[ 45.281652][ T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 45.288814][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 45.290881][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 45.297846][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 45.316425][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 46.177003][ T3602] can: request_module (can-proto-0) failed.
[ 46.195683][ T3602] can: request_module (can-proto-0) failed.
[ 46.213062][ T3602] can: request_module (can-proto-0) failed.
[ 47.983962][ T3605] syz-executor.0 (3605) used greatest stack depth: 22736 bytes left
[ 48.014356][ T90] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 50.513733][ T90] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 50.573529][ T90] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 50.644130][ T90] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.405543][ T90] device hsr_slave_0 left promiscuous mode
[ 51.412110][ T90] device hsr_slave_1 left promiscuous mode
[ 51.420229][ T90] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 51.427627][ T90] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 51.437145][ T90] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 51.445085][ T90] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 51.453881][ T90] device bridge_slave_1 left promiscuous mode
[ 51.461043][ T90] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.472772][ T90] device bridge_slave_0 left promiscuous mode
[ 51.480261][ T90] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.495383][ T90] device veth1_macvtap left promiscuous mode
[ 51.503025][ T90] device veth0_macvtap left promiscuous mode
[ 51.509540][ T90] device veth1_vlan left promiscuous mode
[ 51.515563][ T90] device veth0_vlan left promiscuous mode
[ 51.637414][ T90] team0 (unregistering): Port device team_slave_1 removed
[ 51.650609][ T90] team0 (unregistering): Port device team_slave_0 removed
[ 51.663749][ T90] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 51.676408][ T90] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 51.721131][ T90] bond0 (unregistering): Released all slaves
[ 52.107292][ T90] ==================================================================
[ 52.115470][ T90] BUG: KASAN: use-after-free in ip6mr_sk_done+0xea/0x360
[ 52.122491][ T90] Read of size 4 at addr ffff88801668d288 by task kworker/u4:3/90
[ 52.130269][ T90]
[ 52.132681][ T90] CPU: 1 PID: 90 Comm: kworker/u4:3 Not tainted 5.17.0-rc2-syzkaller #0
[ 52.141078][ T90] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.151440][ T90] Workqueue: netns cleanup_net
[ 52.156204][ T90] Call Trace:
[ 52.159468][ T90]
[ 52.162385][ T90] dump_stack_lvl+0x57/0x7d
[ 52.167046][ T90] print_address_description.constprop.0.cold+0x8d/0x336
[ 52.174064][ T90] ? ip6mr_sk_done+0xea/0x360
[ 52.178744][ T90] ? ip6mr_sk_done+0xea/0x360
[ 52.183661][ T90] kasan_report.cold+0x83/0xdf
[ 52.188433][ T90] ? ip6mr_sk_done+0xea/0x360
[ 52.193096][ T90] kasan_check_range+0x13d/0x180
[ 52.198018][ T90] ip6mr_sk_done+0xea/0x360
[ 52.202508][ T90] ? remove_proc_entry+0x188/0x3e0
[ 52.207592][ T90] rawv6_close+0x3e/0x60
[ 52.211807][ T90] inet_release+0xef/0x210
[ 52.216196][ T90] sock_release+0x7d/0x190
[ 52.220605][ T90] igmp6_net_exit+0x61/0x160
[ 52.225611][ T90] ops_exit_list+0x94/0x160
[ 52.230092][ T90] cleanup_net+0x423/0x980
[ 52.234491][ T90] ? lockdep_hardirqs_on+0x79/0x100
[ 52.239663][ T90] ? unregister_pernet_device+0x60/0x60
[ 52.245228][ T90] process_one_work+0x879/0x1410
[ 52.250151][ T90] ? lock_release+0x720/0x720
[ 52.254900][ T90] ? pwq_dec_nr_in_flight+0x230/0x230
[ 52.260270][ T90] ? rwlock_bug.part.0+0x90/0x90
[ 52.265192][ T90] ? _raw_spin_lock_irq+0x41/0x50
[ 52.270203][ T90] worker_thread+0x5a0/0xf60
[ 52.274818][ T90] ? process_one_work+0x1410/0x1410
[ 52.280000][ T90] kthread+0x299/0x340
[ 52.284060][ T90] ? kthread_complete_and_exit+0x20/0x20
[ 52.289983][ T90] ret_from_fork+0x1f/0x30
[ 52.294403][ T90]
[ 52.297402][ T90]
[ 52.299795][ T90] Allocated by task 90:
[ 52.303928][ T90] kasan_save_stack+0x1e/0x40
[ 52.308590][ T90] __kasan_kmalloc+0xa9/0xd0
[ 52.313271][ T90] set_kthread_struct+0xa6/0x1f0
[ 52.318193][ T90] copy_process+0x3064/0x6890
[ 52.322853][ T90] kernel_clone+0xb8/0x7f0
[ 52.327348][ T90] kernel_thread+0xa3/0xe0
[ 52.331746][ T90] call_usermodehelper_exec_work+0xa4/0x140
[ 52.337799][ T90] process_one_work+0x879/0x1410
[ 52.342713][ T90] worker_thread+0x5a0/0xf60
[ 52.347572][ T90] kthread+0x299/0x340
[ 52.351621][ T90] ret_from_fork+0x1f/0x30
[ 52.356010][ T90]
[ 52.358325][ T90] Freed by task 90:
[ 52.362107][ T90] kasan_save_stack+0x1e/0x40
[ 52.366759][ T90] kasan_set_track+0x21/0x30
[ 52.371326][ T90] kasan_set_free_info+0x20/0x30
[ 52.376369][ T90] ____kasan_slab_free+0x130/0x160
[ 52.381458][ T90] slab_free_freelist_hook+0x8b/0x1c0
[ 52.386800][ T90] kfree+0xcb/0x280
[ 52.390577][ T90] ops_exit_list+0x94/0x160
[ 52.395048][ T90] cleanup_net+0x423/0x980
[ 52.399435][ T90] process_one_work+0x879/0x1410
[ 52.404686][ T90] worker_thread+0x5a0/0xf60
[ 52.409244][ T90] kthread+0x299/0x340
[ 52.413283][ T90] ret_from_fork+0x1f/0x30
[ 52.417667][ T90]
[ 52.419969][ T90] The buggy address belongs to the object at ffff88801668d200
[ 52.419969][ T90] which belongs to the cache kmalloc-256 of size 256
[ 52.434681][ T90] The buggy address is located 136 bytes inside of
[ 52.434681][ T90] 256-byte region [ffff88801668d200, ffff88801668d300)
[ 52.447942][ T90] The buggy address belongs to the page:
[ 52.453563][ T90] page:ffffea000059a300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1668c
[ 52.463857][ T90] head:ffffea000059a300 order:1 compound_mapcount:0
[ 52.470429][ T90] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 52.478376][ T90] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff88800fc41b40
[ 52.486930][ T90] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 52.495829][ T90] page dumped because: kasan: bad access detected
[ 52.502209][ T90] page_owner tracks the page as allocated
[ 52.507901][ T90] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 3695148983, free_ts 0
[ 52.525749][ T90] get_page_from_freelist+0xa6f/0x2f10
[ 52.531184][ T90] __alloc_pages+0x1b2/0x500
[ 52.535744][ T90] alloc_page_interleave+0xf/0x1c0
[ 52.540924][ T90] new_slab+0x28a/0x3b0
[ 52.545063][ T90] ___slab_alloc+0x87e/0xe80
[ 52.549626][ T90] __slab_alloc.constprop.0+0x4d/0xa0
[ 52.555027][ T90] __kmalloc+0x2fb/0x340
[ 52.559242][ T90] __list_lru_init+0xbb/0x860
[ 52.563983][ T90] workingset_init+0xa4/0xc4
[ 52.568560][ T90] do_one_initcall+0xbe/0x440
[ 52.573229][ T90] kernel_init_freeable+0x5ab/0x605
[ 52.578493][ T90] kernel_init+0x14/0x130
[ 52.582957][ T90] ret_from_fork+0x1f/0x30
[ 52.587355][ T90] page_owner free stack trace missing
[ 52.592709][ T90]
[ 52.595015][ T90] Memory state around the buggy address:
[ 52.600620][ T90] ffff88801668d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.608654][ T90] ffff88801668d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.616892][ T90] >ffff88801668d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.625048][ T90] ^
[ 52.629356][ T90] ffff88801668d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.637396][ T90] ffff88801668d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.645432][ T90] ==================================================================
[ 52.653471][ T90] Disabling lock debugging due to kernel taint
[ 52.664355][ T90] Kernel panic - not syncing: panic_on_warn set ...
[ 52.670935][ T90] CPU: 1 PID: 90 Comm: kworker/u4:3 Tainted: G B 5.17.0-rc2-syzkaller #0
[ 52.680725][ T90] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.690865][ T90] Workqueue: netns cleanup_net
[ 52.695636][ T90] Call Trace:
[ 52.698903][ T90]
[ 52.701833][ T90] dump_stack_lvl+0x57/0x7d
[ 52.706325][ T90] panic+0x214/0x49f
[ 52.710217][ T90] ? __warn_printk+0xee/0xee
[ 52.714803][ T90] ? preempt_schedule_common+0x59/0xc0
[ 52.720254][ T90] ? ip6mr_sk_done+0xea/0x360
[ 52.724931][ T90] ? preempt_schedule_thunk+0x16/0x18
[ 52.730298][ T90] ? ip6mr_sk_done+0xea/0x360
[ 52.734971][ T90] ? ip6mr_sk_done+0xea/0x360
[ 52.739652][ T90] end_report.cold+0x63/0x6f
[ 52.744239][ T90] kasan_report.cold+0x71/0xdf
[ 52.749082][ T90] ? ip6mr_sk_done+0xea/0x360
[ 52.753754][ T90] kasan_check_range+0x13d/0x180
[ 52.758687][ T90] ip6mr_sk_done+0xea/0x360
[ 52.763190][ T90] ? remove_proc_entry+0x188/0x3e0
[ 52.768295][ T90] rawv6_close+0x3e/0x60
[ 52.772542][ T90] inet_release+0xef/0x210
[ 52.776957][ T90] sock_release+0x7d/0x190
[ 52.781375][ T90] igmp6_net_exit+0x61/0x160
[ 52.785960][ T90] ops_exit_list+0x94/0x160
[ 52.790459][ T90] cleanup_net+0x423/0x980
[ 52.794868][ T90] ? lockdep_hardirqs_on+0x79/0x100
[ 52.800239][ T90] ? unregister_pernet_device+0x60/0x60
[ 52.805869][ T90] process_one_work+0x879/0x1410
[ 52.810995][ T90] ? lock_release+0x720/0x720
[ 52.815665][ T90] ? pwq_dec_nr_in_flight+0x230/0x230
[ 52.821148][ T90] ? rwlock_bug.part.0+0x90/0x90
[ 52.826091][ T90] ? _raw_spin_lock_irq+0x41/0x50
[ 52.831113][ T90] worker_thread+0x5a0/0xf60
[ 52.835706][ T90] ? process_one_work+0x1410/0x1410
[ 52.840904][ T90] kthread+0x299/0x340
[ 52.845058][ T90] ? kthread_complete_and_exit+0x20/0x20
[ 52.850755][ T90] ret_from_fork+0x1f/0x30
[ 52.855190][ T90]
[ 52.858499][ T90] Kernel Offset: disabled
[ 52.863047][ T90] Rebooting in 86400 seconds..