[ 40.289776][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 40.300846][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 40.309632][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 40.318613][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 40.446208][ T206] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 41.119944][ T3590] can: request_module (can-proto-0) failed.
[ 41.139898][ T3590] can: request_module (can-proto-0) failed.
[ 41.157717][ T3590] can: request_module (can-proto-0) failed.
[ 43.341842][ T206] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 43.463947][ T3601] syz-executor.0 (3601) used greatest stack depth: 23232 bytes left
[ 45.916968][ T206] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 45.977856][ T206] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 46.728782][ T206] device hsr_slave_0 left promiscuous mode
[ 46.735481][ T206] device hsr_slave_1 left promiscuous mode
[ 46.743941][ T206] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 46.751432][ T206] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 46.763272][ T206] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 46.770744][ T206] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 46.781315][ T206] device bridge_slave_1 left promiscuous mode
[ 46.788370][ T206] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.805284][ T206] device bridge_slave_0 left promiscuous mode
[ 46.811520][ T206] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.831888][ T206] device veth1_macvtap left promiscuous mode
[ 46.840123][ T206] device veth0_macvtap left promiscuous mode
[ 46.846319][ T206] device veth1_vlan left promiscuous mode
[ 46.853563][ T206] device veth0_vlan left promiscuous mode
[ 47.055061][ T206] team0 (unregistering): Port device team_slave_1 removed
[ 47.069091][ T206] team0 (unregistering): Port device team_slave_0 removed
[ 47.081899][ T206] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 47.096864][ T206] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 47.141567][ T206] bond0 (unregistering): Released all slaves
[ 47.503934][ T206] ==================================================================
[ 47.512126][ T206] BUG: KASAN: use-after-free in ip6mr_sk_done+0xea/0x360
[ 47.519142][ T206] Read of size 4 at addr ffff8880109fbc88 by task kworker/u4:3/206
[ 47.527021][ T206]
[ 47.529341][ T206] CPU: 0 PID: 206 Comm: kworker/u4:3 Not tainted 5.17.0-rc2-syzkaller #0
[ 47.537740][ T206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 47.547788][ T206] Workqueue: netns cleanup_net
[ 47.552551][ T206] Call Trace:
[ 47.555835][ T206]
[ 47.558757][ T206] dump_stack_lvl+0x57/0x7d
[ 47.563259][ T206] print_address_description.constprop.0.cold+0x8d/0x336
[ 47.570276][ T206] ? ip6mr_sk_done+0xea/0x360
[ 47.574942][ T206] ? ip6mr_sk_done+0xea/0x360
[ 47.579604][ T206] kasan_report.cold+0x83/0xdf
[ 47.584363][ T206] ? ip6mr_sk_done+0xea/0x360
[ 47.589034][ T206] kasan_check_range+0x13d/0x180
[ 47.594047][ T206] ip6mr_sk_done+0xea/0x360
[ 47.598538][ T206] ? remove_proc_entry+0x188/0x3e0
[ 47.603646][ T206] rawv6_close+0x3e/0x60
[ 47.607881][ T206] inet_release+0xef/0x210
[ 47.612301][ T206] sock_release+0x7d/0x190
[ 47.616792][ T206] igmp6_net_exit+0x61/0x160
[ 47.621375][ T206] ops_exit_list+0x94/0x160
[ 47.626738][ T206] cleanup_net+0x423/0x980
[ 47.631142][ T206] ? lockdep_hardirqs_on+0x79/0x100
[ 47.636328][ T206] ? unregister_pernet_device+0x60/0x60
[ 47.641871][ T206] process_one_work+0x879/0x1410
[ 47.646887][ T206] ? lock_release+0x720/0x720
[ 47.651568][ T206] ? pwq_dec_nr_in_flight+0x230/0x230
[ 47.656932][ T206] ? rwlock_bug.part.0+0x90/0x90
[ 47.661861][ T206] ? _raw_spin_lock_irq+0x41/0x50
[ 47.666881][ T206] worker_thread+0x5a0/0xf60
[ 47.671581][ T206] ? process_one_work+0x1410/0x1410
[ 47.676778][ T206] kthread+0x299/0x340
[ 47.680851][ T206] ? kthread_complete_and_exit+0x20/0x20
[ 47.686474][ T206] ret_from_fork+0x1f/0x30
[ 47.690905][ T206]
[ 47.693914][ T206]
[ 47.696229][ T206] Allocated by task 0:
[ 47.700284][ T206] (stack is not available)
[ 47.704708][ T206]
[ 47.707022][ T206] Freed by task 206:
[ 47.710983][ T206] kasan_save_stack+0x1e/0x40
[ 47.715643][ T206] kasan_set_track+0x21/0x30
[ 47.720221][ T206] kasan_set_free_info+0x20/0x30
[ 47.725150][ T206] ____kasan_slab_free+0x130/0x160
[ 47.730252][ T206] slab_free_freelist_hook+0x8b/0x1c0
[ 47.735613][ T206] kfree+0xcb/0x280
[ 47.739409][ T206] ops_exit_list+0x94/0x160
[ 47.743985][ T206] cleanup_net+0x423/0x980
[ 47.748384][ T206] process_one_work+0x879/0x1410
[ 47.753309][ T206] worker_thread+0x5a0/0xf60
[ 47.757977][ T206] kthread+0x299/0x340
[ 47.762034][ T206] ret_from_fork+0x1f/0x30
[ 47.766440][ T206]
[ 47.768758][ T206] The buggy address belongs to the object at ffff8880109fbc00
[ 47.768758][ T206] which belongs to the cache kmalloc-256 of size 256
[ 47.783056][ T206] The buggy address is located 136 bytes inside of
[ 47.783056][ T206] 256-byte region [ffff8880109fbc00, ffff8880109fbd00)
[ 47.796323][ T206] The buggy address belongs to the page:
[ 47.802028][ T206] page:ffffea0000427e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109fa
[ 47.812164][ T206] head:ffffea0000427e80 order:1 compound_mapcount:0
[ 47.818826][ T206] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 47.826806][ T206] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff88800fc41b40
[ 47.835410][ T206] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 47.843980][ T206] page dumped because: kasan: bad access detected
[ 47.850379][ T206] page_owner tracks the page as allocated
[ 47.856083][ T206] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 2000447826, free_ts 0
[ 47.873959][ T206] get_page_from_freelist+0xa6f/0x2f10
[ 47.879415][ T206] __alloc_pages+0x1b2/0x500
[ 47.883999][ T206] alloc_page_interleave+0xf/0x1c0
[ 47.889108][ T206] new_slab+0x28a/0x3b0
[ 47.893345][ T206] ___slab_alloc+0x87e/0xe80
[ 47.897923][ T206] __slab_alloc.constprop.0+0x4d/0xa0
[ 47.903282][ T206] __kmalloc_track_caller+0x2e7/0x320
[ 47.908640][ T206] krealloc+0x87/0xf0
[ 47.912851][ T206] add_sysfs_param+0xaf/0x900
[ 47.918206][ T206] param_sysfs_init+0x279/0x351
[ 47.923665][ T206] do_one_initcall+0xbe/0x440
[ 47.929936][ T206] kernel_init_freeable+0x5ab/0x605
[ 47.935293][ T206] kernel_init+0x14/0x130
[ 47.939633][ T206] ret_from_fork+0x1f/0x30
[ 47.944039][ T206] page_owner free stack trace missing
[ 47.949391][ T206]
[ 47.951702][ T206] Memory state around the buggy address:
[ 47.957317][ T206] ffff8880109fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.965365][ T206] ffff8880109fbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.973414][ T206] >ffff8880109fbc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.981461][ T206] ^
[ 47.985774][ T206] ffff8880109fbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.993917][ T206] ffff8880109fbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.001960][ T206] ==================================================================
[ 48.010007][ T206] Disabling lock debugging due to kernel taint
[ 48.016745][ T206] Kernel panic - not syncing: panic_on_warn set ...
[ 48.023328][ T206] CPU: 0 PID: 206 Comm: kworker/u4:3 Tainted: G B 5.17.0-rc2-syzkaller #0
[ 48.033106][ T206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.043126][ T206] Workqueue: netns cleanup_net
[ 48.047862][ T206] Call Trace:
[ 48.051111][ T206]
[ 48.054017][ T206] dump_stack_lvl+0x57/0x7d
[ 48.058489][ T206] panic+0x214/0x49f
[ 48.062352][ T206] ? __warn_printk+0xee/0xee
[ 48.066907][ T206] ? preempt_schedule_common+0x59/0xc0
[ 48.072331][ T206] ? ip6mr_sk_done+0xea/0x360
[ 48.076972][ T206] ? preempt_schedule_thunk+0x16/0x18
[ 48.082334][ T206] ? ip6mr_sk_done+0xea/0x360
[ 48.086996][ T206] ? ip6mr_sk_done+0xea/0x360
[ 48.091640][ T206] end_report.cold+0x63/0x6f
[ 48.096202][ T206] kasan_report.cold+0x71/0xdf
[ 48.100934][ T206] ? ip6mr_sk_done+0xea/0x360
[ 48.105587][ T206] kasan_check_range+0x13d/0x180
[ 48.110505][ T206] ip6mr_sk_done+0xea/0x360
[ 48.114987][ T206] ? remove_proc_entry+0x188/0x3e0
[ 48.120333][ T206] rawv6_close+0x3e/0x60
[ 48.124548][ T206] inet_release+0xef/0x210
[ 48.128944][ T206] sock_release+0x7d/0x190
[ 48.133339][ T206] igmp6_net_exit+0x61/0x160
[ 48.137898][ T206] ops_exit_list+0x94/0x160
[ 48.142368][ T206] cleanup_net+0x423/0x980
[ 48.146750][ T206] ? lockdep_hardirqs_on+0x79/0x100
[ 48.151919][ T206] ? unregister_pernet_device+0x60/0x60
[ 48.157431][ T206] process_one_work+0x879/0x1410
[ 48.162338][ T206] ? lock_release+0x720/0x720
[ 48.167005][ T206] ? pwq_dec_nr_in_flight+0x230/0x230
[ 48.172345][ T206] ? rwlock_bug.part.0+0x90/0x90
[ 48.177338][ T206] ? _raw_spin_lock_irq+0x41/0x50
[ 48.182350][ T206] worker_thread+0x5a0/0xf60
[ 48.186925][ T206] ? process_one_work+0x1410/0x1410
[ 48.192096][ T206] kthread+0x299/0x340
[ 48.196143][ T206] ? kthread_complete_and_exit+0x20/0x20
[ 48.201748][ T206] ret_from_fork+0x1f/0x30
[ 48.206140][ T206]
[ 48.209426][ T206] Kernel Offset: disabled
[ 48.213731][ T206] Rebooting in 86400 seconds..