------------[ cut here ]------------
WARNING: CPU: 0 PID: 28758 at net/can/isotp.c:852 isotp_tx_timer_handler+0x1f0/0x43c net/can/isotp.c:763
Modules linked in:
CPU: 0 PID: 28758 Comm: kworker/0:0 Not tainted 5.17.0-rc7-syzkaller #0
Hardware name: linux,dummy-virt (DT)
Workqueue: events nsim_dev_trap_report_work
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : isotp_tx_timer_handler+0x1f0/0x43c net/can/isotp.c:852
lr : __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
lr : __hrtimer_run_queues+0x140/0x1e0 kernel/time/hrtimer.c:1749
sp : ffff80000ca9b5b0
x29: ffff80000ca9b5b0 x28: ffff00007fbbf140 x27: ffff00007fbbf180
x26: ffff800009661454 x25: 0000000000000000 x24: 0000000000000001
x23: 0000000000000000 x22: 00000353f5a277d0 x21: f9ff000007870368
x20: f9ff000007870000 x19: f9ff000007870368 x18: 0000000000000014
x17: ffff800075973000 x16: ffff800008004000 x15: 0000000000004000
x14: 0000000000000001 x13: 00000000db33ea9e x12: 00000000a89a4851
x11: 00000000d406ed64 x10: ffff800075973000 x9 : 00000000e5758af4
x8 : 00000000000000f0 x7 : 0000000000000000 x6 : 0000000002a98562
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f3ff000023441f80 x0 : 0000000000000000
Call trace:
 isotp_tx_timer_handler+0x1f0/0x43c net/can/isotp.c:763
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x140/0x1e0 kernel/time/hrtimer.c:1749
 hrtimer_run_softirq+0x6c/0xd0 kernel/time/hrtimer.c:1766
 _stext+0x124/0x2a0
 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
 invoke_softirq kernel/softirq.c:439 [inline]
 __irq_exit_rcu+0xe4/0x100 kernel/softirq.c:637
 irq_exit_rcu+0x10/0x1c kernel/softirq.c:649
 __el1_irq arch/arm64/kernel/entry-common.c:439 [inline]
 el1_interrupt+0x38/0x80 arch/arm64/kernel/entry-common.c:460
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:465
 el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:568
 stack_trace_consume_entry+0x1c/0x70 kernel/stacktrace.c:86
 stack_trace_save+0x50/0x80 kernel/stacktrace.c:122
 kasan_save_stack+0x2c/0x5c mm/kasan/common.c:38
 kasan_set_track+0x2c/0x40 mm/kasan/common.c:45
 kasan_set_free_info+0x20/0x30 mm/kasan/tags.c:36
 ____kasan_slab_free.constprop.0+0x190/0x1e4 mm/kasan/common.c:366
 __kasan_slab_free+0x10/0x1c mm/kasan/common.c:374
 kasan_slab_free include/linux/kasan.h:236 [inline]
 slab_free_hook mm/slub.c:1728 [inline]
 slab_free_freelist_hook+0xc4/0x230 mm/slub.c:1754
 slab_free mm/slub.c:3509 [inline]
 kmem_cache_free+0xb0/0x3f0 mm/slub.c:3526
 kfree_skbmem+0x90/0xc0 net/core/skbuff.c:700
 __kfree_skb net/core/skbuff.c:757 [inline]
 kfree_skb_reason net/core/skbuff.c:776 [inline]
 kfree_skb_reason+0x4c/0xa0 net/core/skbuff.c:770
 kfree_skb include/linux/skbuff.h:1114 [inline]
 consume_skb include/linux/skbuff.h:1127 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report_work+0x270/0x2e0 drivers/net/netdevsim/dev.c:843
 process_one_work+0x1dc/0x370 kernel/workqueue.c:2307
 worker_thread+0x70/0x430 kernel/workqueue.c:2454
 kthread+0x108/0x10c kernel/kthread.c:377
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:756
---[ end trace 0000000000000000 ]---