[ 49.819873][ T93] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.854015][ T93] device veth1_macvtap left promiscuous mode
[ 49.854143][ T93] device veth0_macvtap left promiscuous mode
[ 49.854649][ T93] device veth1_vlan left promiscuous mode
[ 49.854786][ T93] device veth0_vlan left promiscuous mode
[ 49.994234][ T93] team0 (unregistering): Port device team_slave_1 removed
[ 50.009170][ T93] team0 (unregistering): Port device team_slave_0 removed
[ 50.012699][ T93] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 50.023780][ T93] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 50.072959][ T93] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts.
2022/06/16 10:57:43 parsed 1 programs
2022/06/16 10:57:44 executed programs: 0
[ 65.200129][ T3647] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 65.200938][ T3647] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 65.201370][ T3647] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 65.202179][ T3647] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 65.202614][ T3647] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 65.202838][ T3647] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 65.270511][ T4081] chnl_net:caif_netlink_parms(): no params data found
[ 65.299028][ T4081] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.299082][ T4081] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.299590][ T4081] device bridge_slave_0 entered promiscuous mode
[ 65.300798][ T4081] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.300846][ T4081] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.301307][ T4081] device bridge_slave_1 entered promiscuous mode
[ 65.322921][ T4081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.324951][ T4081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.369446][ T4081] team0: Port device team_slave_0 added
[ 65.370652][ T4081] team0: Port device team_slave_1 added
[ 65.388317][ T4081] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.388325][ T4081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.388338][ T4081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.389908][ T4081] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.389915][ T4081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.389928][ T4081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.449016][ T4081] device hsr_slave_0 entered promiscuous mode
[ 65.472803][ T4081] device hsr_slave_1 entered promiscuous mode
[ 65.544774][ T4081] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.544796][ T4081] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.544867][ T4081] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.544890][ T4081] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.582438][ T4081] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.587216][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 65.592542][ T3657] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.601467][ T3657] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.602862][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 65.622440][ T4081] 8021q: adding VLAN 0 to HW filter on device team0
[ 65.635518][ T1137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 65.635918][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.635945][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.639182][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 65.639461][ T23] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.639748][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.649804][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 65.650296][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 65.654168][ T146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 65.658714][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 65.663078][ T146] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 65.669023][ T4081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 65.681637][ T146] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 65.681729][ T146] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 65.689443][ T4081] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 65.886223][ T146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 65.894831][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 65.895183][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 65.895462][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 65.899516][ T4081] device veth0_vlan entered promiscuous mode
[ 65.904517][ T4081] device veth1_vlan entered promiscuous mode
[ 65.921051][ T1137] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 65.921550][ T1137] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 65.922105][ T1137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 65.925288][ T4081] device veth0_macvtap entered promiscuous mode
[ 65.930128][ T4081] device veth1_macvtap entered promiscuous mode
[ 65.943189][ T4081] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 65.943259][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 65.950481][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 65.954008][ T4081] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 65.954228][ T1137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 66.036143][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.036161][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.037388][ T1137] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 66.054994][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.055010][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.059560][ T3657] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 66.490142][ T4165] ==================================================================
[ 66.490152][ T4165] BUG: KASAN: use-after-free in route4_destroy+0x82b/0x9a0
[ 66.490180][ T4165] Read of size 8 at addr ffff88801f531d00 by task syz-executor.0/4165
[ 66.490190][ T4165]
[ 66.490193][ T4165] CPU: 1 PID: 4165 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0
[ 66.490204][ T4165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 66.490209][ T4165] Call Trace:
[ 66.490212][ T4165]
[ 66.490216][ T4165] dump_stack_lvl+0xcd/0x134
[ 66.490229][ T4165] print_address_description.constprop.0.cold+0xeb/0x495
[ 66.490244][ T4165] ? route4_destroy+0x82b/0x9a0
[ 66.490256][ T4165] kasan_report.cold+0xf4/0x1c6
[ 66.490267][ T4165] ? route4_destroy+0x82b/0x9a0
[ 66.490279][ T4165] route4_destroy+0x82b/0x9a0
[ 66.490293][ T4165] ? route4_delete_filter_work+0xf0/0xf0
[ 66.490306][ T4165] ? wait_for_completion_io_timeout+0x20/0x20
[ 66.490320][ T4165] tcf_proto_destroy+0x6a/0x2d0
[ 66.490332][ T4165] tcf_proto_put+0x8c/0xc0
[ 66.490343][ T4165] tcf_chain_flush+0x21a/0x360
[ 66.490354][ T4165] __tcf_block_put+0x15a/0x510
[ 66.490365][ T4165] tcf_block_put+0xb3/0x100
[ 66.490376][ T4165] ? tcf_block_put_ext+0x40/0x40
[ 66.490387][ T4165] ? drr_destroy_qdisc+0x1d0/0x1d0
[ 66.490400][ T4165] ? drr_dump_class+0x450/0x450
[ 66.490410][ T4165] drr_destroy_qdisc+0x44/0x1d0
[ 66.490422][ T4165] ? drr_dump_class+0x450/0x450
[ 66.490434][ T4165] qdisc_destroy+0xc4/0x4e0
[ 66.490446][ T4165] qdisc_put+0xcd/0xe0
[ 66.490456][ T4165] qdisc_graft+0xeb1/0x1270
[ 66.490467][ T4165] ? tc_dump_tclass+0x510/0x510
[ 66.490477][ T4165] ? tc_get_qdisc+0xbd0/0xbd0
[ 66.490488][ T4165] tc_modify_qdisc+0xbb7/0x1a00
[ 66.490500][ T4165] ? qdisc_create.constprop.0+0x10e0/0x10e0
[ 66.490510][ T4165] ? rtnetlink_rcv_msg+0x3e5/0xc90
[ 66.490524][ T4165] ? qdisc_create.constprop.0+0x10e0/0x10e0
[ 66.490535][ T4165] rtnetlink_rcv_msg+0x43a/0xc90
[ 66.490545][ T4165] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 66.490554][ T4165] ? netdev_core_pick_tx+0x2e0/0x2e0
[ 66.490567][ T4165] ? skb_clone+0x170/0x3c0
[ 66.490580][ T4165] netlink_rcv_skb+0x153/0x420
[ 66.490592][ T4165] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 66.490601][ T4165] ? netlink_ack+0xa80/0xa80
[ 66.490610][ T4165] ? netlink_deliver_tap+0x1a3/0xc50
[ 66.490622][ T4165] ? netlink_deliver_tap+0x1b2/0xc50
[ 66.490633][ T4165] netlink_unicast+0x543/0x7f0
[ 66.490644][ T4165] ? netlink_attachskb+0x880/0x880
[ 66.490654][ T4165] ? __phys_addr+0xc4/0x140
[ 66.490667][ T4165] ? __phys_addr_symbol+0x2c/0x70
[ 66.490678][ T4165] ? __check_object_size+0x353/0x7a0
[ 66.490691][ T4165] netlink_sendmsg+0x917/0xe10
[ 66.490702][ T4165] ? netlink_unicast+0x7f0/0x7f0
[ 66.490713][ T4165] ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 66.490728][ T4165] ? netlink_unicast+0x7f0/0x7f0
[ 66.490738][ T4165] sock_sendmsg+0xcf/0x120
[ 66.490748][ T4165] ____sys_sendmsg+0x6eb/0x810
[ 66.490761][ T4165] ? kernel_sendmsg+0x50/0x50
[ 66.490770][ T4165] ? do_recvmmsg+0x6d0/0x6d0
[ 66.490788][ T4165] ? migrate_swap_stop+0x830/0x830
[ 66.490801][ T4165] ? lock_downgrade+0x6e0/0x6e0
[ 66.490814][ T4165] ___sys_sendmsg+0xf3/0x170
[ 66.490825][ T4165] ? sendmsg_copy_msghdr+0x160/0x160
[ 66.490837][ T4165] ? __fget_files+0x248/0x440
[ 66.490849][ T4165] ? lock_downgrade+0x6e0/0x6e0
[ 66.490861][ T4165] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 66.490875][ T4165] ? __fget_files+0x26a/0x440
[ 66.490888][ T4165] ? __fget_light+0xe5/0x270
[ 66.490901][ T4165] __x64_sys_sendmsg+0x132/0x220
[ 66.490912][ T4165] ? __sys_sendmsg+0x1b0/0x1b0
[ 66.490922][ T4165] ? restore_fpregs_from_fpstate+0xcc/0x1e0
[ 66.490937][ T4165] ? syscall_enter_from_user_mode+0x21/0x70
[ 66.490950][ T4165] ? syscall_enter_from_user_mode+0x21/0x70
[ 66.490963][ T4165] do_syscall_64+0x35/0x80
[ 66.490973][ T4165] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 66.490986][ T4165] RIP: 0033:0x4665f9
[ 66.490995][ T4165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 66.491005][ T4165] RSP: 002b:00007f6148fc7188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 66.491016][ T4165] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 66.491024][ T4165] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[ 66.491030][ T4165] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
[ 66.491037][ T4165] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
[ 66.491043][ T4165] R13: 00007ffdd1fe3e1f R14: 00007f6148fc7300 R15: 0000000000022000
[ 66.491053][ T4165]
[ 66.491056][ T4165]
[ 66.491058][ T4165] Allocated by task 4161:
[ 66.491063][ T4165] kasan_save_stack+0x1e/0x40
[ 66.491074][ T4165] __kasan_kmalloc+0xa9/0xd0
[ 66.491083][ T4165] route4_change+0x28c/0x2490
[ 66.491094][ T4165] tc_new_tfilter+0x98d/0x2200
[ 66.491103][ T4165] rtnetlink_rcv_msg+0x946/0xc90
[ 66.491112][ T4165] netlink_rcv_skb+0x153/0x420
[ 66.491121][ T4165] netlink_unicast+0x543/0x7f0
[ 66.491129][ T4165] netlink_sendmsg+0x917/0xe10
[ 66.491138][ T4165] sock_sendmsg+0xcf/0x120
[ 66.491146][ T4165] ____sys_sendmsg+0x6eb/0x810
[ 66.491155][ T4165] ___sys_sendmsg+0xf3/0x170
[ 66.491164][ T4165] __x64_sys_sendmsg+0x132/0x220
[ 66.491173][ T4165] do_syscall_64+0x35/0x80
[ 66.491181][ T4165] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 66.491193][ T4165]
[ 66.491195][ T4165] Freed by task 8:
[ 66.491199][ T4165] kasan_save_stack+0x1e/0x40
[ 66.491208][ T4165] kasan_set_track+0x21/0x30
[ 66.491218][ T4165] kasan_set_free_info+0x20/0x30
[ 66.491229][ T4165] ____kasan_slab_free+0x166/0x1a0
[ 66.491239][ T4165] slab_free_freelist_hook+0x8b/0x1c0
[ 66.491248][ T4165] kfree+0xd6/0x4d0
[ 66.491256][ T4165] route4_delete_filter_work+0xb0/0xf0
[ 66.491268][ T4165] process_one_work+0x996/0x1610
[ 66.491278][ T4165] worker_thread+0x665/0x1080
[ 66.491286][ T4165] kthread+0x2e9/0x3a0
[ 66.491297][ T4165] ret_from_fork+0x1f/0x30
[ 66.491308][ T4165]
[ 66.491310][ T4165] Last potentially related work creation:
[ 66.491312][ T4165] kasan_save_stack+0x1e/0x40
[ 66.491322][ T4165] __kasan_record_aux_stack+0xbe/0xd0
[ 66.491333][ T4165] insert_work+0x48/0x350
[ 66.491341][ T4165] __queue_work+0x62f/0x1150
[ 66.491350][ T4165] rcu_work_rcufn+0x58/0x80
[ 66.491359][ T4165] rcu_core+0x7b1/0x1880
[ 66.491367][ T4165] __do_softirq+0x29b/0x9c2
[ 66.491376][ T4165]
[ 66.491377][ T4165] Second to last potentially related work creation:
[ 66.491380][ T4165] kasan_save_stack+0x1e/0x40
[ 66.491389][ T4165] __kasan_record_aux_stack+0xbe/0xd0
[ 66.491401][ T4165] call_rcu+0x99/0x790
[ 66.491408][ T4165] queue_rcu_work+0x82/0xa0
[ 66.491419][ T4165] route4_queue_work+0x46/0x50
[ 66.491430][ T4165] route4_change+0x19e5/0x2490
[ 66.491441][ T4165] tc_new_tfilter+0x98d/0x2200
[ 66.491450][ T4165] rtnetlink_rcv_msg+0x946/0xc90
[ 66.491459][ T4165] netlink_rcv_skb+0x153/0x420
[ 66.491467][ T4165] netlink_unicast+0x543/0x7f0
[ 66.491476][ T4165] netlink_sendmsg+0x917/0xe10
[ 66.491484][ T4165] sock_sendmsg+0xcf/0x120
[ 66.491492][ T4165] ____sys_sendmsg+0x6eb/0x810
[ 66.491500][ T4165] ___sys_sendmsg+0xf3/0x170
[ 66.491509][ T4165] __x64_sys_sendmsg+0x132/0x220
[ 66.491519][ T4165] do_syscall_64+0x35/0x80
[ 66.491527][ T4165] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 66.491539][ T4165]
[ 66.491540][ T4165] The buggy address belongs to the object at ffff88801f531d00
[ 66.491540][ T4165] which belongs to the cache kmalloc-192 of size 192
[ 66.491548][ T4165] The buggy address is located 0 bytes inside of
[ 66.491548][ T4165] 192-byte region [ffff88801f531d00, ffff88801f531dc0)
[ 66.491557][ T4165]
[ 66.491559][ T4165] The buggy address belongs to the physical page:
[ 66.491563][ T4165] page:ffffea00007d4c40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f531
[ 66.491574][ T4165] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 66.491589][ T4165] raw: 00fff00000000200 ffffea00007d2200 dead000000000002 ffff888010c41a00
[ 66.491599][ T4165] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 66.491604][ T4165] page dumped because: kasan: bad access detected
[ 66.491608][ T4165] page_owner tracks the page as allocated
[ 66.491611][ T4165] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 7564804891, free_ts 7198223118
[ 66.491627][ T4165] get_page_from_freelist+0x1290/0x3b70
[ 66.491641][ T4165] __alloc_pages+0x1c7/0x510
[ 66.491651][ T4165] alloc_page_interleave+0x1e/0x200
[ 66.491662][ T4165] alloc_pages+0x2b1/0x310
[ 66.491671][ T4165] allocate_slab+0x26c/0x3c0
[ 66.491680][ T4165] ___slab_alloc+0x985/0xd90
[ 66.491689][ T4165] __slab_alloc.constprop.0+0x4d/0xa0
[ 66.491698][ T4165] kmem_cache_alloc_trace+0x310/0x3f0
[ 66.491708][ T4165] __usb_create_hcd+0x7af/0xa70
[ 66.491719][ T4165] vhci_hcd_probe+0xfb/0x3a0
[ 66.491731][ T4165] platform_probe+0xfc/0x1f0
[ 66.491741][ T4165] really_probe+0x23e/0xb90
[ 66.491753][ T4165] __driver_probe_device+0x338/0x4d0
[ 66.491762][ T4165] driver_probe_device+0x4c/0x1a0
[ 66.491770][ T4165] __device_attach_driver+0x20b/0x2f0
[ 66.491783][ T4165] bus_for_each_drv+0x15f/0x1e0
[ 66.491793][ T4165] page last free stack trace:
[ 66.491796][ T4165] free_pcp_prepare+0x549/0xd20
[ 66.491806][ T4165] free_unref_page+0x19/0x6a0
[ 66.491817][ T4165] __vunmap+0x85d/0xd30
[ 66.491826][ T4165] free_work+0x58/0x70
[ 66.491835][ T4165] process_one_work+0x996/0x1610
[ 66.491843][ T4165] worker_thread+0x665/0x1080
[ 66.491852][ T4165] kthread+0x2e9/0x3a0
[ 66.491862][ T4165] ret_from_fork+0x1f/0x30
[ 66.491872][ T4165]
[ 66.491873][ T4165] Memory state around the buggy address:
[ 66.491878][ T4165] ffff88801f531c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 66.491884][ T4165] ffff88801f531c80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 66.491891][ T4165] >ffff88801f531d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 66.491896][ T4165] ^
[ 66.491900][ T4165] ffff88801f531d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 66.491907][ T4165] ffff88801f531e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 66.491911][ T4165] ==================================================================
[ 66.491959][ T4165] Kernel panic - not syncing: panic_on_warn set ...
[ 67.296720][ T1137] Bluetooth: hci0: command 0x0409 tx timeout
[ 67.503048][ T4165] CPU: 1 PID: 4165 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0
[ 67.511701][ T4165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 67.521757][ T4165] Call Trace:
[ 67.525020][ T4165]
[ 67.527937][ T4165] dump_stack_lvl+0xcd/0x134
[ 67.532608][ T4165] panic+0x2d7/0x636
[ 67.536488][ T4165] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 67.542460][ T4165] ? preempt_schedule_common+0x59/0xc0
[ 67.547946][ T4165] ? route4_destroy+0x82b/0x9a0
[ 67.552780][ T4165] ? preempt_schedule_thunk+0x16/0x18
[ 67.558136][ T4165] ? route4_destroy+0x82b/0x9a0
[ 67.562967][ T4165] end_report.part.0+0x3f/0x7c
[ 67.567711][ T4165] kasan_report.cold+0x93/0x1c6
[ 67.572553][ T4165] ? route4_destroy+0x82b/0x9a0
[ 67.577480][ T4165] route4_destroy+0x82b/0x9a0
[ 67.582166][ T4165] ? route4_delete_filter_work+0xf0/0xf0
[ 67.587780][ T4165] ? wait_for_completion_io_timeout+0x20/0x20
[ 67.593831][ T4165] tcf_proto_destroy+0x6a/0x2d0
[ 67.598664][ T4165] tcf_proto_put+0x8c/0xc0
[ 67.603058][ T4165] tcf_chain_flush+0x21a/0x360
[ 67.607805][ T4165] __tcf_block_put+0x15a/0x510
[ 67.612549][ T4165] tcf_block_put+0xb3/0x100
[ 67.617036][ T4165] ? tcf_block_put_ext+0x40/0x40
[ 67.621958][ T4165] ? drr_destroy_qdisc+0x1d0/0x1d0
[ 67.627057][ T4165] ? drr_dump_class+0x450/0x450
[ 67.631888][ T4165] drr_destroy_qdisc+0x44/0x1d0
[ 67.636719][ T4165] ? drr_dump_class+0x450/0x450
[ 67.641559][ T4165] qdisc_destroy+0xc4/0x4e0
[ 67.646075][ T4165] qdisc_put+0xcd/0xe0
[ 67.650188][ T4165] qdisc_graft+0xeb1/0x1270
[ 67.654678][ T4165] ? tc_dump_tclass+0x510/0x510
[ 67.659506][ T4165] ? tc_get_qdisc+0xbd0/0xbd0
[ 67.664171][ T4165] tc_modify_qdisc+0xbb7/0x1a00
[ 67.669006][ T4165] ? qdisc_create.constprop.0+0x10e0/0x10e0
[ 67.674883][ T4165] ? rtnetlink_rcv_msg+0x3e5/0xc90
[ 67.679975][ T4165] ? qdisc_create.constprop.0+0x10e0/0x10e0
[ 67.685846][ T4165] rtnetlink_rcv_msg+0x43a/0xc90
[ 67.690762][ T4165] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 67.695508][ T4165] ? netdev_core_pick_tx+0x2e0/0x2e0
[ 67.700791][ T4165] ? skb_clone+0x170/0x3c0
[ 67.705189][ T4165] netlink_rcv_skb+0x153/0x420
[ 67.709999][ T4165] ? rtnl_fdb_dump+0x9a0/0x9a0
[ 67.714830][ T4165] ? netlink_ack+0xa80/0xa80
[ 67.719398][ T4165] ? netlink_deliver_tap+0x1a3/0xc50
[ 67.724668][ T4165] ? netlink_deliver_tap+0x1b2/0xc50
[ 67.729948][ T4165] netlink_unicast+0x543/0x7f0
[ 67.734691][ T4165] ? netlink_attachskb+0x880/0x880
[ 67.739787][ T4165] ? __phys_addr+0xc4/0x140
[ 67.744280][ T4165] ? __phys_addr_symbol+0x2c/0x70
[ 67.749306][ T4165] ? __check_object_size+0x353/0x7a0
[ 67.754575][ T4165] netlink_sendmsg+0x917/0xe10
[ 67.759317][ T4165] ? netlink_unicast+0x7f0/0x7f0
[ 67.764239][ T4165] ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 67.769590][ T4165] ? netlink_unicast+0x7f0/0x7f0
[ 67.774506][ T4165] sock_sendmsg+0xcf/0x120
[ 67.778902][ T4165] ____sys_sendmsg+0x6eb/0x810
[ 67.783643][ T4165] ? kernel_sendmsg+0x50/0x50
[ 67.788296][ T4165] ? do_recvmmsg+0x6d0/0x6d0
[ 67.792865][ T4165] ? migrate_swap_stop+0x830/0x830
[ 67.797958][ T4165] ? lock_downgrade+0x6e0/0x6e0
[ 67.802796][ T4165] ___sys_sendmsg+0xf3/0x170
[ 67.807375][ T4165] ? sendmsg_copy_msghdr+0x160/0x160
[ 67.812645][ T4165] ? __fget_files+0x248/0x440
[ 67.817303][ T4165] ? lock_downgrade+0x6e0/0x6e0
[ 67.822133][ T4165] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 67.828102][ T4165] ? __fget_files+0x26a/0x440
[ 67.832761][ T4165] ? __fget_light+0xe5/0x270
[ 67.837339][ T4165] __x64_sys_sendmsg+0x132/0x220
[ 67.842258][ T4165] ? __sys_sendmsg+0x1b0/0x1b0
[ 67.847027][ T4165] ? restore_fpregs_from_fpstate+0xcc/0x1e0
[ 67.852922][ T4165] ? syscall_enter_from_user_mode+0x21/0x70
[ 67.858813][ T4165] ? syscall_enter_from_user_mode+0x21/0x70
[ 67.864792][ T4165] do_syscall_64+0x35/0x80
[ 67.869195][ T4165] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 67.875079][ T4165] RIP: 0033:0x4665f9
[ 67.878958][ T4165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 67.899077][ T4165] RSP: 002b:00007f6148fc7188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 67.907563][ T4165] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
[ 67.915512][ T4165] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[ 67.923483][ T4165] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
[ 67.931433][ T4165] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
[ 67.940345][ T4165] R13: 00007ffdd1fe3e1f R14: 00007f6148fc7300 R15: 0000000000022000
[ 67.948392][ T4165]
[ 67.951558][ T4165] Kernel Offset: disabled
[ 67.955867][ T4165] Rebooting in 86400 seconds..