[ 127.370492][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[ 188.815322][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[ 188.821629][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[ 196.002820][ T26] Bluetooth: hci0: command 0x0406 tx timeout
[ 250.253934][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[ 250.260274][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[ 311.685485][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[ 311.691790][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[ 373.134301][ T1228] ieee802154 phy0 wpan0: encryption failed: -22
[ 373.140686][ T1228] ieee802154 phy1 wpan1: encryption failed: -22
[ 422.315033][ T45] device hsr_slave_0 left promiscuous mode
[ 422.322763][ T45] device hsr_slave_1 left promiscuous mode
[ 422.330844][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 422.339959][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 422.348493][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 422.356728][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 422.366234][ T45] device bridge_slave_1 left promiscuous mode
[ 422.372369][ T45] bridge0: port 2(bridge_slave_1) entered disabled state
[ 422.380720][ T45] device bridge_slave_0 left promiscuous mode
[ 422.387589][ T45] bridge0: port 1(bridge_slave_0) entered disabled state
[ 422.398831][ T45] device veth1_macvtap left promiscuous mode
[ 422.405098][ T45] device veth0_macvtap left promiscuous mode
[ 422.411402][ T45] device veth1_vlan left promiscuous mode
[ 422.417928][ T45] device veth0_vlan left promiscuous mode
[ 422.520922][ T45] team0 (unregistering): Port device team_slave_1 removed
[ 422.532345][ T45] team0 (unregistering): Port device team_slave_0 removed
[ 422.543630][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 422.558500][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 422.601391][ T45] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
[ 426.148743][T14233] cgroup: Unknown subsys name 'net'
[ 426.156740][T14233] cgroup: Unknown subsys name 'rlimit'
[ 427.209200][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 427.218393][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 427.227802][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 427.238279][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 427.246132][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 427.253614][T14236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 427.314768][T14237] chnl_net:caif_netlink_parms(): no params data found
[ 427.348646][T14237] bridge0: port 1(bridge_slave_0) entered blocking state
[ 427.355871][T14237] bridge0: port 1(bridge_slave_0) entered disabled state
[ 427.363872][T14237] device bridge_slave_0 entered promiscuous mode
[ 427.371527][T14237] bridge0: port 2(bridge_slave_1) entered blocking state
[ 427.379084][T14237] bridge0: port 2(bridge_slave_1) entered disabled state
[ 427.387469][T14237] device bridge_slave_1 entered promiscuous mode
[ 427.406313][T14237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 427.426260][T14237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 427.448498][T14237] team0: Port device team_slave_0 added
[ 427.455535][T14237] team0: Port device team_slave_1 added
[ 427.470849][T14237] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 427.478284][T14237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 427.504514][T14237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 427.516513][T14237] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 427.524000][T14237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 427.550533][T14237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 427.574185][T14237] device hsr_slave_0 entered promiscuous mode
[ 427.581458][T14237] device hsr_slave_1 entered promiscuous mode
[ 427.631439][T14237] bridge0: port 2(bridge_slave_1) entered blocking state
[ 427.638696][T14237] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 427.646181][T14237] bridge0: port 1(bridge_slave_0) entered blocking state
[ 427.653261][T14237] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 427.686948][T14237] 8021q: adding VLAN 0 to HW filter on device bond0
[ 427.698555][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 427.706823][T14229] bridge0: port 1(bridge_slave_0) entered disabled state
[ 427.715700][T14229] bridge0: port 2(bridge_slave_1) entered disabled state
[ 427.723517][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 427.735688][T14237] 8021q: adding VLAN 0 to HW filter on device team0
[ 427.745695][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 427.754019][T14229] bridge0: port 1(bridge_slave_0) entered blocking state
[ 427.761039][T14229] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 427.771498][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 427.779829][ T924] bridge0: port 2(bridge_slave_1) entered blocking state
[ 427.786995][ T924] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 427.803955][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 427.812534][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 427.824815][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 427.835294][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 427.846626][T14237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 427.857803][T14237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 427.866177][T14229] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 427.884574][T14237] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 427.891836][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 427.899735][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 427.914185][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 427.930597][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 427.938911][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 427.946811][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 427.956554][T14237] device veth0_vlan entered promiscuous mode
[ 427.967324][T14237] device veth1_vlan entered promiscuous mode
[ 427.984893][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 427.993143][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 428.001119][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 428.011567][T14237] device veth0_macvtap entered promiscuous mode
[ 428.020705][T14237] device veth1_macvtap entered promiscuous mode
[ 428.035997][T14237] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 428.043394][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 428.053863][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 428.064417][T14237] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 428.073839][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 428.116411][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 428.130766][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 428.140868][ T1052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 428.142815][ T924] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 428.157816][ T1052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 428.167339][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 429.283347][T14229] Bluetooth: hci0: command 0x0409 tx timeout
[ 430.278781][T14436] ==================================================================
[ 430.287197][T14436] BUG: KASAN: use-after-free in dump_schedule+0x68e/0x6f0
[ 430.294382][T14436] Read of size 8 at addr ffff888018f312c0 by task syz-executor275/14436
[ 430.302777][T14436]
[ 430.305257][T14436] CPU: 1 PID: 14436 Comm: syz-executor275 Not tainted 5.18.0-rc7-syzkaller #0
[ 430.314076][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 430.324208][T14436] Call Trace:
[ 430.327469][T14436]
[ 430.330465][T14436] dump_stack_lvl+0x57/0x7d
[ 430.335129][T14436] print_address_description.constprop.0.cold+0xeb/0x495
[ 430.342166][T14436] ? dump_schedule+0x68e/0x6f0
[ 430.347081][T14436] kasan_report.cold+0xf4/0x1c6
[ 430.351997][T14436] ? dump_schedule+0x68e/0x6f0
[ 430.356911][T14436] dump_schedule+0x68e/0x6f0
[ 430.361563][T14436] ? lock_release+0x720/0x720
[ 430.366256][T14436] ? mark_lock.part.0+0xee/0x19a0
[ 430.371552][T14436] ? taprio_offload_get+0x60/0x60
[ 430.376619][T14436] ? memset+0x20/0x40
[ 430.380646][T14436] ? __nla_reserve+0x8f/0xb0
[ 430.385230][T14436] ? memcpy+0x39/0x60
[ 430.389187][T14436] taprio_dump+0x431/0xb70
[ 430.393578][T14436] ? advance_sched+0x920/0x920
[ 430.398315][T14436] ? __nla_reserve+0x8f/0xb0
[ 430.402879][T14436] ? memcpy+0x39/0x60
[ 430.406840][T14436] tc_fill_qdisc+0x570/0xf60
[ 430.411466][T14436] ? lock_downgrade+0x6e0/0x6e0
[ 430.416289][T14436] ? qdisc_class_hash_init+0x210/0x210
[ 430.421771][T14436] ? rcu_read_lock_sched_held+0x3a/0x70
[ 430.427373][T14436] ? memset+0x20/0x40
[ 430.431334][T14436] ? __build_skb_around+0x1f3/0x2b0
[ 430.436557][T14436] ? __alloc_skb+0xca/0x270
[ 430.441040][T14436] qdisc_notify.isra.0+0x22e/0x2a0
[ 430.446214][T14436] tc_modify_qdisc+0xc4d/0x1680
[ 430.451128][T14436] ? __mutex_lock+0x21a/0x12f0
[ 430.455915][T14436] ? qdisc_create.constprop.0+0xdc0/0xdc0
[ 430.461872][T14436] rtnetlink_rcv_msg+0x31d/0x8d0
[ 430.466853][T14436] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 430.471598][T14436] netlink_rcv_skb+0x118/0x370
[ 430.476384][T14436] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 430.481121][T14436] ? netlink_ack+0x940/0x940
[ 430.485689][T14436] ? netlink_deliver_tap+0x131/0xa90
[ 430.491556][T14436] ? netlink_deliver_tap+0x136/0xa90
[ 430.499759][T14436] netlink_unicast+0x433/0x710
[ 430.506760][T14436] ? netlink_attachskb+0x740/0x740
[ 430.512740][T14436] netlink_sendmsg+0x770/0xc20
[ 430.519529][T14436] ? netlink_unicast+0x710/0x710
[ 430.524533][T14436] ? __lock_acquire+0x15bc/0x5660
[ 430.529535][T14436] ? netlink_unicast+0x710/0x710
[ 430.534807][T14436] sock_sendmsg+0xab/0xe0
[ 430.539197][T14436] sock_no_sendpage+0xea/0x130
[ 430.544193][T14436] ? sock_no_shutdown+0x10/0x10
[ 430.549018][T14436] ? lock_release+0x720/0x720
[ 430.553672][T14436] kernel_sendpage.part.0+0x151/0x550
[ 430.559020][T14436] ? kernel_sendpage+0xd0/0xd0
[ 430.563762][T14436] sock_sendpage+0xbd/0x190
[ 430.568246][T14436] pipe_to_sendpage+0x245/0x410
[ 430.573125][T14436] ? propagate_umount+0x1830/0x1830
[ 430.578387][T14436] __splice_from_pipe+0x362/0x810
[ 430.583387][T14436] ? propagate_umount+0x1830/0x1830
[ 430.588611][T14436] generic_splice_sendpage+0xba/0x120
[ 430.594066][T14436] ? __do_sys_vmsplice+0x810/0x810
[ 430.599249][T14436] ? apparmor_file_permission+0x138/0x450
[ 430.605014][T14436] ? security_file_permission+0x3c/0x90
[ 430.610659][T14436] do_splice+0x9c8/0x1b00
[ 430.614966][T14436] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 430.621102][T14436] ? splice_file_to_pipe+0xf0/0xf0
[ 430.626275][T14436] ? __context_tracking_exit+0x80/0x90
[ 430.631823][T14436] __do_splice+0xf4/0x1b0
[ 430.636147][T14436] ? do_splice+0x1b00/0x1b00
[ 430.640725][T14436] __x64_sys_splice+0x14a/0x200
[ 430.645571][T14436] do_syscall_64+0x35/0x80
[ 430.649980][T14436] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 430.655911][T14436] RIP: 0033:0x7f4beae5bc99
[ 430.660333][T14436] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 430.680175][T14436] RSP: 002b:00007f4beafffc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 430.688564][T14436] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4beae5bc99
[ 430.696515][T14436] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[ 430.704546][T14436] RBP: 0000000000000000 R08: 0000000000010976 R09: 0000000000000000
[ 430.712580][T14436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4beafffcc8
[ 430.720536][T14436] R13: 00007f4beafffce0 R14: 00007f4beafffd20 R15: 00000000000000c0
[ 430.728514][T14436]
[ 430.731685][T14436]
[ 430.734008][T14436] Allocated by task 14431:
[ 430.738400][T14436] kasan_save_stack+0x1e/0x40
[ 430.743142][T14436] __kasan_kmalloc+0xa9/0xd0
[ 430.747812][T14436] taprio_change+0x51b/0x3a80
[ 430.752463][T14436] tc_modify_qdisc+0xafd/0x1680
[ 430.757288][T14436] rtnetlink_rcv_msg+0x31d/0x8d0
[ 430.762201][T14436] netlink_rcv_skb+0x118/0x370
[ 430.766952][T14436] netlink_unicast+0x433/0x710
[ 430.771692][T14436] netlink_sendmsg+0x770/0xc20
[ 430.776437][T14436] sock_sendmsg+0xab/0xe0
[ 430.780744][T14436] sock_no_sendpage+0xea/0x130
[ 430.785482][T14436] kernel_sendpage.part.0+0x151/0x550
[ 430.790840][T14436] sock_sendpage+0xbd/0x190
[ 430.795318][T14436] pipe_to_sendpage+0x245/0x410
[ 430.800143][T14436] __splice_from_pipe+0x362/0x810
[ 430.805228][T14436] generic_splice_sendpage+0xba/0x120
[ 430.810575][T14436] do_splice+0x9c8/0x1b00
[ 430.814879][T14436] __do_splice+0xf4/0x1b0
[ 430.819178][T14436] __x64_sys_splice+0x14a/0x200
[ 430.824097][T14436] do_syscall_64+0x35/0x80
[ 430.828493][T14436] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 430.834360][T14436]
[ 430.836664][T14436] Freed by task 0:
[ 430.840356][T14436] kasan_save_stack+0x1e/0x40
[ 430.845011][T14436] kasan_set_track+0x21/0x30
[ 430.849578][T14436] kasan_set_free_info+0x20/0x30
[ 430.854785][T14436] ____kasan_slab_free+0x166/0x1a0
[ 430.860133][T14436] slab_free_freelist_hook+0x8b/0x1c0
[ 430.865567][T14436] kfree+0xd6/0x4d0
[ 430.869350][T14436] rcu_core+0x7b1/0x1880
[ 430.873913][T14436] __do_softirq+0x29b/0x9c2
[ 430.878390][T14436]
[ 430.880696][T14436] Last potentially related work creation:
[ 430.886398][T14436] kasan_save_stack+0x1e/0x40
[ 430.891067][T14436] __kasan_record_aux_stack+0xbe/0xd0
[ 430.896410][T14436] call_rcu+0x99/0x790
[ 430.900455][T14436] taprio_change+0x259a/0x3a80
[ 430.905195][T14436] tc_modify_qdisc+0xafd/0x1680
[ 430.910020][T14436] rtnetlink_rcv_msg+0x31d/0x8d0
[ 430.915072][T14436] netlink_rcv_skb+0x118/0x370
[ 430.919812][T14436] netlink_unicast+0x433/0x710
[ 430.924548][T14436] netlink_sendmsg+0x770/0xc20
[ 430.929283][T14436] sock_sendmsg+0xab/0xe0
[ 430.933772][T14436] sock_no_sendpage+0xea/0x130
[ 430.938685][T14436] kernel_sendpage.part.0+0x151/0x550
[ 430.944025][T14436] sock_sendpage+0xbd/0x190
[ 430.948596][T14436] pipe_to_sendpage+0x245/0x410
[ 430.953425][T14436] __splice_from_pipe+0x362/0x810
[ 430.958437][T14436] generic_splice_sendpage+0xba/0x120
[ 430.963791][T14436] do_splice+0x9c8/0x1b00
[ 430.968192][T14436] __do_splice+0xf4/0x1b0
[ 430.972525][T14436] __x64_sys_splice+0x14a/0x200
[ 430.977351][T14436] do_syscall_64+0x35/0x80
[ 430.981872][T14436] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 430.987767][T14436]
[ 430.990072][T14436] The buggy address belongs to the object at ffff888018f31280
[ 430.990072][T14436] which belongs to the cache kmalloc-96 of size 96
[ 431.004052][T14436] The buggy address is located 64 bytes inside of
[ 431.004052][T14436] 96-byte region [ffff888018f31280, ffff888018f312e0)
[ 431.017390][T14436]
[ 431.019698][T14436] The buggy address belongs to the physical page:
[ 431.026148][T14436] page:ffffea000063cc40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18f31
[ 431.036282][T14436] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 431.043814][T14436] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888010041780
[ 431.052564][T14436] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 431.061212][T14436] page dumped because: kasan: bad access detected
[ 431.067793][T14436] page_owner tracks the page as allocated
[ 431.073517][T14436] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 26, tgid 26 (kworker/1:1), ts 430163053943, free_ts 430161824744
[ 431.093188][T14436] get_page_from_freelist+0x178d/0x3dc0
[ 431.098848][T14436] __alloc_pages+0x1b2/0x500
[ 431.103414][T14436] allocate_slab+0x26c/0x3c0
[ 431.108063][T14436] ___slab_alloc+0x8e1/0xf20
[ 431.112801][T14436] __slab_alloc.constprop.0+0x4d/0xa0
[ 431.118243][T14436] kmem_cache_alloc_trace+0x310/0x3f0
[ 431.123601][T14436] dst_cow_metrics_generic+0x43/0x170
[ 431.129054][T14436] icmp6_dst_alloc+0x447/0x600
[ 431.133946][T14436] mld_sendpack+0x527/0xc70
[ 431.138462][T14436] mld_dad_work+0x177/0x510
[ 431.143035][T14436] process_one_work+0x865/0x13d0
[ 431.148029][T14436] worker_thread+0x598/0xec0
[ 431.153026][T14436] kthread+0x299/0x340
[ 431.157068][T14436] ret_from_fork+0x1f/0x30
[ 431.161481][T14436] page last free stack trace:
[ 431.166221][T14436] free_pcp_prepare+0x549/0xd20
[ 431.171221][T14436] free_unref_page+0x19/0x6a0
[ 431.175878][T14436] tlb_finish_mmu+0x1f1/0x790
[ 431.180606][T14436] exit_mmap+0x19d/0x3f0
[ 431.184906][T14436] __mmput+0xed/0x430
[ 431.188891][T14436] do_exit+0x8e9/0x2470
[ 431.193052][T14436] do_group_exit+0xb2/0x2a0
[ 431.197527][T14436] __x64_sys_exit_group+0x35/0x40
[ 431.202526][T14436] do_syscall_64+0x35/0x80
[ 431.206918][T14436] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 431.212788][T14436]
[ 431.215266][T14436] Memory state around the buggy address:
[ 431.220969][T14436] ffff888018f31180: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 431.229007][T14436] ffff888018f31200: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 431.237241][T14436] >ffff888018f31280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 431.245285][T14436] ^
[ 431.251445][T14436] ffff888018f31300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 431.259776][T14436] ffff888018f31380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 431.267824][T14436] ==================================================================
[ 431.290257][T14436] Kernel panic - not syncing: panic_on_warn set ...
[ 431.297362][T14436] CPU: 1 PID: 14436 Comm: syz-executor275 Not tainted 5.18.0-rc7-syzkaller #0
[ 431.307725][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 431.317772][T14436] Call Trace:
[ 431.321048][T14436]
[ 431.324085][T14436] dump_stack_lvl+0x57/0x7d
[ 431.328713][T14436] panic+0x227/0x466
[ 431.332787][T14436] ? panic_print_sys_info.part.0+0x69/0x69
[ 431.338790][T14436] ? preempt_schedule_common+0x59/0xc0
[ 431.344418][T14436] ? dump_schedule+0x68e/0x6f0
[ 431.349164][T14436] ? preempt_schedule_thunk+0x16/0x18
[ 431.355236][T14436] ? dump_schedule+0x68e/0x6f0
[ 431.360521][T14436] end_report.part.0+0x3f/0x7c
[ 431.365268][T14436] kasan_report.cold+0x93/0x1c6
[ 431.370203][T14436] ? dump_schedule+0x68e/0x6f0
[ 431.375042][T14436] dump_schedule+0x68e/0x6f0
[ 431.379608][T14436] ? lock_release+0x720/0x720
[ 431.384387][T14436] ? mark_lock.part.0+0xee/0x19a0
[ 431.389567][T14436] ? taprio_offload_get+0x60/0x60
[ 431.394568][T14436] ? memset+0x20/0x40
[ 431.398719][T14436] ? __nla_reserve+0x8f/0xb0
[ 431.403293][T14436] ? memcpy+0x39/0x60
[ 431.407338][T14436] taprio_dump+0x431/0xb70
[ 431.411909][T14436] ? advance_sched+0x920/0x920
[ 431.416740][T14436] ? __nla_reserve+0x8f/0xb0
[ 431.421302][T14436] ? memcpy+0x39/0x60
[ 431.425390][T14436] tc_fill_qdisc+0x570/0xf60
[ 431.429961][T14436] ? lock_downgrade+0x6e0/0x6e0
[ 431.435120][T14436] ? qdisc_class_hash_init+0x210/0x210
[ 431.440829][T14436] ? rcu_read_lock_sched_held+0x3a/0x70
[ 431.446628][T14436] ? memset+0x20/0x40
[ 431.450601][T14436] ? __build_skb_around+0x1f3/0x2b0
[ 431.455966][T14436] ? __alloc_skb+0xca/0x270
[ 431.460486][T14436] qdisc_notify.isra.0+0x22e/0x2a0
[ 431.465772][T14436] tc_modify_qdisc+0xc4d/0x1680
[ 431.470599][T14436] ? __mutex_lock+0x21a/0x12f0
[ 431.475351][T14436] ? qdisc_create.constprop.0+0xdc0/0xdc0
[ 431.481310][T14436] rtnetlink_rcv_msg+0x31d/0x8d0
[ 431.486589][T14436] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 431.491448][T14436] netlink_rcv_skb+0x118/0x370
[ 431.496275][T14436] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 431.501016][T14436] ? netlink_ack+0x940/0x940
[ 431.505684][T14436] ? netlink_deliver_tap+0x131/0xa90
[ 431.511045][T14436] ? netlink_deliver_tap+0x136/0xa90
[ 431.516394][T14436] netlink_unicast+0x433/0x710
[ 431.521167][T14436] ? netlink_attachskb+0x740/0x740
[ 431.526355][T14436] netlink_sendmsg+0x770/0xc20
[ 431.531108][T14436] ? netlink_unicast+0x710/0x710
[ 431.536116][T14436] ? __lock_acquire+0x15bc/0x5660
[ 431.541395][T14436] ? netlink_unicast+0x710/0x710
[ 431.546310][T14436] sock_sendmsg+0xab/0xe0
[ 431.550625][T14436] sock_no_sendpage+0xea/0x130
[ 431.555367][T14436] ? sock_no_shutdown+0x10/0x10
[ 431.560237][T14436] ? lock_release+0x720/0x720
[ 431.565062][T14436] kernel_sendpage.part.0+0x151/0x550
[ 431.570409][T14436] ? kernel_sendpage+0xd0/0xd0
[ 431.575147][T14436] sock_sendpage+0xbd/0x190
[ 431.579637][T14436] pipe_to_sendpage+0x245/0x410
[ 431.584549][T14436] ? propagate_umount+0x1830/0x1830
[ 431.589758][T14436] __splice_from_pipe+0x362/0x810
[ 431.594757][T14436] ? propagate_umount+0x1830/0x1830
[ 431.600013][T14436] generic_splice_sendpage+0xba/0x120
[ 431.605369][T14436] ? __do_sys_vmsplice+0x810/0x810
[ 431.610488][T14436] ? apparmor_file_permission+0x138/0x450
[ 431.616191][T14436] ? security_file_permission+0x3c/0x90
[ 431.621711][T14436] do_splice+0x9c8/0x1b00
[ 431.626017][T14436] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 431.631994][T14436] ? splice_file_to_pipe+0xf0/0xf0
[ 431.637172][T14436] ? __context_tracking_exit+0x80/0x90
[ 431.642883][T14436] __do_splice+0xf4/0x1b0
[ 431.647361][T14436] ? do_splice+0x1b00/0x1b00
[ 431.652100][T14436] __x64_sys_splice+0x14a/0x200
[ 431.656925][T14436] do_syscall_64+0x35/0x80
[ 431.661625][T14436] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 431.667526][T14436] RIP: 0033:0x7f4beae5bc99
[ 431.672006][T14436] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 431.691768][T14436] RSP: 002b:00007f4beafffc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 431.700452][T14436] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4beae5bc99
[ 431.708405][T14436] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[ 431.716569][T14436] RBP: 0000000000000000 R08: 0000000000010976 R09: 0000000000000000
[ 431.724577][T14436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4beafffcc8
[ 431.733955][T14436] R13: 00007f4beafffce0 R14: 00007f4beafffd20 R15: 00000000000000c0
[ 431.748622][T14436]
[ 431.752756][T14436] Kernel Offset: disabled
[ 431.759210][T14436] Rebooting in 86400 seconds..