Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts.
2024/04/23 06:47:54 ignoring optional flag "sandboxArg"="0"
2024/04/23 06:47:55 parsed 1 programs
2024/04/23 06:47:56 executed programs: 0
[   90.303962][ T5425] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   90.360997][ T4481] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   90.369381][ T4481] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   90.377760][ T4481] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   90.385947][ T4481] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   90.394284][ T4481] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   90.402741][ T4481] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   90.532150][ T5433] chnl_net:caif_netlink_parms(): no params data found
[   90.586156][ T5433] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.593623][ T5433] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.601063][ T5433] bridge_slave_0: entered allmulticast mode
[   90.609218][ T5433] bridge_slave_0: entered promiscuous mode
[   90.617326][ T5433] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.625333][ T5433] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.633295][ T5433] bridge_slave_1: entered allmulticast mode
[   90.640507][ T5433] bridge_slave_1: entered promiscuous mode
[   90.665861][ T5433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.678161][ T5433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.710140][ T5433] team0: Port device team_slave_0 added
[   90.719880][ T5433] team0: Port device team_slave_1 added
[   90.742413][ T5433] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.749768][ T5433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.776251][ T5433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.790627][ T5433] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.797792][ T5433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.823918][ T5433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.858346][ T5433] hsr_slave_0: entered promiscuous mode
[   90.864885][ T5433] hsr_slave_1: entered promiscuous mode
[   91.451207][ T5433] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.464560][ T5433] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.476737][ T5433] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.489536][ T5433] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.520010][ T5433] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.527227][ T5433] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.534899][ T5433] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.542155][ T5433] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.555192][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.563796][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.651558][ T5433] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.679244][ T5433] 8021q: adding VLAN 0 to HW filter on device team0
[   91.694556][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.701878][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.730796][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.738118][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.961044][ T5433] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.025331][ T5433] veth0_vlan: entered promiscuous mode
[   92.044271][ T5433] veth1_vlan: entered promiscuous mode
[   92.087452][ T5433] veth0_macvtap: entered promiscuous mode
[   92.101878][ T5433] veth1_macvtap: entered promiscuous mode
[   92.126759][ T5433] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.150632][ T5433] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.166670][ T5433] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.180492][ T5433] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.190631][ T5433] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.201174][ T5433] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.290211][ T2427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.307270][ T2427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.340507][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.349062][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.420235][ T5499] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.483082][ T5504] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.497990][ T5084] Bluetooth: hci0: command tx timeout
[   92.547177][ T5508] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.610818][ T5513] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.676324][ T5517] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.740921][ T5520] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.790855][ T5523] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.856577][ T5526] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.894289][ T5531] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.964071][ T5535] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   94.567700][ T5084] Bluetooth: hci0: command tx timeout
2024/04/23 06:48:01 executed programs: 76
[   96.648065][ T5084] Bluetooth: hci0: command tx timeout
[   97.431638][ T5965] __nla_validate_parse: 143 callbacks suppressed
[   97.431658][ T5965] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.480594][ T5969] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.512143][ T5973] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.545341][ T5975] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.579998][ T5979] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.614681][ T5982] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.649107][ T5984] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.682309][ T5987] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.723072][ T5990] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   97.759144][ T5993] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   98.728075][ T5084] Bluetooth: hci0: command tx timeout
2024/04/23 06:48:06 executed programs: 261
[  102.451433][ T6538] __nla_validate_parse: 210 callbacks suppressed
[  102.451454][ T6538] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.484273][ T6540] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.509868][ T6542] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.537447][ T6544] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.563390][ T6546] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.589742][ T6548] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.614549][ T6550] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.641413][ T6552] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.668704][ T6554] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  102.694356][ T6556] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  104.230272][ T6750] ==================================================================
[  104.238383][ T6750] BUG: KASAN: slab-use-after-free in taprio_dump+0x857/0xd50
[  104.245900][ T6750] Read of size 4 at addr ffff88807ccbc4c0 by task syz-executor.0/6750
[  104.254053][ T6750] 
[  104.256371][ T6750] CPU: 0 PID: 6750 Comm: syz-executor.0 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0
[  104.267040][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  104.277541][ T6750] Call Trace:
[  104.280844][ T6750]  <TASK>
[  104.283780][ T6750]  dump_stack_lvl+0x241/0x360
[  104.288503][ T6750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.293728][ T6750]  ? __pfx__printk+0x10/0x10
[  104.298355][ T6750]  ? _printk+0xd5/0x120
[  104.302592][ T6750]  ? __virt_addr_valid+0x183/0x520
[  104.307708][ T6750]  ? __virt_addr_valid+0x183/0x520
[  104.312907][ T6750]  print_report+0x169/0x550
[  104.317400][ T6750]  ? __virt_addr_valid+0x183/0x520
[  104.322694][ T6750]  ? __virt_addr_valid+0x183/0x520
[  104.327813][ T6750]  ? __virt_addr_valid+0x44e/0x520
[  104.333006][ T6750]  ? __phys_addr+0xba/0x170
[  104.337626][ T6750]  ? taprio_dump+0x857/0xd50
[  104.342233][ T6750]  kasan_report+0x143/0x180
[  104.346739][ T6750]  ? taprio_dump+0x857/0xd50
[  104.351323][ T6750]  taprio_dump+0x857/0xd50
[  104.355733][ T6750]  ? __alloc_skb+0x1f3/0x440
[  104.360327][ T6750]  ? __pfx_taprio_dump+0x10/0x10
[  104.365747][ T6750]  ? __asan_memcpy+0x40/0x70
[  104.370365][ T6750]  ? nla_put+0x131/0x1e0
[  104.374721][ T6750]  tc_fill_qdisc+0x6a9/0x1210
[  104.379522][ T6750]  ? __alloc_skb+0x1f3/0x440
[  104.384116][ T6750]  ? __pfx_tc_fill_qdisc+0x10/0x10
[  104.389236][ T6750]  ? __build_skb_around+0x245/0x3d0
[  104.394480][ T6750]  ? __pfx___alloc_skb+0x10/0x10
[  104.399420][ T6750]  qdisc_notify+0x2ec/0x4b0
[  104.403926][ T6750]  tc_modify_qdisc+0x1c58/0x1e40
[  104.408877][ T6750]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  104.414526][ T6750]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  104.419829][ T6750]  rtnetlink_rcv_msg+0x89b/0x10d0
[  104.425225][ T6750]  ? rtnetlink_rcv_msg+0x208/0x10d0
[  104.430684][ T6750]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  104.437038][ T6750]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  104.442670][ T6750]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  104.448728][ T6750]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  104.455172][ T6750]  ? __local_bh_enable_ip+0x168/0x200
[  104.460535][ T6750]  ? lockdep_hardirqs_on+0x99/0x150
[  104.465847][ T6750]  ? __local_bh_enable_ip+0x168/0x200
[  104.471217][ T6750]  ? dev_hard_start_xmit+0x773/0x7e0
[  104.476582][ T6750]  ? __dev_queue_xmit+0x2c7/0x3ca0
[  104.482028][ T6750]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  104.487828][ T6750]  ? __dev_queue_xmit+0x2c7/0x3ca0
[  104.492931][ T6750]  ? __dev_queue_xmit+0x1697/0x3ca0
[  104.498175][ T6750]  ? __dev_queue_xmit+0x2c7/0x3ca0
[  104.503287][ T6750]  ? ref_tracker_free+0x643/0x7e0
[  104.508310][ T6750]  netlink_rcv_skb+0x1e3/0x430
[  104.513163][ T6750]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  104.518619][ T6750]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  104.523904][ T6750]  ? netlink_deliver_tap+0x2e/0x1b0
[  104.529214][ T6750]  netlink_unicast+0x7ea/0x980
[  104.534154][ T6750]  ? __pfx_netlink_unicast+0x10/0x10
[  104.539532][ T6750]  ? __virt_addr_valid+0x44e/0x520
[  104.544735][ T6750]  ? __phys_addr_symbol+0x2f/0x70
[  104.549758][ T6750]  ? __check_object_size+0x4bc/0xa00
[  104.555143][ T6750]  ? bpf_lsm_netlink_send+0x9/0x10
[  104.560273][ T6750]  netlink_sendmsg+0x8e1/0xcb0
[  104.565338][ T6750]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.570701][ T6750]  ? __import_iovec+0x536/0x820
[  104.575673][ T6750]  ? aa_sock_msg_perm+0x91/0x160
[  104.580624][ T6750]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  104.585912][ T6750]  ? security_socket_sendmsg+0x87/0xb0
[  104.591497][ T6750]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.596881][ T6750]  __sock_sendmsg+0x221/0x270
[  104.601732][ T6750]  ____sys_sendmsg+0x525/0x7d0
[  104.606598][ T6750]  ? __pfx_____sys_sendmsg+0x10/0x10
[  104.612063][ T6750]  __sys_sendmsg+0x2b0/0x3a0
[  104.616746][ T6750]  ? __pfx___sys_sendmsg+0x10/0x10
[  104.621862][ T6750]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  104.628195][ T6750]  ? do_syscall_64+0x102/0x240
[  104.633656][ T6750]  ? do_syscall_64+0xb6/0x240
[  104.638331][ T6750]  do_syscall_64+0xf5/0x240
[  104.642832][ T6750]  ? clear_bhb_loop+0x35/0x90
[  104.647508][ T6750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.653519][ T6750] RIP: 0033:0x7fe67847de69
[  104.658127][ T6750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  104.678287][ T6750] RSP: 002b:00007fe6791be0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.686799][ T6750] RAX: ffffffffffffffda RBX: 00007fe6785abf80 RCX: 00007fe67847de69
[  104.694970][ T6750] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[  104.703150][ T6750] RBP: 00007fe6784ca47a R08: 0000000000000000 R09: 0000000000000000
[  104.711139][ T6750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.719206][ T6750] R13: 000000000000000b R14: 00007fe6785abf80 R15: 00007fff9a410bb8
[  104.727353][ T6750]  </TASK>
[  104.730370][ T6750] 
[  104.732686][ T6750] Allocated by task 6742:
[  104.737022][ T6750]  kasan_save_track+0x3f/0x80
[  104.742063][ T6750]  __kasan_kmalloc+0x98/0xb0
[  104.747504][ T6750]  kmalloc_trace+0x1db/0x360
[  104.752174][ T6750]  taprio_change+0x1030/0x42d0
[  104.757039][ T6750]  tc_modify_qdisc+0x190d/0x1e40
[  104.762279][ T6750]  rtnetlink_rcv_msg+0x89b/0x10d0
[  104.767586][ T6750]  netlink_rcv_skb+0x1e3/0x430
[  104.772537][ T6750]  netlink_unicast+0x7ea/0x980
[  104.777400][ T6750]  netlink_sendmsg+0x8e1/0xcb0
[  104.782400][ T6750]  __sock_sendmsg+0x221/0x270
[  104.787247][ T6750]  ____sys_sendmsg+0x525/0x7d0
[  104.792008][ T6750]  __sys_sendmsg+0x2b0/0x3a0
[  104.796674][ T6750]  do_syscall_64+0xf5/0x240
[  104.801190][ T6750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.807251][ T6750] 
[  104.809577][ T6750] Freed by task 5433:
[  104.813564][ T6750]  kasan_save_track+0x3f/0x80
[  104.818282][ T6750]  kasan_save_free_info+0x40/0x50
[  104.823312][ T6750]  poison_slab_object+0xa6/0xe0
[  104.828341][ T6750]  __kasan_slab_free+0x37/0x60
[  104.833193][ T6750]  kfree+0x153/0x3a0
[  104.837093][ T6750]  rcu_core+0xafd/0x1830
[  104.841334][ T6750]  __do_softirq+0x2c6/0x980
[  104.845826][ T6750] 
[  104.848331][ T6750] Last potentially related work creation:
[  104.854032][ T6750]  kasan_save_stack+0x3f/0x60
[  104.858810][ T6750]  __kasan_record_aux_stack+0xac/0xc0
[  104.865056][ T6750]  call_rcu+0x167/0xa70
[  104.869381][ T6750]  taprio_change+0x32d9/0x42d0
[  104.874255][ T6750]  tc_modify_qdisc+0x190d/0x1e40
[  104.879187][ T6750]  rtnetlink_rcv_msg+0x89b/0x10d0
[  104.884206][ T6750]  netlink_rcv_skb+0x1e3/0x430
[  104.889155][ T6750]  netlink_unicast+0x7ea/0x980
[  104.894144][ T6750]  netlink_sendmsg+0x8e1/0xcb0
[  104.899717][ T6750]  __sock_sendmsg+0x221/0x270
[  104.904659][ T6750]  ____sys_sendmsg+0x525/0x7d0
[  104.909435][ T6750]  __sys_sendmsg+0x2b0/0x3a0
[  104.914223][ T6750]  do_syscall_64+0xf5/0x240
[  104.918862][ T6750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.924756][ T6750] 
[  104.927078][ T6750] The buggy address belongs to the object at ffff88807ccbc400
[  104.927078][ T6750]  which belongs to the cache kmalloc-512 of size 512
[  104.941564][ T6750] The buggy address is located 192 bytes inside of
[  104.941564][ T6750]  freed 512-byte region [ffff88807ccbc400, ffff88807ccbc600)
[  104.955527][ T6750] 
[  104.957846][ T6750] The buggy address belongs to the physical page:
[  104.964342][ T6750] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ccbc
[  104.973298][ T6750] head: order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  104.980931][ T6750] flags: 0xfff80000000840(slab|head|node=0|zone=1|lastcpupid=0xfff)
[  104.988912][ T6750] page_type: 0xffffffff()
[  104.993239][ T6750] raw: 00fff80000000840 ffff888015041c80 dead000000000100 dead000000000122
[  105.001815][ T6750] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  105.010421][ T6750] head: 00fff80000000840 ffff888015041c80 dead000000000100 dead000000000122
[  105.019084][ T6750] head: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  105.027930][ T6750] head: 00fff80000000002 ffffea0001f32f01 dead000000000122 00000000ffffffff
[  105.036607][ T6750] head: 0000000400000000 0000000000000000 00000000ffffffff 0000000000000000
[  105.045299][ T6750] page dumped because: kasan: bad access detected
[  105.051976][ T6750] page_owner tracks the page as allocated
[  105.057948][ T6750] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4542, tgid -450141120 (udevd), ts 4542, free_ts 33905308295
[  105.078698][ T6750]  post_alloc_hook+0x1ea/0x210
[  105.083644][ T6750]  get_page_from_freelist+0x3410/0x35b0
[  105.089272][ T6750]  __alloc_pages+0x256/0x6c0
[  105.093940][ T6750]  alloc_slab_page+0x5f/0x160
[  105.098616][ T6750]  new_slab+0x84/0x2f0
[  105.102708][ T6750]  ___slab_alloc+0xc73/0x1260
[  105.107639][ T6750]  kmalloc_trace+0x269/0x360
[  105.112221][ T6750]  kernfs_fop_open+0x3e0/0xd10
[  105.117166][ T6750]  do_dentry_open+0x907/0x15a0
[  105.122016][ T6750]  path_openat+0x2860/0x3240
[  105.126616][ T6750]  do_filp_open+0x235/0x490
[  105.131143][ T6750]  do_sys_openat2+0x13e/0x1d0
[  105.135816][ T6750]  __x64_sys_openat+0x247/0x2a0
[  105.140669][ T6750]  do_syscall_64+0xf5/0x240
[  105.145217][ T6750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.151459][ T6750] page last free pid 4539 tgid 4539 stack trace:
[  105.157965][ T6750]  free_unref_page_prepare+0x986/0xab0
[  105.163452][ T6750]  free_unref_page+0x37/0x3f0
[  105.168186][ T6750]  __slab_free+0x31b/0x3d0
[  105.172681][ T6750]  qlist_free_all+0x5e/0xc0
[  105.177227][ T6750]  kasan_quarantine_reduce+0x14f/0x170
[  105.182875][ T6750]  __kasan_slab_alloc+0x23/0x80
[  105.187819][ T6750]  kmalloc_trace+0x16f/0x360
[  105.192434][ T6750]  kernfs_fop_open+0x3e0/0xd10
[  105.197197][ T6750]  do_dentry_open+0x907/0x15a0
[  105.202040][ T6750]  path_openat+0x2860/0x3240
[  105.206975][ T6750]  do_filp_open+0x235/0x490
[  105.211566][ T6750]  do_sys_openat2+0x13e/0x1d0
[  105.216233][ T6750]  __x64_sys_openat+0x247/0x2a0
[  105.221077][ T6750]  do_syscall_64+0xf5/0x240
[  105.225612][ T6750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.231530][ T6750] 
[  105.233890][ T6750] Memory state around the buggy address:
[  105.239544][ T6750]  ffff88807ccbc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  105.248448][ T6750]  ffff88807ccbc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.256517][ T6750] >ffff88807ccbc480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.264747][ T6750]                                            ^
[  105.270984][ T6750]  ffff88807ccbc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.279043][ T6750]  ffff88807ccbc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.287180][ T6750] ==================================================================
[  105.298685][ T6750] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  105.306098][ T6750] CPU: 1 PID: 6750 Comm: syz-executor.0 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0
[  105.316448][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  105.326800][ T6750] Call Trace:
[  105.330197][ T6750]  <TASK>
[  105.333219][ T6750]  dump_stack_lvl+0x241/0x360
[  105.338006][ T6750]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.343224][ T6750]  ? __pfx__printk+0x10/0x10
[  105.347905][ T6750]  ? preempt_schedule+0xe1/0xf0
[  105.352761][ T6750]  ? vscnprintf+0x5d/0x90
[  105.357374][ T6750]  panic+0x349/0x860
[  105.362018][ T6750]  ? check_panic_on_warn+0x21/0xb0
[  105.367128][ T6750]  ? __pfx_panic+0x10/0x10
[  105.371541][ T6750]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  105.377742][ T6750]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  105.384137][ T6750]  ? print_report+0x502/0x550
[  105.388851][ T6750]  check_panic_on_warn+0x86/0xb0
[  105.393831][ T6750]  ? taprio_dump+0x857/0xd50
[  105.398441][ T6750]  end_report+0x77/0x160
[  105.402687][ T6750]  kasan_report+0x154/0x180
[  105.407474][ T6750]  ? taprio_dump+0x857/0xd50
[  105.412238][ T6750]  taprio_dump+0x857/0xd50
[  105.416940][ T6750]  ? __alloc_skb+0x1f3/0x440
[  105.421621][ T6750]  ? __pfx_taprio_dump+0x10/0x10
[  105.426675][ T6750]  ? __asan_memcpy+0x40/0x70
[  105.431752][ T6750]  ? nla_put+0x131/0x1e0
[  105.435996][ T6750]  tc_fill_qdisc+0x6a9/0x1210
[  105.440691][ T6750]  ? __alloc_skb+0x1f3/0x440
[  105.445289][ T6750]  ? __pfx_tc_fill_qdisc+0x10/0x10
[  105.450408][ T6750]  ? __build_skb_around+0x245/0x3d0
[  105.456054][ T6750]  ? __pfx___alloc_skb+0x10/0x10
[  105.461608][ T6750]  qdisc_notify+0x2ec/0x4b0
[  105.466296][ T6750]  tc_modify_qdisc+0x1c58/0x1e40
[  105.471247][ T6750]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  105.476631][ T6750]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  105.481937][ T6750]  rtnetlink_rcv_msg+0x89b/0x10d0
[  105.486958][ T6750]  ? rtnetlink_rcv_msg+0x208/0x10d0
[  105.492162][ T6750]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  105.498742][ T6750]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  105.504381][ T6750]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  105.510369][ T6750]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  105.516778][ T6750]  ? __local_bh_enable_ip+0x168/0x200
[  105.522406][ T6750]  ? lockdep_hardirqs_on+0x99/0x150
[  105.527607][ T6750]  ? __local_bh_enable_ip+0x168/0x200
[  105.533274][ T6750]  ? dev_hard_start_xmit+0x773/0x7e0
[  105.538551][ T6750]  ? __dev_queue_xmit+0x2c7/0x3ca0
[  105.543829][ T6750]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  105.549741][ T6750]  ? __dev_queue_xmit+0x2c7/0x3ca0
[  105.554964][ T6750]  ? __dev_queue_xmit+0x1697/0x3ca0
[  105.560151][ T6750]  ? __dev_queue_xmit+0x2c7/0x3ca0
[  105.565256][ T6750]  ? ref_tracker_free+0x643/0x7e0
[  105.570283][ T6750]  netlink_rcv_skb+0x1e3/0x430
[  105.575061][ T6750]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  105.580691][ T6750]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  105.586411][ T6750]  ? netlink_deliver_tap+0x2e/0x1b0
[  105.591863][ T6750]  netlink_unicast+0x7ea/0x980
[  105.597713][ T6750]  ? __pfx_netlink_unicast+0x10/0x10
[  105.603192][ T6750]  ? __virt_addr_valid+0x44e/0x520
[  105.608393][ T6750]  ? __phys_addr_symbol+0x2f/0x70
[  105.613511][ T6750]  ? __check_object_size+0x4bc/0xa00
[  105.618878][ T6750]  ? bpf_lsm_netlink_send+0x9/0x10
[  105.623984][ T6750]  netlink_sendmsg+0x8e1/0xcb0
[  105.629195][ T6750]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.634682][ T6750]  ? __import_iovec+0x536/0x820
[  105.639932][ T6750]  ? aa_sock_msg_perm+0x91/0x160
[  105.644873][ T6750]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  105.650163][ T6750]  ? security_socket_sendmsg+0x87/0xb0
[  105.655796][ T6750]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.661075][ T6750]  __sock_sendmsg+0x221/0x270
[  105.665764][ T6750]  ____sys_sendmsg+0x525/0x7d0
[  105.670545][ T6750]  ? __pfx_____sys_sendmsg+0x10/0x10
[  105.675956][ T6750]  __sys_sendmsg+0x2b0/0x3a0
[  105.680572][ T6750]  ? __pfx___sys_sendmsg+0x10/0x10
[  105.685716][ T6750]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  105.692258][ T6750]  ? do_syscall_64+0x102/0x240
[  105.697134][ T6750]  ? do_syscall_64+0xb6/0x240
[  105.702072][ T6750]  do_syscall_64+0xf5/0x240
[  105.706602][ T6750]  ? clear_bhb_loop+0x35/0x90
[  105.711283][ T6750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.717445][ T6750] RIP: 0033:0x7fe67847de69
[  105.721969][ T6750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  105.741952][ T6750] RSP: 002b:00007fe6791be0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  105.750370][ T6750] RAX: ffffffffffffffda RBX: 00007fe6785abf80 RCX: 00007fe67847de69
[  105.758336][ T6750] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[  105.766304][ T6750] RBP: 00007fe6784ca47a R08: 0000000000000000 R09: 0000000000000000
[  105.775781][ T6750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.783843][ T6750] R13: 000000000000000b R14: 00007fe6785abf80 R15: 00007fff9a410bb8
[  105.791917][ T6750]  </TASK>
[  105.795311][ T6750] Kernel Offset: disabled
[  105.799806][ T6750] Rebooting in 86400 seconds..