+0x9ac/0x1650
executing program
executing program
[ 184.025344][ T54] worker_thread+0x657/0x1110
[ 184.030207][ T54] kthread+0x2e9/0x3a0
[ 184.034298][ T54] ret_from_fork+0x1f/0x30
[ 184.039011][ T54]
[ 184.041340][ T54] The buggy address belongs to the object at ffff88801599c000
[ 184.041340][ T54] which belongs to the cache kmalloc-256 of size 256
[ 184.055400][ T54] The buggy address is located 136 bytes inside of
[ 184.055400][ T54] 256-byte region [ffff88801599c000, ffff88801599c100)
[ 184.068688][ T54] The buggy address belongs to the page:
[ 184.074326][ T54] page:ffffea0000566700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1599c
[ 184.084491][ T54] head:ffffea0000566700 order:1 compound_mapcount:0
[ 184.091089][ T54] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 184.099121][ T54] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c41b40
[ 184.107760][ T54] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 184.117649][ T54] page dumped because: kasan: bad access detected
[ 184.124077][ T54] page_owner tracks the page as allocated
[ 184.129800][ T54] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10, ts 6903215330, free_ts 0
[ 184.147872][ T54] get_page_from_freelist+0xa72/0x2f50
[ 184.153354][ T54] __alloc_pages+0x1b2/0x500
[ 184.157959][ T54] alloc_pages+0x1aa/0x310
[ 184.162383][ T54] new_slab+0x28a/0x3b0
[ 184.166555][ T54] ___slab_alloc+0x87c/0xe90
[ 184.171164][ T54] __slab_alloc.constprop.0+0x4d/0xa0
[ 184.176554][ T54] kmem_cache_alloc_trace+0x289/0x2c0
[ 184.182121][ T54] set_kthread_struct+0xc5/0x250
[ 184.187074][ T54] copy_process+0x3783/0x7300
[ 184.191764][ T54] kernel_clone+0xe7/0xab0
[ 184.196192][ T54] kernel_thread+0xb5/0xf0
[ 184.200621][ T54] call_usermodehelper_exec_work+0xcc/0x180
[ 184.206529][ T54] process_one_work+0x9ac/0x1650
[ 184.211568][ T54] worker_thread+0x657/0x1110
[ 184.216783][ T54] kthread+0x2e9/0x3a0
[ 184.220906][ T54] ret_from_fork+0x1f/0x30
[ 184.225338][ T54] page_owner free stack trace missing
[ 184.230703][ T54]
[ 184.233027][ T54] Memory state around the buggy address:
[ 184.238842][ T54] ffff88801599bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 184.247292][ T54] ffff88801599c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 184.255601][ T54] >ffff88801599c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 184.263665][ T54] ^
[ 184.267999][ T54] ffff88801599c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 184.276072][ T54] ffff88801599c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 184.284144][ T54] ==================================================================
[ 184.292326][ T54] Disabling lock debugging due to kernel taint
[ 184.307826][ T54] Kernel panic - not syncing: panic_on_warn set ...
[ 184.314569][ T54] CPU: 0 PID: 54 Comm: kworker/u4:3 Tainted: G B 5.17.0-rc2-syzkaller-00650-g5a8fb33e5305 #0
[ 184.326099][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 184.336593][ T54] Workqueue: netns cleanup_net
[ 184.341448][ T54] Call Trace:
[ 184.344721][ T54]
[ 184.347639][ T54] dump_stack_lvl+0xcd/0x134
[ 184.352242][ T54] panic+0x2b0/0x6dd
[ 184.356133][ T54] ? __warn_printk+0xf3/0xf3
[ 184.360739][ T54] ? preempt_schedule_common+0x59/0xc0
[ 184.366194][ T54] ? ip6mr_sk_done+0x11b/0x410
[ 184.370988][ T54] ? preempt_schedule_thunk+0x16/0x18
[ 184.378898][ T54] ? trace_hardirqs_on+0x38/0x1c0
[ 184.383913][ T54] ? trace_hardirqs_on+0x51/0x1c0
[ 184.389026][ T54] ? ip6mr_sk_done+0x11b/0x410
[ 184.393789][ T54] ? ip6mr_sk_done+0x11b/0x410
[ 184.398543][ T54] end_report.cold+0x63/0x6f
[ 184.403136][ T54] kasan_report.cold+0x71/0xdf
[ 184.408780][ T54] ? ip6mr_sk_done+0x11b/0x410
[ 184.413538][ T54] kasan_check_range+0x13d/0x180
[ 184.418468][ T54] ip6mr_sk_done+0x11b/0x410
[ 184.423050][ T54] ? pde_put+0x15d/0x1e0
[ 184.427283][ T54] rawv6_close+0x58/0x80
[ 184.431515][ T54] inet_release+0x12e/0x280
[ 184.436008][ T54] inet6_release+0x4c/0x70
[ 184.440416][ T54] sock_release+0x87/0x1b0
[ 184.444857][ T54] igmp6_net_exit+0x6b/0x170
[ 184.449440][ T54] ? dst_output+0x170/0x170
[ 184.453957][ T54] ops_exit_list+0xb0/0x170
[ 184.458453][ T54] cleanup_net+0x4ea/0xb00
[ 184.462858][ T54] ? unregister_pernet_device+0x70/0x70
[ 184.470746][ T54] process_one_work+0x9ac/0x1650
[ 184.475678][ T54] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 184.481214][ T54] ? rwlock_bug.part.0+0x90/0x90
[ 184.486239][ T54] ? _raw_spin_lock_irq+0x41/0x50
[ 184.491794][ T54] worker_thread+0x657/0x1110
[ 184.496466][ T54] ? process_one_work+0x1650/0x1650
[ 184.501766][ T54] kthread+0x2e9/0x3a0
[ 184.505913][ T54] ? kthread_complete_and_exit+0x40/0x40
[ 184.511539][ T54] ret_from_fork+0x1f/0x30
[ 184.518908][ T54]
[ 184.522116][ T54] Kernel Offset: disabled
[ 184.526427][ T54] Rebooting in 86400 seconds..