[ 42.784642][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 42.786820][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 42.792548][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 42.811307][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 42.935878][ T990] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 43.549399][ T3589] can: request_module (can-proto-0) failed.
[ 43.569008][ T3589] can: request_module (can-proto-0) failed.
[ 43.586675][ T3589] can: request_module (can-proto-0) failed.
[ 45.666144][ T3597] syz-executor.0 (3597) used greatest stack depth: 23208 bytes left
[ 45.731362][ T990] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 48.178399][ T990] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 48.249010][ T990] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 49.001247][ T990] device hsr_slave_0 left promiscuous mode
[ 49.009552][ T990] device hsr_slave_1 left promiscuous mode
[ 49.017076][ T990] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 49.024845][ T990] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 49.034648][ T990] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 49.042170][ T990] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 49.052177][ T990] device bridge_slave_1 left promiscuous mode
[ 49.060059][ T990] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.073677][ T990] device bridge_slave_0 left promiscuous mode
[ 49.079880][ T990] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.095566][ T990] device veth1_macvtap left promiscuous mode
[ 49.102002][ T990] device veth0_macvtap left promiscuous mode
[ 49.108444][ T990] device veth1_vlan left promiscuous mode
[ 49.115255][ T990] device veth0_vlan left promiscuous mode
[ 49.230711][ T990] team0 (unregistering): Port device team_slave_1 removed
[ 49.242515][ T990] team0 (unregistering): Port device team_slave_0 removed
[ 49.255496][ T990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 49.270977][ T990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 49.316827][ T990] bond0 (unregistering): Released all slaves
[ 49.707032][ T990] ==================================================================
[ 49.715252][ T990] BUG: KASAN: use-after-free in ip6mr_sk_done+0xea/0x360
[ 49.722276][ T990] Read of size 4 at addr ffff88800fe3ee88 by task kworker/u4:4/990
[ 49.730168][ T990]
[ 49.732498][ T990] CPU: 0 PID: 990 Comm: kworker/u4:4 Not tainted 5.17.0-rc2-syzkaller #0
[ 49.740898][ T990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.751066][ T990] Workqueue: netns cleanup_net
[ 49.756325][ T990] Call Trace:
[ 49.759612][ T990]
[ 49.762547][ T990] dump_stack_lvl+0x57/0x7d
[ 49.767062][ T990] print_address_description.constprop.0.cold+0x8d/0x336
[ 49.774087][ T990] ? ip6mr_sk_done+0xea/0x360
[ 49.778762][ T990] ? ip6mr_sk_done+0xea/0x360
[ 49.783438][ T990] kasan_report.cold+0x83/0xdf
[ 49.788213][ T990] ? ip6mr_sk_done+0xea/0x360
[ 49.792895][ T990] kasan_check_range+0x13d/0x180
[ 49.797834][ T990] ip6mr_sk_done+0xea/0x360
[ 49.802322][ T990] ? remove_proc_entry+0x188/0x3e0
[ 49.807412][ T990] rawv6_close+0x3e/0x60
[ 49.811631][ T990] inet_release+0xef/0x210
[ 49.816023][ T990] sock_release+0x7d/0x190
[ 49.820419][ T990] igmp6_net_exit+0x61/0x160
[ 49.824988][ T990] ops_exit_list+0x94/0x160
[ 49.829472][ T990] cleanup_net+0x423/0x980
[ 49.833866][ T990] ? lockdep_hardirqs_on+0x79/0x100
[ 49.839062][ T990] ? unregister_pernet_device+0x60/0x60
[ 49.844587][ T990] process_one_work+0x879/0x1410
[ 49.849509][ T990] ? lock_release+0x720/0x720
[ 49.854162][ T990] ? pwq_dec_nr_in_flight+0x230/0x230
[ 49.859512][ T990] ? rwlock_bug.part.0+0x90/0x90
[ 49.864439][ T990] ? _raw_spin_lock_irq+0x41/0x50
[ 49.869531][ T990] worker_thread+0x5a0/0xf60
[ 49.874142][ T990] ? process_one_work+0x1410/0x1410
[ 49.879326][ T990] kthread+0x299/0x340
[ 49.883372][ T990] ? kthread_complete_and_exit+0x20/0x20
[ 49.888986][ T990] ret_from_fork+0x1f/0x30
[ 49.893399][ T990]
[ 49.896395][ T990]
[ 49.898696][ T990] Allocated by task 8:
[ 49.902748][ T990] kasan_save_stack+0x1e/0x40
[ 49.907402][ T990] __kasan_kmalloc+0xa9/0xd0
[ 49.911971][ T990] set_kthread_struct+0xa6/0x1f0
[ 49.916885][ T990] copy_process+0x3064/0x6890
[ 49.921555][ T990] kernel_clone+0xb8/0x7f0
[ 49.925943][ T990] kernel_thread+0xa3/0xe0
[ 49.930328][ T990] call_usermodehelper_exec_work+0xa4/0x140
[ 49.936212][ T990] process_one_work+0x879/0x1410
[ 49.941133][ T990] worker_thread+0x5a0/0xf60
[ 49.945706][ T990] kthread+0x299/0x340
[ 49.949755][ T990] ret_from_fork+0x1f/0x30
[ 49.954152][ T990]
[ 49.956461][ T990] Freed by task 990:
[ 49.960331][ T990] kasan_save_stack+0x1e/0x40
[ 49.965067][ T990] kasan_set_track+0x21/0x30
[ 49.969629][ T990] kasan_set_free_info+0x20/0x30
[ 49.974539][ T990] ____kasan_slab_free+0x130/0x160
[ 49.979632][ T990] slab_free_freelist_hook+0x8b/0x1c0
[ 49.984977][ T990] kfree+0xcb/0x280
[ 49.988766][ T990] ops_exit_list+0x94/0x160
[ 49.993240][ T990] cleanup_net+0x423/0x980
[ 49.997633][ T990] process_one_work+0x879/0x1410
[ 50.002990][ T990] worker_thread+0x5a0/0xf60
[ 50.007581][ T990] kthread+0x299/0x340
[ 50.011661][ T990] ret_from_fork+0x1f/0x30
[ 50.016060][ T990]
[ 50.018368][ T990] The buggy address belongs to the object at ffff88800fe3ee00
[ 50.018368][ T990] which belongs to the cache kmalloc-256 of size 256
[ 50.032416][ T990] The buggy address is located 136 bytes inside of
[ 50.032416][ T990] 256-byte region [ffff88800fe3ee00, ffff88800fe3ef00)
[ 50.045669][ T990] The buggy address belongs to the page:
[ 50.051270][ T990] page:ffffea00003f8f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfe3e
[ 50.061301][ T990] head:ffffea00003f8f80 order:1 compound_mapcount:0
[ 50.067865][ T990] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 50.075818][ T990] raw: 00fff00000010200 ffffea000050f500 dead000000000003 ffff88800fc41b40
[ 50.084387][ T990] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 50.092941][ T990] page dumped because: kasan: bad access detected
[ 50.099343][ T990] page_owner tracks the page as allocated
[ 50.105051][ T990] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8, ts 3659965345, free_ts 0
[ 50.122911][ T990] get_page_from_freelist+0xa6f/0x2f10
[ 50.128352][ T990] __alloc_pages+0x1b2/0x500
[ 50.132917][ T990] new_slab+0x28a/0x3b0
[ 50.137062][ T990] ___slab_alloc+0x87e/0xe80
[ 50.141624][ T990] __slab_alloc.constprop.0+0x4d/0xa0
[ 50.146971][ T990] kmem_cache_alloc_trace+0x289/0x2c0
[ 50.152317][ T990] set_kthread_struct+0xa6/0x1f0
[ 50.157315][ T990] copy_process+0x3064/0x6890
[ 50.161973][ T990] kernel_clone+0xb8/0x7f0
[ 50.166359][ T990] kernel_thread+0xa3/0xe0
[ 50.170767][ T990] call_usermodehelper_exec_work+0xa4/0x140
[ 50.176652][ T990] process_one_work+0x879/0x1410
[ 50.181574][ T990] worker_thread+0x5a0/0xf60
[ 50.186142][ T990] kthread+0x299/0x340
[ 50.190186][ T990] ret_from_fork+0x1f/0x30
[ 50.194579][ T990] page_owner free stack trace missing
[ 50.199945][ T990]
[ 50.202260][ T990] Memory state around the buggy address:
[ 50.207877][ T990] ffff88800fe3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.215924][ T990] ffff88800fe3ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.223965][ T990] >ffff88800fe3ee80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.232133][ T990] ^
[ 50.236562][ T990] ffff88800fe3ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.244601][ T990] ffff88800fe3ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.252638][ T990] ==================================================================
[ 50.260671][ T990] Disabling lock debugging due to kernel taint
[ 50.267356][ T990] Kernel panic - not syncing: panic_on_warn set ...
[ 50.273943][ T990] CPU: 1 PID: 990 Comm: kworker/u4:4 Tainted: G B 5.17.0-rc2-syzkaller #0
[ 50.283727][ T990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.293796][ T990] Workqueue: netns cleanup_net
[ 50.298554][ T990] Call Trace:
[ 50.301826][ T990]
[ 50.304754][ T990] dump_stack_lvl+0x57/0x7d
[ 50.309254][ T990] panic+0x214/0x49f
[ 50.313152][ T990] ? __warn_printk+0xee/0xee
[ 50.317807][ T990] ? preempt_schedule_common+0x59/0xc0
[ 50.323262][ T990] ? ip6mr_sk_done+0xea/0x360
[ 50.327943][ T990] ? preempt_schedule_thunk+0x16/0x18
[ 50.333312][ T990] ? ip6mr_sk_done+0xea/0x360
[ 50.337981][ T990] ? ip6mr_sk_done+0xea/0x360
[ 50.342690][ T990] end_report.cold+0x63/0x6f
[ 50.347288][ T990] kasan_report.cold+0x71/0xdf
[ 50.352052][ T990] ? ip6mr_sk_done+0xea/0x360
[ 50.356723][ T990] kasan_check_range+0x13d/0x180
[ 50.361656][ T990] ip6mr_sk_done+0xea/0x360
[ 50.366157][ T990] ? remove_proc_entry+0x188/0x3e0
[ 50.371264][ T990] rawv6_close+0x3e/0x60
[ 50.375508][ T990] inet_release+0xef/0x210
[ 50.379929][ T990] sock_release+0x7d/0x190
[ 50.384344][ T990] igmp6_net_exit+0x61/0x160
[ 50.388931][ T990] ops_exit_list+0x94/0x160
[ 50.393429][ T990] cleanup_net+0x423/0x980
[ 50.397843][ T990] ? lockdep_hardirqs_on+0x79/0x100
[ 50.403041][ T990] ? unregister_pernet_device+0x60/0x60
[ 50.408583][ T990] process_one_work+0x879/0x1410
[ 50.413520][ T990] ? lock_release+0x720/0x720
[ 50.418196][ T990] ? pwq_dec_nr_in_flight+0x230/0x230
[ 50.423568][ T990] ? rwlock_bug.part.0+0x90/0x90
[ 50.428507][ T990] ? _raw_spin_lock_irq+0x41/0x50
[ 50.433526][ T990] worker_thread+0x5a0/0xf60
[ 50.438115][ T990] ? process_one_work+0x1410/0x1410
[ 50.443309][ T990] kthread+0x299/0x340
[ 50.447466][ T990] ? kthread_complete_and_exit+0x20/0x20
[ 50.453100][ T990] ret_from_fork+0x1f/0x30
[ 50.457519][ T990]
[ 50.460837][ T990] Kernel Offset: disabled
[ 50.465153][ T990] Rebooting in 86400 seconds..