441.867977][ T3762] netlink: 'syz-executor.0': attribute type 8 has an invalid length.
[ 441.900476][ T3764] netlink: 'syz-executor.0': attribute type 8 has an invalid length.
[ 441.932503][ T3766] netlink: 'syz-executor.0': attribute type 8 has an invalid length.
[ 441.963463][ T3768] netlink: 'syz-executor.0': attribute type 8 has an invalid length.
[ 441.995616][ T3770] netlink: 'syz-executor.0': attribute type 8 has an invalid length.
[ 444.518726][ T2890] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 444.577011][ T2890] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 444.637809][ T2890] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 444.711681][ T2890] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 444.846748][ T2890] bridge_slave_1: left allmulticast mode
[ 444.863116][ T2890] bridge_slave_1: left promiscuous mode
[ 444.868940][ T2890] bridge0: port 2(bridge_slave_1) entered disabled state
[ 444.900593][ T2890] bridge_slave_0: left allmulticast mode
[ 444.907854][ T2890] bridge_slave_0: left promiscuous mode
[ 444.915366][ T2890] bridge0: port 1(bridge_slave_0) entered disabled state
[ 445.269568][ T2890] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 445.286953][ T2890] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 445.299241][ T2890] bond0 (unregistering): Released all slaves
[ 445.636241][ T2890] hsr_slave_0: left promiscuous mode
[ 445.662018][ T2890] hsr_slave_1: left promiscuous mode
[ 445.675704][ T2890] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 445.702960][ T2890] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 445.724191][ T2890] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 445.732335][ T2890] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 445.777339][ T2890] veth1_macvtap: left promiscuous mode
[ 445.784042][ T2890] veth0_macvtap: left promiscuous mode
[ 445.789725][ T2890] veth1_vlan: left promiscuous mode
[ 445.796339][ T2890] veth0_vlan: left promiscuous mode
[ 446.203274][ T2890] team0 (unregistering): Port device team_slave_1 removed
[ 446.228223][ T2890] team0 (unregistering): Port device team_slave_0 removed
Warning: Permanently added '10.128.1.202' (ED25519) to the list of known hosts.
[ 447.486456][ T4045] chnl_net:caif_netlink_parms(): no params data found
[ 447.547403][ T4045] bridge0: port 1(bridge_slave_0) entered blocking state
[ 447.555130][ T4045] bridge0: port 1(bridge_slave_0) entered disabled state
[ 447.562487][ T4045] bridge_slave_0: entered allmulticast mode
[ 447.570049][ T4045] bridge_slave_0: entered promiscuous mode
[ 447.579554][ T4045] bridge0: port 2(bridge_slave_1) entered blocking state
[ 447.588384][ T4045] bridge0: port 2(bridge_slave_1) entered disabled state
[ 447.595883][ T4045] bridge_slave_1: entered allmulticast mode
[ 447.602613][ T4045] bridge_slave_1: entered promiscuous mode
[ 447.633602][ T4045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 447.646550][ T4045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 447.689176][ T4045] team0: Port device team_slave_0 added
[ 447.700835][ T4045] team0: Port device team_slave_1 added
[ 447.738736][ T4045] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 447.745853][ T4045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 447.775240][ T4045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 447.789311][ T4045] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 447.797996][ T4045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 447.826907][ T4045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 447.879335][ T4045] hsr_slave_0: entered promiscuous mode
[ 447.886921][ T4045] hsr_slave_1: entered promiscuous mode
[ 448.451314][ T4045] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 448.462745][ T4045] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 448.474467][ T4045] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 448.487063][ T4045] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 448.614826][ T4045] 8021q: adding VLAN 0 to HW filter on device bond0
[ 448.640788][ T4045] 8021q: adding VLAN 0 to HW filter on device team0
[ 448.656229][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 448.663702][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 448.695662][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 448.702883][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 448.741759][ T4045] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 448.752552][ T4045] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 448.799855][ T4045] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 448.851114][ T4045] veth0_vlan: entered promiscuous mode
[ 448.868957][ T4045] veth1_vlan: entered promiscuous mode
[ 448.909186][ T4045] veth0_macvtap: entered promiscuous mode
[ 448.921298][ T4045] veth1_macvtap: entered promiscuous mode
[ 448.946877][ T4045] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 448.966178][ T4045] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 448.980165][ T4045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 448.992489][ T4045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 449.001397][ T4045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 449.013566][ T4045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 449.151256][ T4101] validate_nla: 97 callbacks suppressed
[ 449.151274][ T4101] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.181129][ T4107] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.201094][ T4109] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.225019][ T4110] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.247733][ T4112] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.272384][ T4113] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.298668][ T4115] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.321269][ T4116] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.345267][ T4118] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 449.369884][ T4121] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.158009][ T4693] validate_nla: 471 callbacks suppressed
[ 454.158022][ T4693] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.184238][ T4694] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.201281][ T4695] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.221008][ T4696] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.237511][ T4697] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.254625][ T4698] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.271259][ T4699] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.289470][ T4700] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.305618][ T4701] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 454.322074][ T4702] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.166841][ T5331] validate_nla: 611 callbacks suppressed
[ 459.166853][ T5331] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.191784][ T5332] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.209454][ T5333] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.225825][ T5334] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.242347][ T5335] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.259657][ T5336] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.276640][ T5337] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.293568][ T5338] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.309673][ T5339] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 459.330460][ T5340] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.179754][ T5958] validate_nla: 617 callbacks suppressed
[ 464.179766][ T5958] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.203952][ T5959] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.219470][ T5960] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.238553][ T5961] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.255405][ T5962] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.272191][ T5963] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.289858][ T5964] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.306446][ T5965] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.323585][ T5966] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 464.340413][ T5967] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.189557][ T6584] validate_nla: 616 callbacks suppressed
[ 469.189584][ T6584] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.211711][ T6585] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.229407][ T6586] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.245965][ T6587] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.262039][ T6588] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.278229][ T6589] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.293929][ T6590] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.311243][ T6591] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.331749][ T6592] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 469.348790][ T6593] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.194386][ T7220] validate_nla: 626 callbacks suppressed
[ 474.194399][ T7220] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.219472][ T7221] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.236485][ T7222] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.252457][ T7223] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.269642][ T7224] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.286732][ T7225] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.302931][ T7226] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.320177][ T7227] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.338197][ T7228] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 474.354604][ T7229] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.211280][ T7853] validate_nla: 623 callbacks suppressed
[ 479.211292][ T7853] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.236592][ T7854] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.254292][ T7855] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.270626][ T7856] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.287650][ T7857] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.305016][ T7858] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.322084][ T7859] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.339358][ T7860] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.356777][ T7861] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 479.372322][ T7862] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.215192][ T8477] validate_nla: 612 callbacks suppressed
[ 484.215219][ T8477] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.238548][ T8478] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.257501][ T8479] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.273444][ T8480] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.290802][ T8481] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.307026][ T8482] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.324024][ T8483] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.340979][ T8484] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.356676][ T8485] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 484.373233][ T8486] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.229371][ T9108] validate_nla: 617 callbacks suppressed
[ 489.229384][ T9108] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.251188][ T9109] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.268899][ T9110] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.287086][ T9111] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.302766][ T9112] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.319839][ T9113] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.336545][ T9114] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.353082][ T9115] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.370235][ T9116] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 489.387543][ T9117] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.238747][ T9735] validate_nla: 617 callbacks suppressed
[ 494.238760][ T9735] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.261829][ T9736] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.281472][ T9737] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.300026][ T9738] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.316175][ T9739] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.334370][ T9740] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.350282][ T9741] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.367477][ T9742] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.384862][ T9743] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 494.402342][ T9744] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.243516][T10364] validate_nla: 619 callbacks suppressed
[ 499.243534][T10364] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.266095][T10365] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.282728][T10366] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.298862][T10367] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.315321][T10368] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.331827][T10369] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.349651][T10370] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.366633][T10371] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.384369][T10372] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 499.402097][T10373] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 501.966244][ T1243] ieee802154 phy0 wpan0: encryption failed: -22
[ 501.974109][ T1243] ieee802154 phy1 wpan1: encryption failed: -22
[ 504.254908][T10994] validate_nla: 620 callbacks suppressed
[ 504.254935][T10994] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.277026][T10995] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.293545][T10996] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.309807][T10997] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.326581][T10998] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.343049][T10999] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.360737][T11000] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.378110][T11001] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.394135][T11002] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 504.410946][T11003] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.268371][T11605] validate_nla: 601 callbacks suppressed
[ 509.268385][T11605] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.292701][T11606] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.310523][T11607] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.328161][T11608] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.345587][T11609] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.361512][T11610] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.378435][T11611] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.395858][T11612] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.414560][T11613] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 509.430071][T11614] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.275684][T12231] validate_nla: 616 callbacks suppressed
[ 514.275711][T12231] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.298463][T12232] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.315893][T12233] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.331839][T12234] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.349856][T12235] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.367265][T12236] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.383681][T12237] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.400559][T12238] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.417532][T12239] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 514.435648][T12240] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.290501][T12858] validate_nla: 617 callbacks suppressed
[ 519.290531][T12858] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.314602][T12859] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.331515][T12860] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.349261][T12861] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.366022][T12862] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.383808][T12863] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.401432][T12864] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.419193][T12865] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.435916][T12866] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 519.451944][T12867] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.298363][T13487] validate_nla: 619 callbacks suppressed
[ 524.298392][T13487] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.320357][T13488] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.338868][T13489] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.357255][T13490] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.375342][T13491] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.390900][T13492] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.407702][T13493] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.424343][T13494] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.440168][T13495] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 524.459558][T13496] netlink: 'syz-executor238': attribute type 8 has an invalid length.
[ 526.175378][T13715] ==================================================================
[ 526.183488][T13715] BUG: KASAN: slab-use-after-free in taprio_dump+0x857/0xd50
[ 526.190869][T13715] Read of size 4 at addr ffff888070109cec by task syz-executor238/13715
[ 526.199210][T13715]
[ 526.201553][T13715] CPU: 0 PID: 13715 Comm: syz-executor238 Not tainted 6.10.0-rc4-syzkaller-00198-gbab4923132fe #0
[ 526.212239][T13715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 526.222477][T13715] Call Trace:
[ 526.225772][T13715]
[ 526.228692][T13715] dump_stack_lvl+0x241/0x360
[ 526.233470][T13715] ? __pfx_dump_stack_lvl+0x10/0x10
[ 526.238781][T13715] ? __pfx__printk+0x10/0x10
[ 526.243475][T13715] ? _printk+0xd5/0x120
[ 526.247628][T13715] ? __virt_addr_valid+0x183/0x520
[ 526.252738][T13715] ? __virt_addr_valid+0x183/0x520
[ 526.257939][T13715] print_report+0x169/0x550
[ 526.262633][T13715] ? __virt_addr_valid+0x183/0x520
[ 526.267746][T13715] ? __virt_addr_valid+0x183/0x520
[ 526.272865][T13715] ? __virt_addr_valid+0x44e/0x520
[ 526.278099][T13715] ? __phys_addr+0xba/0x170
[ 526.282700][T13715] ? taprio_dump+0x857/0xd50
[ 526.287392][T13715] kasan_report+0x143/0x180
[ 526.291922][T13715] ? nla_put+0x2b/0x1e0
[ 526.296113][T13715] ? taprio_dump+0x857/0xd50
[ 526.300706][T13715] taprio_dump+0x857/0xd50
[ 526.305117][T13715] ? __alloc_skb+0x1f3/0x440
[ 526.309708][T13715] ? __pfx_taprio_dump+0x10/0x10
[ 526.314658][T13715] ? __asan_memcpy+0x40/0x70
[ 526.319340][T13715] ? nla_put+0x131/0x1e0
[ 526.323631][T13715] tc_fill_qdisc+0x6a7/0x11f0
[ 526.328307][T13715] ? rcu_is_watching+0x15/0xb0
[ 526.333175][T13715] ? kmalloc_node_track_caller_noprof+0x242/0x440
[ 526.339805][T13715] ? __pfx_tc_fill_qdisc+0x10/0x10
[ 526.344933][T13715] ? __build_skb_around+0x245/0x3d0
[ 526.350143][T13715] ? __pfx___alloc_skb+0x10/0x10
[ 526.355073][T13715] qdisc_notify+0x2ec/0x4b0
[ 526.359568][T13715] tc_modify_qdisc+0x1c58/0x1e40
[ 526.364541][T13715] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 526.369845][T13715] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 526.375158][T13715] rtnetlink_rcv_msg+0x89b/0x1180
[ 526.380204][T13715] ? rtnetlink_rcv_msg+0x208/0x1180
[ 526.385423][T13715] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 526.391208][T13715] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 526.397374][T13715] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 526.403718][T13715] ? __local_bh_enable_ip+0x168/0x200
[ 526.409097][T13715] ? lockdep_hardirqs_on+0x99/0x150
[ 526.414309][T13715] ? __local_bh_enable_ip+0x168/0x200
[ 526.419672][T13715] ? dev_hard_start_xmit+0x773/0x7e0
[ 526.424972][T13715] ? __dev_queue_xmit+0x2d2/0x3d30
[ 526.430187][T13715] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 526.436159][T13715] ? __dev_queue_xmit+0x2d2/0x3d30
[ 526.441287][T13715] ? __dev_queue_xmit+0x16c9/0x3d30
[ 526.446596][T13715] ? __dev_queue_xmit+0x2d2/0x3d30
[ 526.451745][T13715] ? ref_tracker_free+0x643/0x7e0
[ 526.456765][T13715] netlink_rcv_skb+0x1e3/0x430
[ 526.461526][T13715] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 526.466991][T13715] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 526.472287][T13715] ? netlink_deliver_tap+0x2e/0x1b0
[ 526.477487][T13715] netlink_unicast+0x7ea/0x980
[ 526.482246][T13715] ? __pfx_netlink_unicast+0x10/0x10
[ 526.487606][T13715] ? __virt_addr_valid+0x183/0x520
[ 526.492707][T13715] ? __check_object_size+0x49c/0x900
[ 526.498071][T13715] ? bpf_lsm_netlink_send+0x9/0x10
[ 526.503175][T13715] netlink_sendmsg+0x8db/0xcb0
[ 526.508021][T13715] ? __pfx_netlink_sendmsg+0x10/0x10
[ 526.513303][T13715] ? __import_iovec+0x536/0x820
[ 526.518157][T13715] ? aa_sock_msg_perm+0x91/0x160
[ 526.523189][T13715] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 526.528462][T13715] ? security_socket_sendmsg+0x87/0xb0
[ 526.533934][T13715] ? __pfx_netlink_sendmsg+0x10/0x10
[ 526.539246][T13715] __sock_sendmsg+0x221/0x270
[ 526.543938][T13715] ____sys_sendmsg+0x525/0x7d0
[ 526.548703][T13715] ? __pfx_____sys_sendmsg+0x10/0x10
[ 526.553994][T13715] __sys_sendmsg+0x2b0/0x3a0
[ 526.558700][T13715] ? __pfx___sys_sendmsg+0x10/0x10
[ 526.564015][T13715] ? rcu_read_lock_sched_held+0x8d/0x130
[ 526.569679][T13715] ? fd_install+0x9c/0x5d0
[ 526.574107][T13715] ? fd_install+0x9c/0x5d0
[ 526.578519][T13715] ? fd_install+0x35c/0x5d0
[ 526.583207][T13715] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 526.589548][T13715] ? do_syscall_64+0x100/0x230
[ 526.594410][T13715] ? do_syscall_64+0xb6/0x230
[ 526.599097][T13715] do_syscall_64+0xf3/0x230
[ 526.603619][T13715] ? clear_bhb_loop+0x35/0x90
[ 526.608317][T13715] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 526.614257][T13715] RIP: 0033:0x7f68dcda5c29
[ 526.618692][T13715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 526.638406][T13715] RSP: 002b:00007ffd2a3f4df8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 526.646904][T13715] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f68dcda5c29
[ 526.654877][T13715] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 526.662847][T13715] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000100000000
[ 526.670853][T13715] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2a3f4e50
[ 526.678923][T13715] R13: 0000000000080732 R14: 00007ffd2a3f4e1c R15: 0000000000000003
[ 526.686890][T13715]
[ 526.689893][T13715]
[ 526.692194][T13715] Allocated by task 13714:
[ 526.696623][T13715] kasan_save_track+0x3f/0x80
[ 526.701375][T13715] __kasan_kmalloc+0x98/0xb0
[ 526.705952][T13715] kmalloc_trace_noprof+0x19c/0x2c0
[ 526.711309][T13715] taprio_change+0x1037/0x4430
[ 526.716101][T13715] tc_modify_qdisc+0x190d/0x1e40
[ 526.721374][T13715] rtnetlink_rcv_msg+0x89b/0x1180
[ 526.726573][T13715] netlink_rcv_skb+0x1e3/0x430
[ 526.731442][T13715] netlink_unicast+0x7ea/0x980
[ 526.736289][T13715] netlink_sendmsg+0x8db/0xcb0
[ 526.741155][T13715] __sock_sendmsg+0x221/0x270
[ 526.745927][T13715] ____sys_sendmsg+0x525/0x7d0
[ 526.750788][T13715] __sys_sendmsg+0x2b0/0x3a0
[ 526.755464][T13715] do_syscall_64+0xf3/0x230
[ 526.760128][T13715] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 526.766067][T13715]
[ 526.768469][T13715] Freed by task 16:
[ 526.772378][T13715] kasan_save_track+0x3f/0x80
[ 526.777069][T13715] kasan_save_free_info+0x40/0x50
[ 526.782172][T13715] poison_slab_object+0xe0/0x150
[ 526.787194][T13715] __kasan_slab_free+0x37/0x60
[ 526.792043][T13715] kfree+0x149/0x360
[ 526.795945][T13715] rcu_core+0xafd/0x1830
[ 526.800182][T13715] handle_softirqs+0x2c4/0x970
[ 526.804928][T13715] run_ksoftirqd+0xca/0x130
[ 526.809476][T13715] smpboot_thread_fn+0x544/0xa30
[ 526.814421][T13715] kthread+0x2f0/0x390
[ 526.818568][T13715] ret_from_fork+0x4b/0x80
[ 526.822973][T13715] ret_from_fork_asm+0x1a/0x30
[ 526.827809][T13715]
[ 526.830114][T13715] Last potentially related work creation:
[ 526.836007][T13715] kasan_save_stack+0x3f/0x60
[ 526.840684][T13715] __kasan_record_aux_stack+0xac/0xc0
[ 526.846059][T13715] call_rcu+0x167/0xa70
[ 526.850304][T13715] advance_sched+0x940/0xca0
[ 526.854889][T13715] __hrtimer_run_queues+0x59b/0xd50
[ 526.860079][T13715] hrtimer_interrupt+0x396/0x990
[ 526.865024][T13715] __sysvec_apic_timer_interrupt+0x110/0x3f0
[ 526.871010][T13715] sysvec_apic_timer_interrupt+0xa1/0xc0
[ 526.876697][T13715] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 526.882686][T13715]
[ 526.885011][T13715] The buggy address belongs to the object at ffff888070109c00
[ 526.885011][T13715] which belongs to the cache kmalloc-512 of size 512
[ 526.899077][T13715] The buggy address is located 236 bytes inside of
[ 526.899077][T13715] freed 512-byte region [ffff888070109c00, ffff888070109e00)
[ 526.912962][T13715]
[ 526.915285][T13715] The buggy address belongs to the physical page:
[ 526.921708][T13715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x70108
[ 526.930643][T13715] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 526.939476][T13715] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 526.947051][T13715] page_type: 0xffffefff(slab)
[ 526.951739][T13715] raw: 00fff00000000040 ffff888015041c80 dead000000000100 dead000000000122
[ 526.960317][T13715] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[ 526.968894][T13715] head: 00fff00000000040 ffff888015041c80 dead000000000100 dead000000000122
[ 526.977571][T13715] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[ 526.986317][T13715] head: 00fff00000000002 ffffea0001c04201 ffffffffffffffff 0000000000000000
[ 526.995001][T13715] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 527.003756][T13715] page dumped because: kasan: bad access detected
[ 527.010169][T13715] page_owner tracks the page as allocated
[ 527.015900][T13715] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4203, tgid 4203 (syz-executor238), ts 450115413145, free_ts 86328962053
[ 527.039179][T13715] post_alloc_hook+0x1f3/0x230
[ 527.044124][T13715] get_page_from_freelist+0x2e43/0x2f00
[ 527.049662][T13715] __alloc_pages_noprof+0x256/0x6c0
[ 527.054861][T13715] alloc_slab_page+0x5f/0x120
[ 527.059725][T13715] allocate_slab+0x5a/0x2f0
[ 527.064215][T13715] ___slab_alloc+0xcd1/0x14b0
[ 527.068903][T13715] __slab_alloc+0x58/0xa0
[ 527.073225][T13715] kmalloc_trace_noprof+0x1d5/0x2c0
[ 527.078525][T13715] parse_taprio_schedule+0x54f/0x16c0
[ 527.083986][T13715] taprio_change+0x1938/0x4430
[ 527.088735][T13715] tc_modify_qdisc+0x190d/0x1e40
[ 527.093666][T13715] rtnetlink_rcv_msg+0x89b/0x1180
[ 527.098718][T13715] netlink_rcv_skb+0x1e3/0x430
[ 527.103488][T13715] netlink_unicast+0x7ea/0x980
[ 527.108267][T13715] netlink_sendmsg+0x8db/0xcb0
[ 527.113118][T13715] __sock_sendmsg+0x221/0x270
[ 527.117810][T13715] page last free pid 5394 tgid 5394 stack trace:
[ 527.124129][T13715] free_unref_page+0xd22/0xea0
[ 527.128895][T13715] __slab_free+0x31b/0x3d0
[ 527.133314][T13715] qlist_free_all+0x9e/0x140
[ 527.137931][T13715] kasan_quarantine_reduce+0x14f/0x170
[ 527.143493][T13715] __kasan_slab_alloc+0x23/0x80
[ 527.148336][T13715] kmem_cache_alloc_noprof+0x135/0x2a0
[ 527.153887][T13715] getname_flags+0xbd/0x4f0
[ 527.158407][T13715] __x64_sys_unlink+0x3c/0x60
[ 527.163086][T13715] do_syscall_64+0xf3/0x230
[ 527.167586][T13715] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 527.173523][T13715]
[ 527.176016][T13715] Memory state around the buggy address:
[ 527.181829][T13715] ffff888070109b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 527.189902][T13715] ffff888070109c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 527.197964][T13715] >ffff888070109c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 527.206105][T13715] ^
[ 527.213657][T13715] ffff888070109d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 527.221789][T13715] ffff888070109d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 527.229860][T13715] ==================================================================
[ 527.272646][T13715] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 527.279902][T13715] CPU: 1 PID: 13715 Comm: syz-executor238 Not tainted 6.10.0-rc4-syzkaller-00198-gbab4923132fe #0
[ 527.290588][T13715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 527.300650][T13715] Call Trace:
[ 527.303927][T13715]
[ 527.306868][T13715] dump_stack_lvl+0x241/0x360
[ 527.311650][T13715] ? __pfx_dump_stack_lvl+0x10/0x10
[ 527.316853][T13715] ? __pfx__printk+0x10/0x10
[ 527.321621][T13715] ? preempt_schedule+0xe1/0xf0
[ 527.326528][T13715] ? vscnprintf+0x5d/0x90
[ 527.331032][T13715] panic+0x349/0x860
[ 527.334929][T13715] ? check_panic_on_warn+0x21/0xb0
[ 527.340072][T13715] ? __pfx_panic+0x10/0x10
[ 527.344518][T13715] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 527.350514][T13715] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 527.356964][T13715] ? print_report+0x502/0x550
[ 527.361721][T13715] check_panic_on_warn+0x86/0xb0
[ 527.366864][T13715] ? taprio_dump+0x857/0xd50
[ 527.371482][T13715] end_report+0x77/0x160
[ 527.375767][T13715] kasan_report+0x154/0x180
[ 527.380348][T13715] ? nla_put+0x2b/0x1e0
[ 527.384520][T13715] ? taprio_dump+0x857/0xd50
[ 527.389134][T13715] taprio_dump+0x857/0xd50
[ 527.393577][T13715] ? __alloc_skb+0x1f3/0x440
[ 527.398187][T13715] ? __pfx_taprio_dump+0x10/0x10
[ 527.403323][T13715] ? __asan_memcpy+0x40/0x70
[ 527.407921][T13715] ? nla_put+0x131/0x1e0
[ 527.412197][T13715] tc_fill_qdisc+0x6a7/0x11f0
[ 527.416898][T13715] ? rcu_is_watching+0x15/0xb0
[ 527.421673][T13715] ? kmalloc_node_track_caller_noprof+0x242/0x440
[ 527.428102][T13715] ? __pfx_tc_fill_qdisc+0x10/0x10
[ 527.433219][T13715] ? __build_skb_around+0x245/0x3d0
[ 527.438429][T13715] ? __pfx___alloc_skb+0x10/0x10
[ 527.443376][T13715] qdisc_notify+0x2ec/0x4b0
[ 527.447981][T13715] tc_modify_qdisc+0x1c58/0x1e40
[ 527.452949][T13715] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 527.458466][T13715] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 527.463825][T13715] rtnetlink_rcv_msg+0x89b/0x1180
[ 527.468895][T13715] ? rtnetlink_rcv_msg+0x208/0x1180
[ 527.474249][T13715] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 527.479821][T13715] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 527.486003][T13715] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 527.492349][T13715] ? __local_bh_enable_ip+0x168/0x200
[ 527.497730][T13715] ? lockdep_hardirqs_on+0x99/0x150
[ 527.503038][T13715] ? __local_bh_enable_ip+0x168/0x200
[ 527.508485][T13715] ? dev_hard_start_xmit+0x773/0x7e0
[ 527.513778][T13715] ? __dev_queue_xmit+0x2d2/0x3d30
[ 527.519070][T13715] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 527.524789][T13715] ? __dev_queue_xmit+0x2d2/0x3d30
[ 527.529938][T13715] ? __dev_queue_xmit+0x16c9/0x3d30
[ 527.535167][T13715] ? __dev_queue_xmit+0x2d2/0x3d30
[ 527.540285][T13715] ? ref_tracker_free+0x643/0x7e0
[ 527.545404][T13715] netlink_rcv_skb+0x1e3/0x430
[ 527.550177][T13715] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 527.555642][T13715] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 527.560951][T13715] ? netlink_deliver_tap+0x2e/0x1b0
[ 527.566506][T13715] netlink_unicast+0x7ea/0x980
[ 527.571279][T13715] ? __pfx_netlink_unicast+0x10/0x10
[ 527.576563][T13715] ? __virt_addr_valid+0x183/0x520
[ 527.581774][T13715] ? __check_object_size+0x49c/0x900
[ 527.587063][T13715] ? bpf_lsm_netlink_send+0x9/0x10
[ 527.592263][T13715] netlink_sendmsg+0x8db/0xcb0
[ 527.597054][T13715] ? __pfx_netlink_sendmsg+0x10/0x10
[ 527.602364][T13715] ? __import_iovec+0x536/0x820
[ 527.607229][T13715] ? aa_sock_msg_perm+0x91/0x160
[ 527.612174][T13715] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 527.617489][T13715] ? security_socket_sendmsg+0x87/0xb0
[ 527.622953][T13715] ? __pfx_netlink_sendmsg+0x10/0x10
[ 527.628241][T13715] __sock_sendmsg+0x221/0x270
[ 527.632938][T13715] ____sys_sendmsg+0x525/0x7d0
[ 527.637887][T13715] ? __pfx_____sys_sendmsg+0x10/0x10
[ 527.643188][T13715] __sys_sendmsg+0x2b0/0x3a0
[ 527.647960][T13715] ? __pfx___sys_sendmsg+0x10/0x10
[ 527.653108][T13715] ? rcu_read_lock_sched_held+0x8d/0x130
[ 527.659101][T13715] ? fd_install+0x9c/0x5d0
[ 527.663520][T13715] ? fd_install+0x9c/0x5d0
[ 527.668197][T13715] ? fd_install+0x35c/0x5d0
[ 527.672705][T13715] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 527.679217][T13715] ? do_syscall_64+0x100/0x230
[ 527.684077][T13715] ? do_syscall_64+0xb6/0x230
[ 527.688856][T13715] do_syscall_64+0xf3/0x230
[ 527.693368][T13715] ? clear_bhb_loop+0x35/0x90
[ 527.698188][T13715] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 527.704235][T13715] RIP: 0033:0x7f68dcda5c29
[ 527.708738][T13715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 527.728362][T13715] RSP: 002b:00007ffd2a3f4df8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 527.736818][T13715] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f68dcda5c29
[ 527.744895][T13715] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 527.752885][T13715] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000100000000
[ 527.760967][T13715] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2a3f4e50
[ 527.769206][T13715] R13: 0000000000080732 R14: 00007ffd2a3f4e1c R15: 0000000000000003
[ 527.777212][T13715]
[ 527.780594][T13715] Kernel Offset: disabled
[ 527.784926][T13715] Rebooting in 86400 seconds..