[   71.755219][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[   71.770830][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '10.128.1.177' (ED25519) to the list of known hosts.
2024/11/05 20:38:56 ignoring optional flag "sandboxArg"="0"
2024/11/05 20:38:56 ignoring optional flag "type"="gce"
2024/11/05 20:38:56 parsed 1 programs
[   76.878521][   T25] cfg80211: failed to load regulatory.db
2024/11/05 20:38:58 executed programs: 0
[   76.986932][ T5399] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   77.032043][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.042776][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.050489][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.060333][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.068175][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.075697][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.166210][ T5407] chnl_net:caif_netlink_parms(): no params data found
[   77.207988][ T5407] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.215361][ T5407] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.223032][ T5407] bridge_slave_0: entered allmulticast mode
[   77.229595][ T5407] bridge_slave_0: entered promiscuous mode
[   77.237322][ T5407] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.244734][ T5407] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.252039][ T5407] bridge_slave_1: entered allmulticast mode
[   77.258591][ T5407] bridge_slave_1: entered promiscuous mode
[   77.279378][ T5407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.290186][ T5407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.312670][ T5407] team0: Port device team_slave_0 added
[   77.321030][ T5407] team0: Port device team_slave_1 added
[   77.337940][ T5407] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.345178][ T5407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.371654][ T5407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.384375][ T5407] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.391685][ T5407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.418029][ T5407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.446174][ T5407] hsr_slave_0: entered promiscuous mode
[   77.452505][ T5407] hsr_slave_1: entered promiscuous mode
[   77.887513][ T5407] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.898288][ T5407] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.909432][ T5407] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.919564][ T5407] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.947757][ T5407] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.955057][ T5407] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.962611][ T5407] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.969846][ T5407] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.030098][ T5407] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.047752][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.055967][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.072279][ T5407] 8021q: adding VLAN 0 to HW filter on device team0
[   78.088144][ T2778] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.095335][ T2778] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.110272][ T2778] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.117473][ T2778] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.316080][ T5407] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.362019][ T5407] veth0_vlan: entered promiscuous mode
[   78.376266][ T5407] veth1_vlan: entered promiscuous mode
[   78.407962][ T5407] veth0_macvtap: entered promiscuous mode
[   78.418248][ T5407] veth1_macvtap: entered promiscuous mode
[   78.437343][ T5407] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.452919][ T5407] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.465831][ T5407] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.478151][ T5407] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.486979][ T5407] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.497997][ T5407] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.572895][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.581436][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.613626][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.624460][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.680637][ T5472] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   78.787980][ T5478] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   78.834340][ T5483] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   78.884775][ T5486] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   78.933989][ T5489] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   78.972752][ T5493] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   79.006348][ T5496] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   79.067786][ T5500] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   79.104887][ T5503] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   79.115339][ T4497] Bluetooth: hci0: command tx timeout
[   79.175292][ T5507] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   81.191186][ T4497] Bluetooth: hci0: command tx timeout
2024/11/05 20:39:03 executed programs: 116
[   83.272739][ T4497] Bluetooth: hci0: command tx timeout
[   83.690330][ T6057] __nla_validate_parse: 184 callbacks suppressed
[   83.690349][ T6057] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.726263][ T6060] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.758979][ T6063] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.794131][ T6066] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.823328][ T6069] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.862669][ T6073] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.892740][ T6077] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.933492][ T6082] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.964578][ T6084] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   83.994413][ T6088] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   85.351752][ T4497] Bluetooth: hci0: command tx timeout
2024/11/05 20:39:08 executed programs: 374
[   88.692815][ T6769] __nla_validate_parse: 299 callbacks suppressed
[   88.692830][ T6769] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.720547][ T6771] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.742585][ T6773] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.764382][ T6775] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.786343][ T6777] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.809224][ T6779] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.833335][ T6781] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.855857][ T6783] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.880350][ T6785] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.903817][ T6787] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
2024/11/05 20:39:13 executed programs: 748
[   93.708028][ T7527] __nla_validate_parse: 365 callbacks suppressed
[   93.708040][ T7527] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.736741][ T7529] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.758870][ T7531] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.780414][ T7533] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.805515][ T7535] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.828744][ T7537] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.853996][ T7539] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.876737][ T7541] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.898237][ T7543] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   93.920468][ T7545] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   95.143922][ T7739] ==================================================================
[   95.152032][ T7739] BUG: KASAN: slab-use-after-free in taprio_dump+0x857/0xd50
[   95.159448][ T7739] Read of size 4 at addr ffff8880774444c0 by task syz-executor.0/7739
[   95.167586][ T7739] 
[   95.169911][ T7739] CPU: 0 UID: 0 PID: 7739 Comm: syz-executor.0 Not tainted 6.12.0-rc3-syzkaller-00163-g8a7d12d674ac #0
[   95.181025][ T7739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   95.191090][ T7739] Call Trace:
[   95.194386][ T7739]  <TASK>
[   95.197323][ T7739]  dump_stack_lvl+0x241/0x360
[   95.202019][ T7739]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.207299][ T7739]  ? __pfx__printk+0x10/0x10
[   95.211883][ T7739]  ? _printk+0xd5/0x120
[   95.216028][ T7739]  ? __virt_addr_valid+0x183/0x530
[   95.221128][ T7739]  ? __virt_addr_valid+0x183/0x530
[   95.226331][ T7739]  print_report+0x169/0x550
[   95.230932][ T7739]  ? __virt_addr_valid+0x183/0x530
[   95.236043][ T7739]  ? __virt_addr_valid+0x183/0x530
[   95.241260][ T7739]  ? __virt_addr_valid+0x45f/0x530
[   95.246642][ T7739]  ? __phys_addr+0xba/0x170
[   95.251351][ T7739]  ? taprio_dump+0x857/0xd50
[   95.256055][ T7739]  kasan_report+0x143/0x180
[   95.260576][ T7739]  ? taprio_dump+0x857/0xd50
[   95.265283][ T7739]  taprio_dump+0x857/0xd50
[   95.269714][ T7739]  ? __alloc_skb+0x1f3/0x440
[   95.274497][ T7739]  ? __pfx_taprio_dump+0x10/0x10
[   95.279470][ T7739]  ? __asan_memcpy+0x40/0x70
[   95.284144][ T7739]  ? nla_put+0x131/0x1e0
[   95.288390][ T7739]  tc_fill_qdisc+0x6a7/0x11f0
[   95.293063][ T7739]  ? rcu_is_watching+0x15/0xb0
[   95.297839][ T7739]  ? __kmalloc_node_track_caller_noprof+0x242/0x440
[   95.304428][ T7739]  ? __pfx_tc_fill_qdisc+0x10/0x10
[   95.309621][ T7739]  ? __build_skb_around+0x245/0x3d0
[   95.314822][ T7739]  ? __pfx___alloc_skb+0x10/0x10
[   95.319774][ T7739]  qdisc_notify+0x2ec/0x4b0
[   95.324277][ T7739]  tc_modify_qdisc+0x1c58/0x1e40
[   95.329222][ T7739]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   95.334501][ T7739]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   95.339785][ T7739]  rtnetlink_rcv_msg+0x73f/0xcf0
[   95.344731][ T7739]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[   95.349858][ T7739]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   95.355317][ T7739]  ? ref_tracker_free+0x643/0x7e0
[   95.360338][ T7739]  netlink_rcv_skb+0x1e3/0x430
[   95.365095][ T7739]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   95.370545][ T7739]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   95.375831][ T7739]  ? netlink_deliver_tap+0x2e/0x1b0
[   95.381109][ T7739]  netlink_unicast+0x7f6/0x990
[   95.385889][ T7739]  ? __pfx_netlink_unicast+0x10/0x10
[   95.391179][ T7739]  ? __virt_addr_valid+0x183/0x530
[   95.396395][ T7739]  ? __check_object_size+0x48e/0x900
[   95.401704][ T7739]  netlink_sendmsg+0x8e4/0xcb0
[   95.406468][ T7739]  ? __pfx_netlink_sendmsg+0x10/0x10
[   95.411777][ T7739]  ? aa_sock_msg_perm+0x91/0x160
[   95.416756][ T7739]  ? __pfx_netlink_sendmsg+0x10/0x10
[   95.422061][ T7739]  __sock_sendmsg+0x221/0x270
[   95.426736][ T7739]  ____sys_sendmsg+0x52a/0x7e0
[   95.431496][ T7739]  ? __pfx_____sys_sendmsg+0x10/0x10
[   95.436779][ T7739]  __sys_sendmsg+0x292/0x380
[   95.441378][ T7739]  ? __pfx___sys_sendmsg+0x10/0x10
[   95.446494][ T7739]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   95.452830][ T7739]  ? do_syscall_64+0x100/0x230
[   95.457682][ T7739]  ? do_syscall_64+0xb6/0x230
[   95.462352][ T7739]  do_syscall_64+0xf3/0x230
[   95.466848][ T7739]  ? clear_bhb_loop+0x35/0x90
[   95.471527][ T7739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.477443][ T7739] RIP: 0033:0x7fb320c7de69
[   95.481856][ T7739] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   95.501465][ T7739] RSP: 002b:00007fb3219990c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   95.509883][ T7739] RAX: ffffffffffffffda RBX: 00007fb320dabf80 RCX: 00007fb320c7de69
[   95.517855][ T7739] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[   95.525819][ T7739] RBP: 00007fb320cca47a R08: 0000000000000000 R09: 0000000000000000
[   95.533883][ T7739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   95.541865][ T7739] R13: 000000000000000b R14: 00007fb320dabf80 R15: 00007fff29f54758
[   95.549838][ T7739]  </TASK>
[   95.552872][ T7739] 
[   95.555214][ T7739] Allocated by task 7731:
[   95.559550][ T7739]  kasan_save_track+0x3f/0x80
[   95.564234][ T7739]  __kasan_kmalloc+0x98/0xb0
[   95.568832][ T7739]  __kmalloc_cache_noprof+0x19c/0x2c0
[   95.574216][ T7739]  taprio_change+0x1037/0x44c0
[   95.578992][ T7739]  tc_modify_qdisc+0x190d/0x1e40
[   95.583931][ T7739]  rtnetlink_rcv_msg+0x73f/0xcf0
[   95.588858][ T7739]  netlink_rcv_skb+0x1e3/0x430
[   95.593632][ T7739]  netlink_unicast+0x7f6/0x990
[   95.598411][ T7739]  netlink_sendmsg+0x8e4/0xcb0
[   95.603176][ T7739]  __sock_sendmsg+0x221/0x270
[   95.607843][ T7739]  ____sys_sendmsg+0x52a/0x7e0
[   95.612599][ T7739]  __sys_sendmsg+0x292/0x380
[   95.617176][ T7739]  do_syscall_64+0xf3/0x230
[   95.621669][ T7739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.627574][ T7739] 
[   95.629882][ T7739] Freed by task 1035:
[   95.633848][ T7739]  kasan_save_track+0x3f/0x80
[   95.638513][ T7739]  kasan_save_free_info+0x40/0x50
[   95.643531][ T7739]  __kasan_slab_free+0x59/0x70
[   95.648284][ T7739]  kfree+0x1a0/0x440
[   95.652206][ T7739]  rcu_core+0xaaa/0x17a0
[   95.656465][ T7739]  handle_softirqs+0x2c5/0x980
[   95.661313][ T7739]  __irq_exit_rcu+0xf4/0x1c0
[   95.665906][ T7739]  irq_exit_rcu+0x9/0x30
[   95.670183][ T7739]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   95.675893][ T7739]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   95.681870][ T7739] 
[   95.684177][ T7739] Last potentially related work creation:
[   95.689883][ T7739]  kasan_save_stack+0x3f/0x60
[   95.694558][ T7739]  __kasan_record_aux_stack+0xac/0xc0
[   95.699922][ T7739]  call_rcu+0x167/0xa70
[   95.704071][ T7739]  taprio_change+0x265d/0x44c0
[   95.708835][ T7739]  tc_modify_qdisc+0x190d/0x1e40
[   95.713796][ T7739]  rtnetlink_rcv_msg+0x73f/0xcf0
[   95.718757][ T7739]  netlink_rcv_skb+0x1e3/0x430
[   95.723521][ T7739]  netlink_unicast+0x7f6/0x990
[   95.728371][ T7739]  netlink_sendmsg+0x8e4/0xcb0
[   95.733145][ T7739]  __sock_sendmsg+0x221/0x270
[   95.737852][ T7739]  ____sys_sendmsg+0x52a/0x7e0
[   95.742680][ T7739]  __sys_sendmsg+0x292/0x380
[   95.747278][ T7739]  do_syscall_64+0xf3/0x230
[   95.751797][ T7739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.757818][ T7739] 
[   95.760171][ T7739] The buggy address belongs to the object at ffff888077444400
[   95.760171][ T7739]  which belongs to the cache kmalloc-512 of size 512
[   95.774221][ T7739] The buggy address is located 192 bytes inside of
[   95.774221][ T7739]  freed 512-byte region [ffff888077444400, ffff888077444600)
[   95.788024][ T7739] 
[   95.790348][ T7739] The buggy address belongs to the physical page:
[   95.796767][ T7739] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888077447800 pfn:0x77444
[   95.806848][ T7739] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   95.815520][ T7739] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   95.823539][ T7739] page_type: f5(slab)
[   95.827519][ T7739] raw: 00fff00000000040 ffff888015441c80 0000000000000000 dead000000000001
[   95.836093][ T7739] raw: ffff888077447800 000000008010000f 00000001f5000000 0000000000000000
[   95.844775][ T7739] head: 00fff00000000040 ffff888015441c80 0000000000000000 dead000000000001
[   95.853445][ T7739] head: ffff888077447800 000000008010000f 00000001f5000000 0000000000000000
[   95.862110][ T7739] head: 00fff00000000002 ffffea0001dd1101 ffffffffffffffff 0000000000000000
[   95.870785][ T7739] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   95.879573][ T7739] page dumped because: kasan: bad access detected
[   95.885983][ T7739] page_owner tracks the page as allocated
[   95.891716][ T7739] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4553, tgid 4553 (udevadm), ts 16557674621, free_ts 13771592324
[   95.912658][ T7739]  post_alloc_hook+0x1f3/0x230
[   95.917444][ T7739]  get_page_from_freelist+0x3045/0x3190
[   95.922989][ T7739]  __alloc_pages_noprof+0x292/0x710
[   95.928268][ T7739]  alloc_pages_mpol_noprof+0x3e8/0x680
[   95.933792][ T7739]  alloc_slab_page+0x6a/0x120
[   95.938573][ T7739]  allocate_slab+0x5a/0x2f0
[   95.943071][ T7739]  ___slab_alloc+0xcd1/0x14b0
[   95.947857][ T7739]  __slab_alloc+0x58/0xa0
[   95.952186][ T7739]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   95.957562][ T7739]  kernfs_fop_open+0x3e0/0xd10
[   95.962418][ T7739]  do_dentry_open+0x978/0x1460
[   95.967181][ T7739]  vfs_open+0x3e/0x330
[   95.971263][ T7739]  path_openat+0x2c84/0x3590
[   95.976024][ T7739]  do_filp_open+0x235/0x490
[   95.980532][ T7739]  do_sys_openat2+0x13e/0x1d0
[   95.985198][ T7739]  __x64_sys_openat+0x247/0x2a0
[   95.990107][ T7739] page last free pid 1 tgid 1 stack trace:
[   95.995943][ T7739]  free_unref_page+0xcfb/0xf20
[   96.000707][ T7739]  free_contig_range+0x152/0x550
[   96.005641][ T7739]  destroy_args+0x8a/0x840
[   96.010071][ T7739]  debug_vm_pgtable+0x4be/0x550
[   96.017951][ T7739]  do_one_initcall+0x248/0x880
[   96.022807][ T7739]  do_initcall_level+0x157/0x210
[   96.027735][ T7739]  do_initcalls+0x3f/0x80
[   96.032057][ T7739]  kernel_init_freeable+0x435/0x5d0
[   96.037327][ T7739]  kernel_init+0x1d/0x2b0
[   96.041672][ T7739]  ret_from_fork+0x4b/0x80
[   96.046124][ T7739]  ret_from_fork_asm+0x1a/0x30
[   96.050924][ T7739] 
[   96.053356][ T7739] Memory state around the buggy address:
[   96.058980][ T7739]  ffff888077444380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.067474][ T7739]  ffff888077444400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.075540][ T7739] >ffff888077444480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.083607][ T7739]                                            ^
[   96.089753][ T7739]  ffff888077444500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.097814][ T7739]  ffff888077444580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.105879][ T7739] ==================================================================
[   96.131343][ T7739] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   96.138751][ T7739] CPU: 0 UID: 0 PID: 7739 Comm: syz-executor.0 Not tainted 6.12.0-rc3-syzkaller-00163-g8a7d12d674ac #0
[   96.149792][ T7739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   96.159939][ T7739] Call Trace:
[   96.163225][ T7739]  <TASK>
[   96.166166][ T7739]  dump_stack_lvl+0x241/0x360
[   96.170860][ T7739]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.176261][ T7739]  ? __pfx__printk+0x10/0x10
[   96.180932][ T7739]  ? preempt_schedule+0xe1/0xf0
[   96.185775][ T7739]  ? vscnprintf+0x5d/0x90
[   96.190102][ T7739]  panic+0x349/0x880
[   96.193994][ T7739]  ? check_panic_on_warn+0x21/0xb0
[   96.199097][ T7739]  ? __pfx_panic+0x10/0x10
[   96.203514][ T7739]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   96.209502][ T7739]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   96.215845][ T7739]  ? print_report+0x502/0x550
[   96.220535][ T7739]  check_panic_on_warn+0x86/0xb0
[   96.225469][ T7739]  ? taprio_dump+0x857/0xd50
[   96.230095][ T7739]  end_report+0x77/0x160
[   96.234443][ T7739]  kasan_report+0x154/0x180
[   96.238955][ T7739]  ? taprio_dump+0x857/0xd50
[   96.243642][ T7739]  taprio_dump+0x857/0xd50
[   96.248057][ T7739]  ? __alloc_skb+0x1f3/0x440
[   96.252653][ T7739]  ? __pfx_taprio_dump+0x10/0x10
[   96.257588][ T7739]  ? __asan_memcpy+0x40/0x70
[   96.262179][ T7739]  ? nla_put+0x131/0x1e0
[   96.266418][ T7739]  tc_fill_qdisc+0x6a7/0x11f0
[   96.271106][ T7739]  ? rcu_is_watching+0x15/0xb0
[   96.275959][ T7739]  ? __kmalloc_node_track_caller_noprof+0x242/0x440
[   96.282652][ T7739]  ? __pfx_tc_fill_qdisc+0x10/0x10
[   96.287779][ T7739]  ? __build_skb_around+0x245/0x3d0
[   96.292981][ T7739]  ? __pfx___alloc_skb+0x10/0x10
[   96.297927][ T7739]  qdisc_notify+0x2ec/0x4b0
[   96.302437][ T7739]  tc_modify_qdisc+0x1c58/0x1e40
[   96.307373][ T7739]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   96.312657][ T7739]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   96.318054][ T7739]  rtnetlink_rcv_msg+0x73f/0xcf0
[   96.323070][ T7739]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[   96.328174][ T7739]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   96.333622][ T7739]  ? ref_tracker_free+0x643/0x7e0
[   96.338667][ T7739]  netlink_rcv_skb+0x1e3/0x430
[   96.343447][ T7739]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   96.348918][ T7739]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   96.354208][ T7739]  ? netlink_deliver_tap+0x2e/0x1b0
[   96.359407][ T7739]  netlink_unicast+0x7f6/0x990
[   96.364165][ T7739]  ? __pfx_netlink_unicast+0x10/0x10
[   96.369444][ T7739]  ? __virt_addr_valid+0x183/0x530
[   96.374628][ T7739]  ? __check_object_size+0x48e/0x900
[   96.380122][ T7739]  netlink_sendmsg+0x8e4/0xcb0
[   96.384886][ T7739]  ? __pfx_netlink_sendmsg+0x10/0x10
[   96.390164][ T7739]  ? aa_sock_msg_perm+0x91/0x160
[   96.395093][ T7739]  ? __pfx_netlink_sendmsg+0x10/0x10
[   96.400459][ T7739]  __sock_sendmsg+0x221/0x270
[   96.405128][ T7739]  ____sys_sendmsg+0x52a/0x7e0
[   96.409896][ T7739]  ? __pfx_____sys_sendmsg+0x10/0x10
[   96.415177][ T7739]  __sys_sendmsg+0x292/0x380
[   96.419764][ T7739]  ? __pfx___sys_sendmsg+0x10/0x10
[   96.424879][ T7739]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   96.431201][ T7739]  ? do_syscall_64+0x100/0x230
[   96.436044][ T7739]  ? do_syscall_64+0xb6/0x230
[   96.440708][ T7739]  do_syscall_64+0xf3/0x230
[   96.445203][ T7739]  ? clear_bhb_loop+0x35/0x90
[   96.449871][ T7739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.455757][ T7739] RIP: 0033:0x7fb320c7de69
[   96.460161][ T7739] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   96.479845][ T7739] RSP: 002b:00007fb3219990c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   96.488258][ T7739] RAX: ffffffffffffffda RBX: 00007fb320dabf80 RCX: 00007fb320c7de69
[   96.496227][ T7739] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[   96.504290][ T7739] RBP: 00007fb320cca47a R08: 0000000000000000 R09: 0000000000000000
[   96.512261][ T7739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   96.520242][ T7739] R13: 000000000000000b R14: 00007fb320dabf80 R15: 00007fff29f54758
[   96.528211][ T7739]  </TASK>
[   96.531519][ T7739] Kernel Offset: disabled
[   96.535836][ T7739] Rebooting in 86400 seconds..