Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts. syzkaller login: [ 70.785624][ T8464] chnl_net:caif_netlink_parms(): no params data found [ 70.838729][ T8464] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.846354][ T8464] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.855435][ T8464] device bridge_slave_0 entered promiscuous mode [ 70.864646][ T8464] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.871884][ T8464] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.880049][ T8464] device bridge_slave_1 entered promiscuous mode [ 70.901082][ T8464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.911913][ T8464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.934635][ T8464] team0: Port device team_slave_0 added [ 70.941967][ T8464] team0: Port device team_slave_1 added [ 70.959984][ T8464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.966949][ T8464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.993030][ T8464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.005979][ T8464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.014184][ T8464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.041089][ T8464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.067996][ T8464] device hsr_slave_0 entered promiscuous mode [ 71.076776][ T8464] device hsr_slave_1 entered promiscuous mode [ 71.180287][ T8464] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.192790][ T8464] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.201787][ T8464] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.211848][ T8464] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.237359][ T8464] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.244561][ T8464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.252336][ T8464] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.259456][ T8464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.303525][ T8464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.316326][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.328148][ T2960] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.337258][ T2960] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.345932][ T2960] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 71.359270][ T8464] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.370848][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.379757][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.386785][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.409698][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.419234][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.426285][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.435234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.444096][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.459919][ T8464] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.472538][ T8464] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.485542][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.494313][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.503538][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.516662][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.536225][ T8464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.543800][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.551389][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.571737][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.590980][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.599964][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.607793][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.618864][ T8464] device veth0_vlan entered promiscuous mode [ 71.632535][ T8464] device veth1_vlan entered promiscuous mode [ 71.653418][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.661960][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.670811][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.681479][ T8464] device veth0_macvtap entered promiscuous mode [ 71.692721][ T8464] device veth1_macvtap entered promiscuous mode [ 71.711040][ T8464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.719638][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.729711][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.742800][ T8464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.750725][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.763196][ T8464] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 71.773305][ T8464] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.782470][ T8464] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.791903][ T8464] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.832692][ T8464] ------------[ cut here ]------------ [ 71.838160][ T8464] ODEBUG: free active (active state 0) object type: hrtimer hint: advance_sched+0x0/0x9a0 [ 71.849916][ T8464] WARNING: CPU: 0 PID: 8464 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 [ 71.862724][ T8464] Modules linked in: [ 71.866642][ T8464] CPU: 1 PID: 8464 Comm: syz-executor773 Not tainted 5.14.0-rc6-syzkaller #0 [ 71.875910][ T8464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.886319][ T8464] RIP: 0010:debug_print_object+0x16e/0x250 [ 71.892362][ T8464] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 20 c4 e3 89 4c 89 ee 48 c7 c7 20 b8 e3 89 e8 20 d8 0d 05 <0f> 0b 83 05 85 45 92 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 [ 71.912520][ T8464] RSP: 0018:ffffc9000178f330 EFLAGS: 00010282 [ 71.918736][ T8464] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 71.926786][ T8464] RDX: ffff8880151c1c40 RSI: ffffffff815d85c5 RDI: fffff520002f1e58 [ 71.934857][ T8464] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 71.943067][ T8464] R10: ffffffff815d23fe R11: 0000000000000000 R12: ffffffff898dcfa0 [ 71.951170][ T8464] R13: ffffffff89e3be60 R14: ffffffff81653440 R15: dffffc0000000000 [ 71.959305][ T8464] FS: 0000000001304300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 71.968354][ T8464] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.974988][ T8464] CR2: 00007f79801ea000 CR3: 0000000027ad2000 CR4: 00000000001506e0 [ 71.983453][ T8464] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.991902][ T8464] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.001567][ T8464] Call Trace: [ 72.004851][ T8464] ? lockdep_hardirqs_on+0x79/0x100 [ 72.010991][ T8464] debug_check_no_obj_freed+0x301/0x420 [ 72.016544][ T8464] ? slab_free_freelist_hook+0x13f/0x240 [ 72.024309][ T8464] slab_free_freelist_hook+0x171/0x240 [ 72.029941][ T8464] kfree+0xe4/0x540 [ 72.033765][ T8464] ? qdisc_create+0xbc5/0x1320 [ 72.038673][ T8464] ? taprio_destroy+0x3ce/0x4d0 [ 72.043556][ T8464] qdisc_create+0xbc5/0x1320 [ 72.048144][ T8464] ? tc_get_qdisc+0xb50/0xb50 [ 72.052930][ T8464] ? __nla_parse+0x3d/0x50 [ 72.057362][ T8464] tc_modify_qdisc+0x4c8/0x1a60 [ 72.062368][ T8464] ? qdisc_create+0x1320/0x1320 [ 72.067235][ T8464] ? rtnetlink_rcv_msg+0x3be/0xb80 [ 72.072470][ T8464] ? qdisc_create+0x1320/0x1320 [ 72.077334][ T8464] rtnetlink_rcv_msg+0x413/0xb80 [ 72.082338][ T8464] ? rtnl_newlink+0xa0/0xa0 [ 72.086853][ T8464] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 72.092232][ T8464] netlink_rcv_skb+0x153/0x420 [ 72.097011][ T8464] ? rtnl_newlink+0xa0/0xa0 [ 72.101678][ T8464] ? netlink_ack+0xa60/0xa60 [ 72.106280][ T8464] ? netlink_deliver_tap+0x1a2/0xbc0 [ 72.111692][ T8464] netlink_unicast+0x533/0x7d0 [ 72.116472][ T8464] ? netlink_attachskb+0x890/0x890 [ 72.121650][ T8464] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.127905][ T8464] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.134717][ T8464] ? __phys_addr_symbol+0x2c/0x70 [ 72.140298][ T8464] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.146030][ T8464] ? __check_object_size+0x16e/0x3f0 [ 72.151655][ T8464] netlink_sendmsg+0x86d/0xdb0 [ 72.156449][ T8464] ? netlink_unicast+0x7d0/0x7d0 [ 72.161545][ T8464] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.167806][ T8464] ? netlink_unicast+0x7d0/0x7d0 [ 72.172945][ T8464] sock_sendmsg+0xcf/0x120 [ 72.177381][ T8464] ____sys_sendmsg+0x6e8/0x810 [ 72.182533][ T8464] ? kernel_sendmsg+0x50/0x50 [ 72.187225][ T8464] ? do_recvmmsg+0x6d0/0x6d0 [ 72.191969][ T8464] ? lock_chain_count+0x20/0x20 [ 72.196847][ T8464] ___sys_sendmsg+0xf3/0x170 [ 72.201498][ T8464] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.206797][ T8464] ? __lock_acquire+0x162f/0x54a0 [ 72.211909][ T8464] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.217896][ T8464] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.224014][ T8464] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.230434][ T8464] ? __fget_light+0x215/0x280 [ 72.235130][ T8464] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.241846][ T8464] __sys_sendmsg+0xe5/0x1b0 [ 72.246374][ T8464] ? __sys_sendmsg_sock+0x30/0x30 [ 72.251512][ T8464] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.257422][ T8464] do_syscall_64+0x35/0xb0 [ 72.261903][ T8464] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.267807][ T8464] RIP: 0033:0x4439e9 [ 72.271776][ T8464] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.291577][ T8464] RSP: 002b:00007fff7c739ee8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.300149][ T8464] RAX: ffffffffffffffda RBX: 00007fff7c739ef8 RCX: 00000000004439e9 [ 72.308132][ T8464] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 72.316246][ T8464] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 72.324359][ T8464] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff7c739f00 [ 72.333689][ T8464] R13: 00007fff7c739f20 R14: 00000000004b9018 R15: 00000000004004b8 [ 72.341921][ T8464] Kernel panic - not syncing: panic_on_warn set ... [ 72.348519][ T8464] CPU: 1 PID: 8464 Comm: syz-executor773 Not tainted 5.14.0-rc6-syzkaller #0 [ 72.357299][ T8464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.367357][ T8464] Call Trace: [ 72.370625][ T8464] dump_stack_lvl+0xcd/0x134 [ 72.375205][ T8464] panic+0x306/0x73d [ 72.379085][ T8464] ? __warn_printk+0xf3/0xf3 [ 72.383667][ T8464] ? __warn.cold+0x1a/0x44 [ 72.388070][ T8464] ? debug_print_object+0x16e/0x250 [ 72.393253][ T8464] __warn.cold+0x35/0x44 [ 72.397495][ T8464] ? debug_print_object+0x16e/0x250 [ 72.402679][ T8464] report_bug+0x1bd/0x210 [ 72.406994][ T8464] handle_bug+0x3c/0x60 [ 72.411134][ T8464] exc_invalid_op+0x14/0x40 [ 72.415622][ T8464] asm_exc_invalid_op+0x12/0x20 [ 72.420463][ T8464] RIP: 0010:debug_print_object+0x16e/0x250 [ 72.426257][ T8464] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 20 c4 e3 89 4c 89 ee 48 c7 c7 20 b8 e3 89 e8 20 d8 0d 05 <0f> 0b 83 05 85 45 92 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 [ 72.445847][ T8464] RSP: 0018:ffffc9000178f330 EFLAGS: 00010282 [ 72.451911][ T8464] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 72.459879][ T8464] RDX: ffff8880151c1c40 RSI: ffffffff815d85c5 RDI: fffff520002f1e58 [ 72.467830][ T8464] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 72.475786][ T8464] R10: ffffffff815d23fe R11: 0000000000000000 R12: ffffffff898dcfa0 [ 72.483741][ T8464] R13: ffffffff89e3be60 R14: ffffffff81653440 R15: dffffc0000000000 [ 72.491695][ T8464] ? ktime_add_safe+0x70/0x70 [ 72.496363][ T8464] ? wake_up_klogd.part.0+0x8e/0xd0 [ 72.501568][ T8464] ? vprintk+0x95/0x260 [ 72.505713][ T8464] ? lockdep_hardirqs_on+0x79/0x100 [ 72.510899][ T8464] debug_check_no_obj_freed+0x301/0x420 [ 72.516431][ T8464] ? slab_free_freelist_hook+0x13f/0x240 [ 72.522053][ T8464] slab_free_freelist_hook+0x171/0x240 [ 72.527508][ T8464] kfree+0xe4/0x540 [ 72.531300][ T8464] ? qdisc_create+0xbc5/0x1320 [ 72.536050][ T8464] ? taprio_destroy+0x3ce/0x4d0 [ 72.540886][ T8464] qdisc_create+0xbc5/0x1320 [ 72.545488][ T8464] ? tc_get_qdisc+0xb50/0xb50 [ 72.550149][ T8464] ? __nla_parse+0x3d/0x50 [ 72.554550][ T8464] tc_modify_qdisc+0x4c8/0x1a60 [ 72.559398][ T8464] ? qdisc_create+0x1320/0x1320 [ 72.564238][ T8464] ? rtnetlink_rcv_msg+0x3be/0xb80 [ 72.569344][ T8464] ? qdisc_create+0x1320/0x1320 [ 72.574180][ T8464] rtnetlink_rcv_msg+0x413/0xb80 [ 72.579102][ T8464] ? rtnl_newlink+0xa0/0xa0 [ 72.583589][ T8464] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 72.588866][ T8464] netlink_rcv_skb+0x153/0x420 [ 72.593630][ T8464] ? rtnl_newlink+0xa0/0xa0 [ 72.598135][ T8464] ? netlink_ack+0xa60/0xa60 [ 72.602722][ T8464] ? netlink_deliver_tap+0x1a2/0xbc0 [ 72.608013][ T8464] netlink_unicast+0x533/0x7d0 [ 72.612765][ T8464] ? netlink_attachskb+0x890/0x890 [ 72.617859][ T8464] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.624097][ T8464] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.630318][ T8464] ? __phys_addr_symbol+0x2c/0x70 [ 72.635325][ T8464] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.641028][ T8464] ? __check_object_size+0x16e/0x3f0 [ 72.646300][ T8464] netlink_sendmsg+0x86d/0xdb0 [ 72.651055][ T8464] ? netlink_unicast+0x7d0/0x7d0 [ 72.655978][ T8464] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.662207][ T8464] ? netlink_unicast+0x7d0/0x7d0 [ 72.667142][ T8464] sock_sendmsg+0xcf/0x120 [ 72.671566][ T8464] ____sys_sendmsg+0x6e8/0x810 [ 72.676374][ T8464] ? kernel_sendmsg+0x50/0x50 [ 72.681040][ T8464] ? do_recvmmsg+0x6d0/0x6d0 [ 72.685632][ T8464] ? lock_chain_count+0x20/0x20 [ 72.690491][ T8464] ___sys_sendmsg+0xf3/0x170 [ 72.695080][ T8464] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.700361][ T8464] ? __lock_acquire+0x162f/0x54a0 [ 72.705376][ T8464] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.711341][ T8464] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.717363][ T8464] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.723616][ T8464] ? __fget_light+0x215/0x280 [ 72.728280][ T8464] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.734522][ T8464] __sys_sendmsg+0xe5/0x1b0 [ 72.739014][ T8464] ? __sys_sendmsg_sock+0x30/0x30 [ 72.744049][ T8464] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.749939][ T8464] do_syscall_64+0x35/0xb0 [ 72.754345][ T8464] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.760224][ T8464] RIP: 0033:0x4439e9 [ 72.764124][ T8464] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.783712][ T8464] RSP: 002b:00007fff7c739ee8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.792112][ T8464] RAX: ffffffffffffffda RBX: 00007fff7c739ef8 RCX: 00000000004439e9 [ 72.800082][ T8464] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 72.808038][ T8464] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 72.815991][ T8464] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff7c739f00 [ 72.822854][ C0] ================================================================== [ 72.823945][ T8464] R13: 00007fff7c739f20 R14: 00000000004b9018 R15: 00000000004004b8 [ 72.832109][ C0] BUG: KASAN: use-after-free in advance_sched+0x967/0x9a0 [ 72.847155][ C0] Read of size 8 at addr ffff888022768610 by task swapper/0/0 [ 72.854607][ C0] [ 72.856925][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.14.0-rc6-syzkaller #0 [ 72.864927][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.874975][ C0] Call Trace: [ 72.878248][ C0] [ 72.881090][ C0] dump_stack_lvl+0xcd/0x134 [ 72.885693][ C0] print_address_description.constprop.0.cold+0x6c/0x309 [ 72.892728][ C0] ? advance_sched+0x967/0x9a0 [ 72.897504][ C0] ? advance_sched+0x967/0x9a0 [ 72.902280][ C0] kasan_report.cold+0x83/0xdf [ 72.907059][ C0] ? advance_sched+0x967/0x9a0 [ 72.911833][ C0] advance_sched+0x967/0x9a0 [ 72.916441][ C0] ? taprio_dequeue_soft+0xa70/0xa70 [ 72.921758][ C0] __hrtimer_run_queues+0x609/0xe50 [ 72.926978][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 72.932965][ C0] ? ktime_get_update_offsets_now+0x3eb/0x5c0 [ 72.939043][ C0] hrtimer_interrupt+0x330/0xa00 [ 72.944000][ C0] __sysvec_apic_timer_interrupt+0x146/0x530 [ 72.950085][ C0] sysvec_apic_timer_interrupt+0x8e/0xc0 [ 72.955727][ C0] [ 72.958652][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.964635][ C0] RIP: 0010:acpi_idle_do_entry+0x1c6/0x250 [ 72.970451][ C0] Code: 89 de e8 fd 8e 48 f8 84 db 75 ac e8 b4 88 48 f8 e8 af b1 4e f8 eb 0c e8 a8 88 48 f8 0f 00 2d 41 3a c2 00 e8 9c 88 48 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 e7 8d 48 f8 48 85 db [ 72.990055][ C0] RSP: 0018:ffffffff8b607d60 EFLAGS: 00000293 [ 72.996120][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 73.004088][ C0] RDX: ffffffff8b6bc640 RSI: ffffffff892d2064 RDI: 0000000000000000 [ 73.012057][ C0] RBP: ffff8881429c7864 R08: 0000000000000001 R09: 0000000000000001 [ 73.020026][ C0] R10: ffffffff817bd238 R11: 0000000000000000 R12: 0000000000000001 [ 73.027991][ C0] R13: ffff8881429c7800 R14: ffff8881429c7864 R15: ffff888140f91004 [ 73.035967][ C0] ? trace_hardirqs_on+0x38/0x1c0 [ 73.040998][ C0] ? acpi_idle_do_entry+0x1c4/0x250 [ 73.046211][ C0] acpi_idle_enter+0x361/0x500 [ 73.050987][ C0] cpuidle_enter_state+0x1b1/0xc80 [ 73.056111][ C0] cpuidle_enter+0x4a/0xa0 [ 73.060534][ C0] do_idle+0x3e8/0x590 [ 73.064604][ C0] ? arch_cpu_idle_exit+0x30/0x30 [ 73.069639][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 73.075986][ C0] cpu_startup_entry+0x14/0x20 [ 73.080768][ C0] start_kernel+0x47a/0x49b [ 73.085281][ C0] secondary_startup_64_no_verify+0xb0/0xbb [ 73.091196][ C0] [ 73.093510][ C0] Allocated by task 8464: [ 73.097830][ C0] kasan_save_stack+0x1b/0x40 [ 73.102543][ C0] __kasan_kmalloc+0x9b/0xd0 [ 73.107137][ C0] taprio_change+0x5fb/0x4140 [ 73.111819][ C0] taprio_init+0x52e/0x670 [ 73.116234][ C0] qdisc_create+0x475/0x1320 [ 73.120827][ C0] tc_modify_qdisc+0x4c8/0x1a60 [ 73.125679][ C0] rtnetlink_rcv_msg+0x413/0xb80 [ 73.130616][ C0] netlink_rcv_skb+0x153/0x420 [ 73.135386][ C0] netlink_unicast+0x533/0x7d0 [ 73.140153][ C0] netlink_sendmsg+0x86d/0xdb0 [ 73.144920][ C0] sock_sendmsg+0xcf/0x120 [ 73.149333][ C0] ____sys_sendmsg+0x6e8/0x810 [ 73.154093][ C0] ___sys_sendmsg+0xf3/0x170 [ 73.158687][ C0] __sys_sendmsg+0xe5/0x1b0 [ 73.163188][ C0] do_syscall_64+0x35/0xb0 [ 73.167605][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.173496][ C0] [ 73.175809][ C0] Freed by task 0: [ 73.179516][ C0] kasan_save_stack+0x1b/0x40 [ 73.184191][ C0] kasan_set_track+0x1c/0x30 [ 73.188783][ C0] kasan_set_free_info+0x20/0x30 [ 73.193722][ C0] __kasan_slab_free+0xfb/0x130 [ 73.198575][ C0] slab_free_freelist_hook+0xdf/0x240 [ 73.203945][ C0] kfree+0xe4/0x540 [ 73.207750][ C0] rcu_core+0x7ab/0x1380 [ 73.211997][ C0] __do_softirq+0x29b/0x9c2 [ 73.216505][ C0] [ 73.218821][ C0] Last potentially related work creation: [ 73.224527][ C0] kasan_save_stack+0x1b/0x40 [ 73.229204][ C0] kasan_record_aux_stack+0xe5/0x110 [ 73.234493][ C0] call_rcu+0xb1/0x750 [ 73.238560][ C0] taprio_destroy+0x3ce/0x4d0 [ 73.243239][ C0] qdisc_create+0xb7a/0x1320 [ 73.247828][ C0] tc_modify_qdisc+0x4c8/0x1a60 [ 73.252687][ C0] rtnetlink_rcv_msg+0x413/0xb80 [ 73.257641][ C0] netlink_rcv_skb+0x153/0x420 [ 73.262424][ C0] netlink_unicast+0x533/0x7d0 [ 73.267276][ C0] netlink_sendmsg+0x86d/0xdb0 [ 73.272045][ C0] sock_sendmsg+0xcf/0x120 [ 73.276464][ C0] ____sys_sendmsg+0x6e8/0x810 [ 73.281224][ C0] ___sys_sendmsg+0xf3/0x170 [ 73.285817][ C0] __sys_sendmsg+0xe5/0x1b0 [ 73.290322][ C0] do_syscall_64+0x35/0xb0 [ 73.294759][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.300650][ C0] [ 73.302961][ C0] The buggy address belongs to the object at ffff888022768600 [ 73.302961][ C0] which belongs to the cache kmalloc-96 of size 96 [ 73.316835][ C0] The buggy address is located 16 bytes inside of [ 73.316835][ C0] 96-byte region [ffff888022768600, ffff888022768660) [ 73.329929][ C0] The buggy address belongs to the page: [ 73.335557][ C0] page:ffffea000089da00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22768 [ 73.345700][ C0] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 73.353257][ C0] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888010841780 [ 73.361858][ C0] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 73.370453][ C0] page dumped because: kasan: bad access detected [ 73.376859][ C0] page_owner tracks the page as allocated [ 73.382570][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 6411, ts 40220249939, free_ts 37766761267 [ 73.398456][ C0] get_page_from_freelist+0xa72/0x2f80 [ 73.404197][ C0] __alloc_pages+0x1b2/0x500 [ 73.408782][ C0] alloc_pages+0x18c/0x2a0 [ 73.413201][ C0] allocate_slab+0x32e/0x4b0 [ 73.417792][ C0] ___slab_alloc+0x4ba/0x820 [ 73.422388][ C0] __slab_alloc.constprop.0+0xa7/0xf0 [ 73.427762][ C0] __kmalloc+0x312/0x330 [ 73.432001][ C0] tomoyo_encode2.part.0+0xe9/0x3a0 [ 73.437202][ C0] tomoyo_encode+0x28/0x50 [ 73.441705][ C0] tomoyo_realpath_from_path+0x186/0x620 [ 73.447357][ C0] tomoyo_check_open_permission+0x272/0x380 [ 73.453265][ C0] tomoyo_file_open+0xa3/0xd0 [ 73.457944][ C0] security_file_open+0x52/0x4f0 [ 73.462880][ C0] do_dentry_open+0x353/0x11d0 [ 73.467642][ C0] path_openat+0x1c23/0x27f0 [ 73.472229][ C0] do_filp_open+0x1aa/0x400 [ 73.476733][ C0] page last free stack trace: [ 73.481398][ C0] free_pcp_prepare+0x2c5/0x780 [ 73.486250][ C0] free_unref_page+0x19/0x690 [ 73.490930][ C0] qlist_free_all+0x5a/0xc0 [ 73.495435][ C0] kasan_quarantine_reduce+0x180/0x200 [ 73.500898][ C0] __kasan_slab_alloc+0x8e/0xa0 [ 73.505750][ C0] kmem_cache_alloc+0x285/0x4a0 [ 73.510598][ C0] getname_flags.part.0+0x50/0x4f0 [ 73.515723][ C0] user_path_at_empty+0xa1/0x100 [ 73.520675][ C0] vfs_statx+0x142/0x390 [ 73.524928][ C0] __do_sys_newlstat+0x91/0x110 [ 73.529785][ C0] do_syscall_64+0x35/0xb0 [ 73.534213][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.540117][ C0] [ 73.542443][ C0] Memory state around the buggy address: [ 73.548065][ C0] ffff888022768500: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 73.556119][ C0] ffff888022768580: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 73.564174][ C0] >ffff888022768600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 73.572228][ C0] ^ [ 73.576803][ C0] ffff888022768680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 73.584874][ C0] ffff888022768700: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 73.592945][ C0] ================================================================== [ 73.601009][ C0] Disabling lock debugging due to kernel taint [ 73.935953][ T8464] Shutting down cpus with NMI [ 73.941924][ T8464] Kernel Offset: disabled [ 73.946234][ T8464] Rebooting in 86400 seconds..