[  127.370492][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[  188.815322][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[  188.821629][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[  196.002820][   T26] Bluetooth: hci0: command 0x0406 tx timeout
[  250.253934][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[  250.260274][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[  311.685485][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[  311.691790][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[  373.134301][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[  373.140686][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[  422.315033][   T45] device hsr_slave_0 left promiscuous mode
[  422.322763][   T45] device hsr_slave_1 left promiscuous mode
[  422.330844][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  422.339959][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  422.348493][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  422.356728][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  422.366234][   T45] device bridge_slave_1 left promiscuous mode
[  422.372369][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.380720][   T45] device bridge_slave_0 left promiscuous mode
[  422.387589][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.398831][   T45] device veth1_macvtap left promiscuous mode
[  422.405098][   T45] device veth0_macvtap left promiscuous mode
[  422.411402][   T45] device veth1_vlan left promiscuous mode
[  422.417928][   T45] device veth0_vlan left promiscuous mode
[  422.520922][   T45] team0 (unregistering): Port device team_slave_1 removed
[  422.532345][   T45] team0 (unregistering): Port device team_slave_0 removed
[  422.543630][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  422.558500][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  422.601391][   T45] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
[  426.148743][T14233] cgroup: Unknown subsys name 'net'
[  426.156740][T14233] cgroup: Unknown subsys name 'rlimit'
[  427.209200][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  427.218393][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  427.227802][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  427.238279][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  427.246132][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  427.253614][T14236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  427.314768][T14237] chnl_net:caif_netlink_parms(): no params data found
[  427.348646][T14237] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.355871][T14237] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.363872][T14237] device bridge_slave_0 entered promiscuous mode
[  427.371527][T14237] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.379084][T14237] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.387469][T14237] device bridge_slave_1 entered promiscuous mode
[  427.406313][T14237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  427.426260][T14237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  427.448498][T14237] team0: Port device team_slave_0 added
[  427.455535][T14237] team0: Port device team_slave_1 added
[  427.470849][T14237] batman_adv: batadv0: Adding interface: batadv_slave_0
[  427.478284][T14237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  427.504514][T14237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  427.516513][T14237] batman_adv: batadv0: Adding interface: batadv_slave_1
[  427.524000][T14237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  427.550533][T14237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  427.574185][T14237] device hsr_slave_0 entered promiscuous mode
[  427.581458][T14237] device hsr_slave_1 entered promiscuous mode
[  427.631439][T14237] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.638696][T14237] bridge0: port 2(bridge_slave_1) entered forwarding state
[  427.646181][T14237] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.653261][T14237] bridge0: port 1(bridge_slave_0) entered forwarding state
[  427.686948][T14237] 8021q: adding VLAN 0 to HW filter on device bond0
[  427.698555][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  427.706823][T14229] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.715700][T14229] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.723517][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  427.735688][T14237] 8021q: adding VLAN 0 to HW filter on device team0
[  427.745695][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  427.754019][T14229] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.761039][T14229] bridge0: port 1(bridge_slave_0) entered forwarding state
[  427.771498][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  427.779829][  T924] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.786995][  T924] bridge0: port 2(bridge_slave_1) entered forwarding state
[  427.803955][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  427.812534][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  427.824815][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  427.835294][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  427.846626][T14237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  427.857803][T14237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  427.866177][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  427.884574][T14237] 8021q: adding VLAN 0 to HW filter on device batadv0
[  427.891836][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  427.899735][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  427.914185][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  427.930597][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  427.938911][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  427.946811][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  427.956554][T14237] device veth0_vlan entered promiscuous mode
[  427.967324][T14237] device veth1_vlan entered promiscuous mode
[  427.984893][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  427.993143][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  428.001119][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  428.011567][T14237] device veth0_macvtap entered promiscuous mode
[  428.020705][T14237] device veth1_macvtap entered promiscuous mode
[  428.035997][T14237] batman_adv: batadv0: Interface activated: batadv_slave_0
[  428.043394][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  428.053863][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  428.064417][T14237] batman_adv: batadv0: Interface activated: batadv_slave_1
[  428.073839][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  428.116411][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.130766][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.140868][ T1052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.142815][  T924] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  428.157816][ T1052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.167339][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  429.283347][T14229] Bluetooth: hci0: command 0x0409 tx timeout
[  430.278781][T14436] ==================================================================
[  430.287197][T14436] BUG: KASAN: use-after-free in dump_schedule+0x68e/0x6f0
[  430.294382][T14436] Read of size 8 at addr ffff888018f312c0 by task syz-executor275/14436
[  430.302777][T14436] 
[  430.305257][T14436] CPU: 1 PID: 14436 Comm: syz-executor275 Not tainted 5.18.0-rc7-syzkaller #0
[  430.314076][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.324208][T14436] Call Trace:
[  430.327469][T14436]  <TASK>
[  430.330465][T14436]  dump_stack_lvl+0x57/0x7d
[  430.335129][T14436]  print_address_description.constprop.0.cold+0xeb/0x495
[  430.342166][T14436]  ? dump_schedule+0x68e/0x6f0
[  430.347081][T14436]  kasan_report.cold+0xf4/0x1c6
[  430.351997][T14436]  ? dump_schedule+0x68e/0x6f0
[  430.356911][T14436]  dump_schedule+0x68e/0x6f0
[  430.361563][T14436]  ? lock_release+0x720/0x720
[  430.366256][T14436]  ? mark_lock.part.0+0xee/0x19a0
[  430.371552][T14436]  ? taprio_offload_get+0x60/0x60
[  430.376619][T14436]  ? memset+0x20/0x40
[  430.380646][T14436]  ? __nla_reserve+0x8f/0xb0
[  430.385230][T14436]  ? memcpy+0x39/0x60
[  430.389187][T14436]  taprio_dump+0x431/0xb70
[  430.393578][T14436]  ? advance_sched+0x920/0x920
[  430.398315][T14436]  ? __nla_reserve+0x8f/0xb0
[  430.402879][T14436]  ? memcpy+0x39/0x60
[  430.406840][T14436]  tc_fill_qdisc+0x570/0xf60
[  430.411466][T14436]  ? lock_downgrade+0x6e0/0x6e0
[  430.416289][T14436]  ? qdisc_class_hash_init+0x210/0x210
[  430.421771][T14436]  ? rcu_read_lock_sched_held+0x3a/0x70
[  430.427373][T14436]  ? memset+0x20/0x40
[  430.431334][T14436]  ? __build_skb_around+0x1f3/0x2b0
[  430.436557][T14436]  ? __alloc_skb+0xca/0x270
[  430.441040][T14436]  qdisc_notify.isra.0+0x22e/0x2a0
[  430.446214][T14436]  tc_modify_qdisc+0xc4d/0x1680
[  430.451128][T14436]  ? __mutex_lock+0x21a/0x12f0
[  430.455915][T14436]  ? qdisc_create.constprop.0+0xdc0/0xdc0
[  430.461872][T14436]  rtnetlink_rcv_msg+0x31d/0x8d0
[  430.466853][T14436]  ? rtnl_fdb_dump+0x7e0/0x7e0
[  430.471598][T14436]  netlink_rcv_skb+0x118/0x370
[  430.476384][T14436]  ? rtnl_fdb_dump+0x7e0/0x7e0
[  430.481121][T14436]  ? netlink_ack+0x940/0x940
[  430.485689][T14436]  ? netlink_deliver_tap+0x131/0xa90
[  430.491556][T14436]  ? netlink_deliver_tap+0x136/0xa90
[  430.499759][T14436]  netlink_unicast+0x433/0x710
[  430.506760][T14436]  ? netlink_attachskb+0x740/0x740
[  430.512740][T14436]  netlink_sendmsg+0x770/0xc20
[  430.519529][T14436]  ? netlink_unicast+0x710/0x710
[  430.524533][T14436]  ? __lock_acquire+0x15bc/0x5660
[  430.529535][T14436]  ? netlink_unicast+0x710/0x710
[  430.534807][T14436]  sock_sendmsg+0xab/0xe0
[  430.539197][T14436]  sock_no_sendpage+0xea/0x130
[  430.544193][T14436]  ? sock_no_shutdown+0x10/0x10
[  430.549018][T14436]  ? lock_release+0x720/0x720
[  430.553672][T14436]  kernel_sendpage.part.0+0x151/0x550
[  430.559020][T14436]  ? kernel_sendpage+0xd0/0xd0
[  430.563762][T14436]  sock_sendpage+0xbd/0x190
[  430.568246][T14436]  pipe_to_sendpage+0x245/0x410
[  430.573125][T14436]  ? propagate_umount+0x1830/0x1830
[  430.578387][T14436]  __splice_from_pipe+0x362/0x810
[  430.583387][T14436]  ? propagate_umount+0x1830/0x1830
[  430.588611][T14436]  generic_splice_sendpage+0xba/0x120
[  430.594066][T14436]  ? __do_sys_vmsplice+0x810/0x810
[  430.599249][T14436]  ? apparmor_file_permission+0x138/0x450
[  430.605014][T14436]  ? security_file_permission+0x3c/0x90
[  430.610659][T14436]  do_splice+0x9c8/0x1b00
[  430.614966][T14436]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  430.621102][T14436]  ? splice_file_to_pipe+0xf0/0xf0
[  430.626275][T14436]  ? __context_tracking_exit+0x80/0x90
[  430.631823][T14436]  __do_splice+0xf4/0x1b0
[  430.636147][T14436]  ? do_splice+0x1b00/0x1b00
[  430.640725][T14436]  __x64_sys_splice+0x14a/0x200
[  430.645571][T14436]  do_syscall_64+0x35/0x80
[  430.649980][T14436]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  430.655911][T14436] RIP: 0033:0x7f4beae5bc99
[  430.660333][T14436] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  430.680175][T14436] RSP: 002b:00007f4beafffc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  430.688564][T14436] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4beae5bc99
[  430.696515][T14436] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[  430.704546][T14436] RBP: 0000000000000000 R08: 0000000000010976 R09: 0000000000000000
[  430.712580][T14436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4beafffcc8
[  430.720536][T14436] R13: 00007f4beafffce0 R14: 00007f4beafffd20 R15: 00000000000000c0
[  430.728514][T14436]  </TASK>
[  430.731685][T14436] 
[  430.734008][T14436] Allocated by task 14431:
[  430.738400][T14436]  kasan_save_stack+0x1e/0x40
[  430.743142][T14436]  __kasan_kmalloc+0xa9/0xd0
[  430.747812][T14436]  taprio_change+0x51b/0x3a80
[  430.752463][T14436]  tc_modify_qdisc+0xafd/0x1680
[  430.757288][T14436]  rtnetlink_rcv_msg+0x31d/0x8d0
[  430.762201][T14436]  netlink_rcv_skb+0x118/0x370
[  430.766952][T14436]  netlink_unicast+0x433/0x710
[  430.771692][T14436]  netlink_sendmsg+0x770/0xc20
[  430.776437][T14436]  sock_sendmsg+0xab/0xe0
[  430.780744][T14436]  sock_no_sendpage+0xea/0x130
[  430.785482][T14436]  kernel_sendpage.part.0+0x151/0x550
[  430.790840][T14436]  sock_sendpage+0xbd/0x190
[  430.795318][T14436]  pipe_to_sendpage+0x245/0x410
[  430.800143][T14436]  __splice_from_pipe+0x362/0x810
[  430.805228][T14436]  generic_splice_sendpage+0xba/0x120
[  430.810575][T14436]  do_splice+0x9c8/0x1b00
[  430.814879][T14436]  __do_splice+0xf4/0x1b0
[  430.819178][T14436]  __x64_sys_splice+0x14a/0x200
[  430.824097][T14436]  do_syscall_64+0x35/0x80
[  430.828493][T14436]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  430.834360][T14436] 
[  430.836664][T14436] Freed by task 0:
[  430.840356][T14436]  kasan_save_stack+0x1e/0x40
[  430.845011][T14436]  kasan_set_track+0x21/0x30
[  430.849578][T14436]  kasan_set_free_info+0x20/0x30
[  430.854785][T14436]  ____kasan_slab_free+0x166/0x1a0
[  430.860133][T14436]  slab_free_freelist_hook+0x8b/0x1c0
[  430.865567][T14436]  kfree+0xd6/0x4d0
[  430.869350][T14436]  rcu_core+0x7b1/0x1880
[  430.873913][T14436]  __do_softirq+0x29b/0x9c2
[  430.878390][T14436] 
[  430.880696][T14436] Last potentially related work creation:
[  430.886398][T14436]  kasan_save_stack+0x1e/0x40
[  430.891067][T14436]  __kasan_record_aux_stack+0xbe/0xd0
[  430.896410][T14436]  call_rcu+0x99/0x790
[  430.900455][T14436]  taprio_change+0x259a/0x3a80
[  430.905195][T14436]  tc_modify_qdisc+0xafd/0x1680
[  430.910020][T14436]  rtnetlink_rcv_msg+0x31d/0x8d0
[  430.915072][T14436]  netlink_rcv_skb+0x118/0x370
[  430.919812][T14436]  netlink_unicast+0x433/0x710
[  430.924548][T14436]  netlink_sendmsg+0x770/0xc20
[  430.929283][T14436]  sock_sendmsg+0xab/0xe0
[  430.933772][T14436]  sock_no_sendpage+0xea/0x130
[  430.938685][T14436]  kernel_sendpage.part.0+0x151/0x550
[  430.944025][T14436]  sock_sendpage+0xbd/0x190
[  430.948596][T14436]  pipe_to_sendpage+0x245/0x410
[  430.953425][T14436]  __splice_from_pipe+0x362/0x810
[  430.958437][T14436]  generic_splice_sendpage+0xba/0x120
[  430.963791][T14436]  do_splice+0x9c8/0x1b00
[  430.968192][T14436]  __do_splice+0xf4/0x1b0
[  430.972525][T14436]  __x64_sys_splice+0x14a/0x200
[  430.977351][T14436]  do_syscall_64+0x35/0x80
[  430.981872][T14436]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  430.987767][T14436] 
[  430.990072][T14436] The buggy address belongs to the object at ffff888018f31280
[  430.990072][T14436]  which belongs to the cache kmalloc-96 of size 96
[  431.004052][T14436] The buggy address is located 64 bytes inside of
[  431.004052][T14436]  96-byte region [ffff888018f31280, ffff888018f312e0)
[  431.017390][T14436] 
[  431.019698][T14436] The buggy address belongs to the physical page:
[  431.026148][T14436] page:ffffea000063cc40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18f31
[  431.036282][T14436] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  431.043814][T14436] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888010041780
[  431.052564][T14436] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[  431.061212][T14436] page dumped because: kasan: bad access detected
[  431.067793][T14436] page_owner tracks the page as allocated
[  431.073517][T14436] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 26, tgid 26 (kworker/1:1), ts 430163053943, free_ts 430161824744
[  431.093188][T14436]  get_page_from_freelist+0x178d/0x3dc0
[  431.098848][T14436]  __alloc_pages+0x1b2/0x500
[  431.103414][T14436]  allocate_slab+0x26c/0x3c0
[  431.108063][T14436]  ___slab_alloc+0x8e1/0xf20
[  431.112801][T14436]  __slab_alloc.constprop.0+0x4d/0xa0
[  431.118243][T14436]  kmem_cache_alloc_trace+0x310/0x3f0
[  431.123601][T14436]  dst_cow_metrics_generic+0x43/0x170
[  431.129054][T14436]  icmp6_dst_alloc+0x447/0x600
[  431.133946][T14436]  mld_sendpack+0x527/0xc70
[  431.138462][T14436]  mld_dad_work+0x177/0x510
[  431.143035][T14436]  process_one_work+0x865/0x13d0
[  431.148029][T14436]  worker_thread+0x598/0xec0
[  431.153026][T14436]  kthread+0x299/0x340
[  431.157068][T14436]  ret_from_fork+0x1f/0x30
[  431.161481][T14436] page last free stack trace:
[  431.166221][T14436]  free_pcp_prepare+0x549/0xd20
[  431.171221][T14436]  free_unref_page+0x19/0x6a0
[  431.175878][T14436]  tlb_finish_mmu+0x1f1/0x790
[  431.180606][T14436]  exit_mmap+0x19d/0x3f0
[  431.184906][T14436]  __mmput+0xed/0x430
[  431.188891][T14436]  do_exit+0x8e9/0x2470
[  431.193052][T14436]  do_group_exit+0xb2/0x2a0
[  431.197527][T14436]  __x64_sys_exit_group+0x35/0x40
[  431.202526][T14436]  do_syscall_64+0x35/0x80
[  431.206918][T14436]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  431.212788][T14436] 
[  431.215266][T14436] Memory state around the buggy address:
[  431.220969][T14436]  ffff888018f31180: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  431.229007][T14436]  ffff888018f31200: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  431.237241][T14436] >ffff888018f31280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  431.245285][T14436]                                            ^
[  431.251445][T14436]  ffff888018f31300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  431.259776][T14436]  ffff888018f31380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  431.267824][T14436] ==================================================================
[  431.290257][T14436] Kernel panic - not syncing: panic_on_warn set ...
[  431.297362][T14436] CPU: 1 PID: 14436 Comm: syz-executor275 Not tainted 5.18.0-rc7-syzkaller #0
[  431.307725][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  431.317772][T14436] Call Trace:
[  431.321048][T14436]  <TASK>
[  431.324085][T14436]  dump_stack_lvl+0x57/0x7d
[  431.328713][T14436]  panic+0x227/0x466
[  431.332787][T14436]  ? panic_print_sys_info.part.0+0x69/0x69
[  431.338790][T14436]  ? preempt_schedule_common+0x59/0xc0
[  431.344418][T14436]  ? dump_schedule+0x68e/0x6f0
[  431.349164][T14436]  ? preempt_schedule_thunk+0x16/0x18
[  431.355236][T14436]  ? dump_schedule+0x68e/0x6f0
[  431.360521][T14436]  end_report.part.0+0x3f/0x7c
[  431.365268][T14436]  kasan_report.cold+0x93/0x1c6
[  431.370203][T14436]  ? dump_schedule+0x68e/0x6f0
[  431.375042][T14436]  dump_schedule+0x68e/0x6f0
[  431.379608][T14436]  ? lock_release+0x720/0x720
[  431.384387][T14436]  ? mark_lock.part.0+0xee/0x19a0
[  431.389567][T14436]  ? taprio_offload_get+0x60/0x60
[  431.394568][T14436]  ? memset+0x20/0x40
[  431.398719][T14436]  ? __nla_reserve+0x8f/0xb0
[  431.403293][T14436]  ? memcpy+0x39/0x60
[  431.407338][T14436]  taprio_dump+0x431/0xb70
[  431.411909][T14436]  ? advance_sched+0x920/0x920
[  431.416740][T14436]  ? __nla_reserve+0x8f/0xb0
[  431.421302][T14436]  ? memcpy+0x39/0x60
[  431.425390][T14436]  tc_fill_qdisc+0x570/0xf60
[  431.429961][T14436]  ? lock_downgrade+0x6e0/0x6e0
[  431.435120][T14436]  ? qdisc_class_hash_init+0x210/0x210
[  431.440829][T14436]  ? rcu_read_lock_sched_held+0x3a/0x70
[  431.446628][T14436]  ? memset+0x20/0x40
[  431.450601][T14436]  ? __build_skb_around+0x1f3/0x2b0
[  431.455966][T14436]  ? __alloc_skb+0xca/0x270
[  431.460486][T14436]  qdisc_notify.isra.0+0x22e/0x2a0
[  431.465772][T14436]  tc_modify_qdisc+0xc4d/0x1680
[  431.470599][T14436]  ? __mutex_lock+0x21a/0x12f0
[  431.475351][T14436]  ? qdisc_create.constprop.0+0xdc0/0xdc0
[  431.481310][T14436]  rtnetlink_rcv_msg+0x31d/0x8d0
[  431.486589][T14436]  ? rtnl_fdb_dump+0x7e0/0x7e0
[  431.491448][T14436]  netlink_rcv_skb+0x118/0x370
[  431.496275][T14436]  ? rtnl_fdb_dump+0x7e0/0x7e0
[  431.501016][T14436]  ? netlink_ack+0x940/0x940
[  431.505684][T14436]  ? netlink_deliver_tap+0x131/0xa90
[  431.511045][T14436]  ? netlink_deliver_tap+0x136/0xa90
[  431.516394][T14436]  netlink_unicast+0x433/0x710
[  431.521167][T14436]  ? netlink_attachskb+0x740/0x740
[  431.526355][T14436]  netlink_sendmsg+0x770/0xc20
[  431.531108][T14436]  ? netlink_unicast+0x710/0x710
[  431.536116][T14436]  ? __lock_acquire+0x15bc/0x5660
[  431.541395][T14436]  ? netlink_unicast+0x710/0x710
[  431.546310][T14436]  sock_sendmsg+0xab/0xe0
[  431.550625][T14436]  sock_no_sendpage+0xea/0x130
[  431.555367][T14436]  ? sock_no_shutdown+0x10/0x10
[  431.560237][T14436]  ? lock_release+0x720/0x720
[  431.565062][T14436]  kernel_sendpage.part.0+0x151/0x550
[  431.570409][T14436]  ? kernel_sendpage+0xd0/0xd0
[  431.575147][T14436]  sock_sendpage+0xbd/0x190
[  431.579637][T14436]  pipe_to_sendpage+0x245/0x410
[  431.584549][T14436]  ? propagate_umount+0x1830/0x1830
[  431.589758][T14436]  __splice_from_pipe+0x362/0x810
[  431.594757][T14436]  ? propagate_umount+0x1830/0x1830
[  431.600013][T14436]  generic_splice_sendpage+0xba/0x120
[  431.605369][T14436]  ? __do_sys_vmsplice+0x810/0x810
[  431.610488][T14436]  ? apparmor_file_permission+0x138/0x450
[  431.616191][T14436]  ? security_file_permission+0x3c/0x90
[  431.621711][T14436]  do_splice+0x9c8/0x1b00
[  431.626017][T14436]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  431.631994][T14436]  ? splice_file_to_pipe+0xf0/0xf0
[  431.637172][T14436]  ? __context_tracking_exit+0x80/0x90
[  431.642883][T14436]  __do_splice+0xf4/0x1b0
[  431.647361][T14436]  ? do_splice+0x1b00/0x1b00
[  431.652100][T14436]  __x64_sys_splice+0x14a/0x200
[  431.656925][T14436]  do_syscall_64+0x35/0x80
[  431.661625][T14436]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  431.667526][T14436] RIP: 0033:0x7f4beae5bc99
[  431.672006][T14436] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  431.691768][T14436] RSP: 002b:00007f4beafffc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  431.700452][T14436] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4beae5bc99
[  431.708405][T14436] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[  431.716569][T14436] RBP: 0000000000000000 R08: 0000000000010976 R09: 0000000000000000
[  431.724577][T14436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4beafffcc8
[  431.733955][T14436] R13: 00007f4beafffce0 R14: 00007f4beafffd20 R15: 00000000000000c0
[  431.748622][T14436]  </TASK>
[  431.752756][T14436] Kernel Offset: disabled
[  431.759210][T14436] Rebooting in 86400 seconds..