[  445.291837][  T255] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.839149][  T255] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.033738][  T255] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.183391][  T255] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts.
[  448.810843][  T255] device hsr_slave_0 left promiscuous mode
[  448.841159][  T255] device hsr_slave_1 left promiscuous mode
[  448.880936][  T255] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  448.910464][  T255] batman_adv: batadv0: Removing interface: batadv_slave_0
[  448.957371][  T255] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  448.992385][  T255] batman_adv: batadv0: Removing interface: batadv_slave_1
[  449.031502][  T255] device bridge_slave_1 left promiscuous mode
[  449.055637][  T255] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.093323][  T255] device bridge_slave_0 left promiscuous mode
[  449.116552][  T255] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.180009][  T255] device veth1_macvtap left promiscuous mode
[  449.205451][  T255] device veth0_macvtap left promiscuous mode
[  449.231787][  T255] device veth1_vlan left promiscuous mode
[  449.255973][  T255] device veth0_vlan left promiscuous mode
[  477.280446][  T255] team0 (unregistering): Port device team_slave_1 removed
[  477.353542][  T255] team0 (unregistering): Port device team_slave_0 removed
[  477.419459][  T255] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  477.493992][  T255] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  477.901218][  T255] bond0 (unregistering): Released all slaves
[  484.292689][T27771] ==================================================================
[  484.301191][T27771] BUG: KASAN: use-after-free in kobject_put+0x493/0x540
[  484.308260][T27771] Read of size 1 at addr ffff8880234ac4bc by task syz-executor123/27771
[  484.316596][T27771] 
[  484.318928][T27771] CPU: 1 PID: 27771 Comm: syz-executor123 Not tainted 5.13.0-rc7-syzkaller #0
[  484.327810][T27771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  484.337959][T27771] Call Trace:
[  484.341401][T27771]  dump_stack+0x141/0x1d7
[  484.345906][T27771]  ? kobject_put+0x493/0x540
[  484.350509][T27771]  print_address_description.constprop.0.cold+0x5b/0x2f8
[  484.357586][T27771]  ? kobject_put+0x493/0x540
[  484.362271][T27771]  ? kobject_put+0x493/0x540
[  484.366853][T27771]  kasan_report.cold+0x7c/0xd8
[  484.371616][T27771]  ? kobject_put+0x493/0x540
[  484.376202][T27771]  kobject_put+0x493/0x540
[  484.380614][T27771]  delete_partition+0xb9/0x180
[  484.385469][T27771]  bdev_del_partition+0xe5/0x100
[  484.390401][T27771]  blkpg_do_ioctl+0x2e8/0x340
[  484.395076][T27771]  ? blkdev_pr_preempt+0x260/0x260
[  484.403071][T27771]  blkdev_ioctl+0x577/0x6d0
[  484.407572][T27771]  ? blkdev_common_ioctl+0x1840/0x1840
[  484.413058][T27771]  block_ioctl+0xf9/0x140
[  484.417430][T27771]  ? blkdev_read_iter+0x1c0/0x1c0
[  484.422445][T27771]  __x64_sys_ioctl+0x193/0x200
[  484.427230][T27771]  do_syscall_64+0x3a/0xb0
[  484.431689][T27771]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  484.437606][T27771] RIP: 0033:0x444309
[  484.441520][T27771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  484.461126][T27771] RSP: 002b:00007ffed6876f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  484.469528][T27771] RAX: ffffffffffffffda RBX: 0000000000487062 RCX: 0000000000444309
[  484.477489][T27771] RDX: 0000000020000240 RSI: 0000000000001269 RDI: 0000000000000004
[  484.485451][T27771] RBP: 0000000000000000 R08: 0023706f6f6c2f76 R09: 0000000000000001
[  484.493824][T27771] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000076392
[  484.501793][T27771] R13: 00007ffed6876f8c R14: 00007ffed6876fa0 R15: 00007ffed6876f90
[  484.510118][T27771] 
[  484.512432][T27771] Allocated by task 27771:
[  484.516826][T27771]  kasan_save_stack+0x1b/0x40
[  484.521559][T27771]  __kasan_kmalloc+0x9b/0xd0
[  484.526137][T27771]  kobject_create_and_add+0x42/0xb0
[  484.531325][T27771]  add_partition+0x5ee/0x910
[  484.535903][T27771]  bdev_add_partition+0xb6/0x130
[  484.540828][T27771]  blkpg_do_ioctl+0x2d0/0x340
[  484.545595][T27771]  blkdev_ioctl+0x577/0x6d0
[  484.550173][T27771]  block_ioctl+0xf9/0x140
[  484.554489][T27771]  __x64_sys_ioctl+0x193/0x200
[  484.559241][T27771]  do_syscall_64+0x3a/0xb0
[  484.563660][T27771]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  484.569543][T27771] 
[  484.571849][T27771] Freed by task 27775:
[  484.575899][T27771]  kasan_save_stack+0x1b/0x40
[  484.580567][T27771]  kasan_set_track+0x1c/0x30
[  484.585145][T27771]  kasan_set_free_info+0x20/0x30
[  484.590138][T27771]  __kasan_slab_free+0xfb/0x130
[  484.594978][T27771]  slab_free_freelist_hook+0xdf/0x240
[  484.600338][T27771]  kfree+0xe5/0x7f0
[  484.604133][T27771]  kobject_put+0x1c8/0x540
[  484.608548][T27771]  delete_partition+0xb9/0x180
[  484.613386][T27771]  bdev_del_partition+0xe5/0x100
[  484.618314][T27771]  blkpg_do_ioctl+0x2e8/0x340
[  484.622980][T27771]  blkdev_ioctl+0x577/0x6d0
[  484.627474][T27771]  block_ioctl+0xf9/0x140
[  484.631789][T27771]  __x64_sys_ioctl+0x193/0x200
[  484.636536][T27771]  do_syscall_64+0x3a/0xb0
[  484.640943][T27771]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  484.646828][T27771] 
[  484.649135][T27771] Last potentially related work creation:
[  484.654827][T27771]  kasan_save_stack+0x1b/0x40
[  484.659492][T27771]  kasan_record_aux_stack+0xe5/0x110
[  484.664762][T27771]  kvfree_call_rcu+0x74/0x8c0
[  484.669493][T27771]  sctp_inet6addr_event+0x387/0x800
[  484.674716][T27771]  notifier_call_chain+0xb5/0x200
[  484.679769][T27771]  atomic_notifier_call_chain+0x8d/0x170
[  484.685391][T27771]  addrconf_ifdown.isra.0+0xa71/0x15b0
[  484.690902][T27771]  addrconf_notify+0x55c/0x23e0
[  484.695740][T27771]  notifier_call_chain+0xb5/0x200
[  484.700772][T27771]  call_netdevice_notifiers_info+0xb5/0x130
[  484.706894][T27771]  dev_close_many+0x2ff/0x620
[  484.711564][T27771]  unregister_netdevice_many+0x3ff/0x1790
[  484.717270][T27771]  default_device_exit_batch+0x2fa/0x3c0
[  484.722916][T27771]  ops_exit_list+0x10d/0x160
[  484.727494][T27771]  cleanup_net+0x4ea/0xb10
[  484.731898][T27771]  process_one_work+0x98d/0x1600
[  484.736888][T27771]  worker_thread+0x64c/0x1120
[  484.741554][T27771]  kthread+0x3b1/0x4a0
[  484.745617][T27771]  ret_from_fork+0x1f/0x30
[  484.750041][T27771] 
[  484.752352][T27771] The buggy address belongs to the object at ffff8880234ac480
[  484.752352][T27771]  which belongs to the cache kmalloc-64 of size 64
[  484.766213][T27771] The buggy address is located 60 bytes inside of
[  484.766213][T27771]  64-byte region [ffff8880234ac480, ffff8880234ac4c0)
[  484.779477][T27771] The buggy address belongs to the page:
[  484.785089][T27771] page:ffffea00008d2b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x234ac
[  484.795237][T27771] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  484.802862][T27771] raw: 00fff00000000200 ffffea000052bc00 0000001400000014 ffff888010041640
[  484.811433][T27771] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[  484.820012][T27771] page dumped because: kasan: bad access detected
[  484.826403][T27771] 
[  484.828718][T27771] Memory state around the buggy address:
[  484.834330][T27771]  ffff8880234ac380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  484.842373][T27771]  ffff8880234ac400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  484.850425][T27771] >ffff8880234ac480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  484.858550][T27771]                                         ^
[  484.864424][T27771]  ffff8880234ac500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  484.872478][T27771]  ffff8880234ac580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  484.880755][T27771] ==================================================================
[  484.888794][T27771] Disabling lock debugging due to kernel taint
[  484.898929][T27771] Kernel panic - not syncing: panic_on_warn set ...
[  484.905613][T27771] CPU: 0 PID: 27771 Comm: syz-executor123 Tainted: G    B             5.13.0-rc7-syzkaller #0
[  484.915852][T27771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  484.925964][T27771] Call Trace:
[  484.929244][T27771]  dump_stack+0x141/0x1d7
[  484.933584][T27771]  panic+0x306/0x73d
[  484.937524][T27771]  ? __warn_printk+0xf3/0xf3
[  484.942130][T27771]  ? preempt_schedule_common+0x59/0xc0
[  484.947610][T27771]  ? kobject_put+0x493/0x540
[  484.952298][T27771]  ? preempt_schedule_thunk+0x16/0x18
[  484.957686][T27771]  ? trace_hardirqs_on+0x38/0x1c0
[  484.962787][T27771]  ? trace_hardirqs_on+0x51/0x1c0
[  484.967810][T27771]  ? kobject_put+0x493/0x540
[  484.972389][T27771]  ? kobject_put+0x493/0x540
[  484.976981][T27771]  end_report.cold+0x5a/0x5a
[  484.981557][T27771]  kasan_report.cold+0x6a/0xd8
[  484.986318][T27771]  ? kobject_put+0x493/0x540
[  484.990910][T27771]  kobject_put+0x493/0x540
[  484.995400][T27771]  delete_partition+0xb9/0x180
[  485.000161][T27771]  bdev_del_partition+0xe5/0x100
[  485.005105][T27771]  blkpg_do_ioctl+0x2e8/0x340
[  485.009775][T27771]  ? blkdev_pr_preempt+0x260/0x260
[  485.014891][T27771]  blkdev_ioctl+0x577/0x6d0
[  485.019380][T27771]  ? blkdev_common_ioctl+0x1840/0x1840
[  485.024826][T27771]  block_ioctl+0xf9/0x140
[  485.029161][T27771]  ? blkdev_read_iter+0x1c0/0x1c0
[  485.034166][T27771]  __x64_sys_ioctl+0x193/0x200
[  485.038917][T27771]  do_syscall_64+0x3a/0xb0
[  485.043407][T27771]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  485.049288][T27771] RIP: 0033:0x444309
[  485.053162][T27771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  485.072759][T27771] RSP: 002b:00007ffed6876f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  485.081155][T27771] RAX: ffffffffffffffda RBX: 0000000000487062 RCX: 0000000000444309
[  485.089111][T27771] RDX: 0000000020000240 RSI: 0000000000001269 RDI: 0000000000000004
[  485.097072][T27771] RBP: 0000000000000000 R08: 0023706f6f6c2f76 R09: 0000000000000001
[  485.105058][T27771] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000076392
[  485.113023][T27771] R13: 00007ffed6876f8c R14: 00007ffed6876fa0 R15: 00007ffed6876f90
[  485.122333][T27771] Kernel Offset: disabled
[  485.126641][T27771] Rebooting in 86400 seconds..