[ 43.358977][ T383] bridge0: port 1(bridge_slave_0) entered disabled state
[ 43.379937][ T383] device veth1_macvtap left promiscuous mode
[ 43.386522][ T383] device veth0_macvtap left promiscuous mode
[ 43.394807][ T383] device veth1_vlan left promiscuous mode
[ 43.400960][ T383] device veth0_vlan left promiscuous mode
[ 43.603925][ T383] team0 (unregistering): Port device team_slave_1 removed
[ 43.616118][ T383] team0 (unregistering): Port device team_slave_0 removed
[ 43.628353][ T383] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 43.641710][ T383] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 43.684796][ T383] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.156' (ECDSA) to the list of known hosts.
2022/05/16 14:36:43 parsed 1 programs
2022/05/16 14:36:43 executed programs: 0
[ 56.007721][ T3954] cgroup: Unknown subsys name 'net'
[ 56.020004][ T3954] cgroup: Unknown subsys name 'rlimit'
[ 59.198815][ T3595] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 63.358859][ T3595] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 66.000729][ T1230] ieee802154 phy0 wpan0: encryption failed: -22
[ 66.007254][ T1230] ieee802154 phy1 wpan1: encryption failed: -22
[ 67.518804][ T3595] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 71.121824][ T140] cfg80211: failed to load regulatory.db
[ 71.678816][ T3595] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 75.838819][ T3595] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 79.998813][ T3595] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 84.158831][ T3595] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 86.245484][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 86.253586][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 86.261617][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 86.269585][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 86.277065][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 86.285062][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 86.348618][ T4067] chnl_net:caif_netlink_parms(): no params data found
[ 86.381451][ T4067] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.388862][ T4067] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.396400][ T4067] device bridge_slave_0 entered promiscuous mode
[ 86.404231][ T4067] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.411706][ T4067] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.419981][ T4067] device bridge_slave_1 entered promiscuous mode
[ 86.437840][ T4067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.448946][ T4067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.469228][ T4067] team0: Port device team_slave_0 added
[ 86.476360][ T4067] team0: Port device team_slave_1 added
[ 86.491601][ T4067] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.498557][ T4067] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.524628][ T4067] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.536211][ T4067] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.543202][ T4067] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.569257][ T4067] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 86.592184][ T4067] device hsr_slave_0 entered promiscuous mode
[ 86.598992][ T4067] device hsr_slave_1 entered promiscuous mode
[ 86.649998][ T4067] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.657139][ T4067] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.664764][ T4067] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.671950][ T4067] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.703508][ T4067] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.715052][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 86.723728][ T3257] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.731499][ T3257] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.740151][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 86.753162][ T4067] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.762968][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 86.771394][ T3257] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.778434][ T3257] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.789619][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 86.798145][ T3604] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.805232][ T3604] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.819767][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 86.828457][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 86.839117][ T3604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 86.852716][ T4067] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 86.865410][ T4067] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 86.877475][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 86.885774][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 86.896052][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 86.909348][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 86.916727][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 86.928048][ T4067] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.080753][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 87.090243][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 87.098209][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 87.106021][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 87.115802][ T4067] device veth0_vlan entered promiscuous mode
[ 87.128550][ T4067] device veth1_vlan entered promiscuous mode
[ 87.144965][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 87.153488][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 87.161740][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 87.171811][ T4067] device veth0_macvtap entered promiscuous mode
[ 87.181100][ T4067] device veth1_macvtap entered promiscuous mode
[ 87.194950][ T4067] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.203139][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 87.213145][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 87.224144][ T4067] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.232397][ T3257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 87.274452][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.287859][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.298442][ T383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.299042][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 87.306974][ T383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.323779][ T1128] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 87.618825][ T1128] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 88.139312][ T1128] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 88.148721][ T1128] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 88.156862][ T1128] usb 1-1: Product: syz
[ 88.161380][ T1128] usb 1-1: Manufacturer: syz
[ 88.166046][ T1128] usb 1-1: SerialNumber: syz
[ 88.211055][ T1128] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 88.330205][ T3257] Bluetooth: hci0: command 0x0409 tx timeout
[ 88.788826][ T1128] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 89.008890][ C1] usb 1-1: ath: unknown panic pattern!
[ 89.018312][ T3604] usb 1-1: USB disconnect, device number 2
2022/05/16 14:37:17 executed programs: 1
[ 89.838770][ T1128] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 89.845833][ T1128] ath9k_htc: Failed to initialize the device
[ 89.853240][ T3604] usb 1-1: ath9k_htc: USB layer deinitialized
[ 90.229501][ T3604] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 90.399774][ T140] Bluetooth: hci0: command 0x041b tx timeout
[ 90.748920][ T3604] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 90.758822][ T3604] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 90.766966][ T3604] usb 1-1: Product: syz
[ 90.771417][ T3604] usb 1-1: Manufacturer: syz
[ 90.776004][ T3604] usb 1-1: SerialNumber: syz
[ 90.821486][ T3604] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 91.388851][ T3604] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 91.608889][ C1] usb 1-1: ath: unknown panic pattern!
[ 91.614973][ T1128] usb 1-1: USB disconnect, device number 3
[ 92.479011][ T3604] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 92.479045][ T3257] Bluetooth: hci0: command 0x040f tx timeout
[ 92.486675][ T3604] ath9k_htc: Failed to initialize the device
[ 92.499078][ T1128] usb 1-1: ath9k_htc: USB layer deinitialized
[ 92.848758][ T1128] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 93.388869][ T1128] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 93.397914][ T1128] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 93.405974][ T1128] usb 1-1: Product: syz
[ 93.410335][ T1128] usb 1-1: Manufacturer: syz
[ 93.414926][ T1128] usb 1-1: SerialNumber: syz
[ 93.459564][ T1128] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 94.028885][ T1128] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 94.248855][ C1] usb 1-1: ath: unknown panic pattern!
[ 94.256715][ T3603] usb 1-1: USB disconnect, device number 4
[ 94.558787][ T140] Bluetooth: hci0: command 0x0419 tx timeout
2022/05/16 14:37:22 executed programs: 3
[ 95.118737][ T1128] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 95.125800][ T1128] ath9k_htc: Failed to initialize the device
[ 95.132277][ T3603] usb 1-1: ath9k_htc: USB layer deinitialized
[ 95.488748][ T3603] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 96.018921][ T3603] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 96.027965][ T3603] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 96.036254][ T3603] usb 1-1: Product: syz
[ 96.040817][ T3603] usb 1-1: Manufacturer: syz
[ 96.045403][ T3603] usb 1-1: SerialNumber: syz
[ 96.089892][ T3603] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 96.738822][ T3603] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 96.958910][ C1] usb 1-1: ath: unknown panic pattern!
[ 96.961543][ T140] usb 1-1: USB disconnect, device number 5
[ 96.964587][ C1] ==================================================================
[ 96.978420][ C1] BUG: KASAN: use-after-free in kfree_skb_reason+0x28/0xb0
[ 96.985606][ C1] Read of size 4 at addr ffff8880235bed54 by task swapper/1/0
[ 96.993028][ C1]
[ 96.995371][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.18.0-rc7-syzkaller #0
[ 97.003450][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 97.013665][ C1] Call Trace:
[ 97.017058][ C1]
[ 97.019883][ C1] dump_stack_lvl+0x57/0x7d
[ 97.024768][ C1] print_address_description.constprop.0.cold+0xeb/0x495
[ 97.031776][ C1] ? kfree_skb_reason+0x28/0xb0
[ 97.036604][ C1] kasan_report.cold+0xf4/0x1c6
[ 97.041435][ C1] ? kfree_skb_reason+0x28/0xb0
[ 97.046255][ C1] kasan_check_range+0x13d/0x180
[ 97.051250][ C1] kfree_skb_reason+0x28/0xb0
[ 97.055900][ C1] ath9k_hif_usb_reg_in_cb+0x470/0x600
[ 97.061791][ C1] ? led_trigger_blink_setup.part.0+0xee/0x1a0
[ 97.068265][ C1] __usb_hcd_giveback_urb+0x238/0x3f0
[ 97.073608][ C1] dummy_timer+0xeb8/0x2eb0
[ 97.078084][ C1] ? __lock_acquire+0x15bc/0x5660
[ 97.083089][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.088975][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.094053][ C1] call_timer_fn+0x163/0x4a0
[ 97.098613][ C1] ? timer_fixup_activate+0x240/0x240
[ 97.103956][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 97.108775][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 97.113707][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.118441][ C1] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 97.124849][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.130027][ C1] __run_timers.part.0+0x530/0x8e0
[ 97.135113][ C1] ? call_timer_fn+0x4a0/0x4a0
[ 97.139947][ C1] ? kvm_sched_clock_read+0x14/0x40
[ 97.145117][ C1] ? sched_clock_cpu+0x15/0x1f0
[ 97.149951][ C1] run_timer_softirq+0x9c/0x190
[ 97.154774][ C1] __do_softirq+0x29b/0x9c2
[ 97.159256][ C1] __irq_exit_rcu+0x123/0x180
[ 97.163904][ C1] irq_exit_rcu+0x5/0x20
[ 97.168371][ C1] sysvec_apic_timer_interrupt+0x93/0xc0
[ 97.174072][ C1]
[ 97.176982][ C1]
[ 97.179893][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 97.185939][ C1] RIP: 0010:acpi_idle_do_entry+0x15e/0x1c0
[ 97.191719][ C1] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 6a 48 8b 45 00 a8 08 75 c9 e8 5d d2 e1 f8 eb 07 0f 00 2d 54 ff bc 00 fb f4 <9c> 58 fa f6 c4 02 74 b1 5d e9 34 d1 e1 f8 48 89 ef 5d e9 ab f9 ff
[ 97.211575][ C1] RSP: 0018:ffffc90000177d38 EFLAGS: 00000202
[ 97.217614][ C1] RAX: 0000000000053d25 RBX: ffff88801533d065 RCX: 1ffffffff194d489
[ 97.225558][ C1] RDX: 0000000000000000 RSI: ffffffff88eb90a0 RDI: ffffffff8942c2a0
[ 97.233499][ C1] RBP: ffff88800fe71d40 R08: 0000000000000001 R09: 0000000000000001
[ 97.241442][ C1] R10: ffffed1001fce3a8 R11: 0000000000000001 R12: 0000000000000001
[ 97.249395][ C1] R13: ffff88801533d064 R14: ffffffff8b7396c0 R15: ffff8881474b4804
[ 97.257348][ C1] ? acpi_idle_do_entry+0x153/0x1c0
[ 97.262760][ C1] acpi_idle_enter+0x2c0/0x4b0
[ 97.267505][ C1] cpuidle_enter_state+0x152/0xb40
[ 97.273377][ C1] cpuidle_enter+0x45/0xa0
[ 97.277778][ C1] do_idle+0x3e8/0x590
[ 97.281967][ C1] ? arch_cpu_idle_exit+0x30/0x30
[ 97.287018][ C1] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 97.293064][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 97.298847][ C1] cpu_startup_entry+0x14/0x20
[ 97.303678][ C1] start_secondary+0x224/0x2c0
[ 97.308415][ C1] ? init_freq_invariance+0x530/0x530
[ 97.313759][ C1] secondary_startup_64_no_verify+0xc3/0xcb
[ 97.319625][ C1]
[ 97.322617][ C1]
[ 97.324918][ C1] Allocated by task 3603:
[ 97.329225][ C1] kasan_save_stack+0x1e/0x40
[ 97.333896][ C1] __kasan_slab_alloc+0x90/0xc0
[ 97.338723][ C1] kmem_cache_alloc_node+0x255/0x3f0
[ 97.343973][ C1] __alloc_skb+0x151/0x270
[ 97.348359][ C1] ath9k_hif_usb_alloc_urbs+0x877/0xef0
[ 97.353872][ C1] ath9k_hif_usb_firmware_cb+0x121/0x4d0
[ 97.359483][ C1] request_firmware_work_func+0x126/0x230
[ 97.365452][ C1] process_one_work+0x865/0x13d0
[ 97.370365][ C1] worker_thread+0x598/0xec0
[ 97.374924][ C1] kthread+0x299/0x340
[ 97.378964][ C1] ret_from_fork+0x1f/0x30
[ 97.383589][ C1]
[ 97.385904][ C1] Freed by task 0:
[ 97.389680][ C1] kasan_save_stack+0x1e/0x40
[ 97.394330][ C1] kasan_set_track+0x21/0x30
[ 97.398894][ C1] kasan_set_free_info+0x20/0x30
[ 97.403982][ C1] ____kasan_slab_free+0x166/0x1a0
[ 97.409063][ C1] slab_free_freelist_hook+0x8b/0x1c0
[ 97.414404][ C1] kmem_cache_free+0xdd/0x5a0
[ 97.419055][ C1] ath9k_hif_usb_reg_in_cb+0x178/0x600
[ 97.424496][ C1] __usb_hcd_giveback_urb+0x238/0x3f0
[ 97.429844][ C1] dummy_timer+0xeb8/0x2eb0
[ 97.434322][ C1] call_timer_fn+0x163/0x4a0
[ 97.439060][ C1] __run_timers.part.0+0x530/0x8e0
[ 97.444153][ C1] run_timer_softirq+0x9c/0x190
[ 97.448977][ C1] __do_softirq+0x29b/0x9c2
[ 97.453445][ C1]
[ 97.455742][ C1] The buggy address belongs to the object at ffff8880235bec80
[ 97.455742][ C1] which belongs to the cache skbuff_head_cache of size 224
[ 97.470289][ C1] The buggy address is located 212 bytes inside of
[ 97.470289][ C1] 224-byte region [ffff8880235bec80, ffff8880235bed60)
[ 97.483899][ C1]
[ 97.486205][ C1] The buggy address belongs to the physical page:
[ 97.492595][ C1] page:ffffea00008d6f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x235be
[ 97.502975][ C1] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 97.510496][ C1] raw: 00fff00000000200 ffffea00005ef9c0 dead000000000002 ffff888140aee500
[ 97.519052][ C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 97.527617][ C1] page dumped because: kasan: bad access detected
[ 97.533997][ C1] page_owner tracks the page as allocated
[ 97.539684][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2961, tgid 2961 (udevd), ts 12079950250, free_ts 12055431560
[ 97.557455][ C1] get_page_from_freelist+0x178d/0x3dc0
[ 97.562980][ C1] __alloc_pages+0x1b2/0x500
[ 97.567548][ C1] allocate_slab+0x26c/0x3c0
[ 97.572110][ C1] ___slab_alloc+0x8e1/0xf20
[ 97.576705][ C1] __slab_alloc.constprop.0+0x4d/0xa0
[ 97.582044][ C1] kmem_cache_alloc_node+0x122/0x3f0
[ 97.587303][ C1] __alloc_skb+0x151/0x270
[ 97.591700][ C1] netlink_sendmsg+0x7f3/0xc20
[ 97.596433][ C1] sock_sendmsg+0xab/0xe0
[ 97.601169][ C1] ____sys_sendmsg+0x5b9/0x7a0
[ 97.605905][ C1] ___sys_sendmsg+0xd3/0x150
[ 97.610642][ C1] __sys_sendmsg+0xb2/0x140
[ 97.615110][ C1] do_syscall_64+0x35/0x80
[ 97.619499][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 97.625377][ C1] page last free stack trace:
[ 97.630031][ C1] free_pcp_prepare+0x549/0xd20
[ 97.634849][ C1] free_unref_page+0x19/0x6a0
[ 97.639508][ C1] __unfreeze_partials+0x17c/0x1a0
[ 97.644595][ C1] qlist_free_all+0x6a/0x170
[ 97.649223][ C1] kasan_quarantine_reduce+0x180/0x200
[ 97.654659][ C1] __kasan_slab_alloc+0xa2/0xc0
[ 97.659638][ C1] __kmalloc+0x200/0x350
[ 97.663868][ C1] tomoyo_realpath_from_path+0xb0/0x6a0
[ 97.669481][ C1] tomoyo_check_open_permission+0x21c/0x2c0
[ 97.675356][ C1] security_file_open+0x34/0x80
[ 97.680358][ C1] do_dentry_open+0x300/0xfd0
[ 97.685007][ C1] path_openat+0x9cf/0x2360
[ 97.689486][ C1] do_filp_open+0x199/0x3d0
[ 97.693964][ C1] do_sys_openat2+0x11e/0x3f0
[ 97.698615][ C1] __x64_sys_openat+0x11b/0x1d0
[ 97.703436][ C1] do_syscall_64+0x35/0x80
[ 97.707860][ C1]
[ 97.710161][ C1] Memory state around the buggy address:
[ 97.715761][ C1] ffff8880235bec00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.723815][ C1] ffff8880235bec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.731843][ C1] >ffff8880235bed00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 97.739955][ C1] ^
[ 97.746591][ C1] ffff8880235bed80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 97.754840][ C1] ffff8880235bee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.763398][ C1] ==================================================================
[ 97.771433][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 97.777995][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.18.0-rc7-syzkaller #0
[ 97.786036][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 97.796179][ C1] Call Trace:
[ 97.799448][ C1]
[ 97.802268][ C1] dump_stack_lvl+0x57/0x7d
[ 97.806856][ C1] panic+0x227/0x466
[ 97.810732][ C1] ? panic_print_sys_info.part.0+0x69/0x69
[ 97.816514][ C1] ? kfree_skb_reason+0x28/0xb0
[ 97.821337][ C1] end_report.part.0+0x3f/0x7c
[ 97.826156][ C1] kasan_report.cold+0x93/0x1c6
[ 97.830981][ C1] ? kfree_skb_reason+0x28/0xb0
[ 97.835826][ C1] kasan_check_range+0x13d/0x180
[ 97.840734][ C1] kfree_skb_reason+0x28/0xb0
[ 97.845380][ C1] ath9k_hif_usb_reg_in_cb+0x470/0x600
[ 97.850809][ C1] ? led_trigger_blink_setup.part.0+0xee/0x1a0
[ 97.856933][ C1] __usb_hcd_giveback_urb+0x238/0x3f0
[ 97.862292][ C1] dummy_timer+0xeb8/0x2eb0
[ 97.866770][ C1] ? __lock_acquire+0x15bc/0x5660
[ 97.871769][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.876763][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.881493][ C1] call_timer_fn+0x163/0x4a0
[ 97.886144][ C1] ? timer_fixup_activate+0x240/0x240
[ 97.891485][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 97.896476][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 97.901383][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.906201][ C1] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 97.912155][ C1] ? dummy_dequeue+0x4a0/0x4a0
[ 97.916889][ C1] __run_timers.part.0+0x530/0x8e0
[ 97.921979][ C1] ? call_timer_fn+0x4a0/0x4a0
[ 97.926711][ C1] ? kvm_sched_clock_read+0x14/0x40
[ 97.931878][ C1] ? sched_clock_cpu+0x15/0x1f0
[ 97.936697][ C1] run_timer_softirq+0x9c/0x190
[ 97.941514][ C1] __do_softirq+0x29b/0x9c2
[ 97.946015][ C1] __irq_exit_rcu+0x123/0x180
[ 97.950664][ C1] irq_exit_rcu+0x5/0x20
[ 97.954881][ C1] sysvec_apic_timer_interrupt+0x93/0xc0
[ 97.960845][ C1]
[ 97.963756][ C1]
[ 97.966670][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 97.972628][ C1] RIP: 0010:acpi_idle_do_entry+0x15e/0x1c0
[ 97.978406][ C1] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 6a 48 8b 45 00 a8 08 75 c9 e8 5d d2 e1 f8 eb 07 0f 00 2d 54 ff bc 00 fb f4 <9c> 58 fa f6 c4 02 74 b1 5d e9 34 d1 e1 f8 48 89 ef 5d e9 ab f9 ff
[ 97.997983][ C1] RSP: 0018:ffffc90000177d38 EFLAGS: 00000202
[ 98.004021][ C1] RAX: 0000000000053d25 RBX: ffff88801533d065 RCX: 1ffffffff194d489
[ 98.012050][ C1] RDX: 0000000000000000 RSI: ffffffff88eb90a0 RDI: ffffffff8942c2a0
[ 98.019992][ C1] RBP: ffff88800fe71d40 R08: 0000000000000001 R09: 0000000000000001
[ 98.029174][ C1] R10: ffffed1001fce3a8 R11: 0000000000000001 R12: 0000000000000001
[ 98.037207][ C1] R13: ffff88801533d064 R14: ffffffff8b7396c0 R15: ffff8881474b4804
[ 98.045165][ C1] ? acpi_idle_do_entry+0x153/0x1c0
[ 98.050348][ C1] acpi_idle_enter+0x2c0/0x4b0
[ 98.055098][ C1] cpuidle_enter_state+0x152/0xb40
[ 98.060191][ C1] cpuidle_enter+0x45/0xa0
[ 98.064665][ C1] do_idle+0x3e8/0x590
[ 98.068708][ C1] ? arch_cpu_idle_exit+0x30/0x30
[ 98.073702][ C1] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 98.079736][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 98.085527][ C1] cpu_startup_entry+0x14/0x20
[ 98.090287][ C1] start_secondary+0x224/0x2c0
[ 98.095065][ C1] ? init_freq_invariance+0x530/0x530
[ 98.100409][ C1] secondary_startup_64_no_verify+0xc3/0xcb
[ 98.106288][ C1]
[ 98.109352][ C1] Kernel Offset: disabled
[ 98.113656][ C1] Rebooting in 86400 seconds..