[ 395.004172][T26024] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 395.013492][T26024] 50127 total pagecache pages
[ 395.048529][T26024] 0 pages in swap cache
[ 395.085567][T26024] Swap cache stats: add 0, delete 0, find 0/0
[ 395.112353][T26024] Free swap = 0kB
[ 395.139787][T26024] Total swap = 0kB
[ 395.144867][T26024] 2097051 pages RAM
[ 395.148676][T26024] 0 pages HighMem/MovableOnly
[ 395.153340][T26024] 380225 pages reserved
[ 395.171880][T26024] 0 pages cma reserved
[ 411.984409][T28946] warn_alloc: 3 callbacks suppressed
[ 411.984418][T28946] syz-executor.5: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz5,mems_allowed=0-1
[ 412.042659][T28946] CPU: 0 PID: 28946 Comm: syz-executor.5 Not tainted 5.17.0-rc5-syzkaller #0
[ 412.051535][T28946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 412.061587][T28946] Call Trace:
[ 412.064864][T28946]
[ 412.067877][T28946] dump_stack_lvl+0x57/0x7d
[ 412.072386][T28946] warn_alloc.cold+0x9b/0x189
[ 412.077057][T28946] ? zone_watermark_ok_safe+0x290/0x290
[ 412.082600][T28946] ? __kmalloc_node+0x62/0x4a0
[ 412.087379][T28946] __vmalloc_node_range+0xb04/0xd60
[ 412.092578][T28946] ? netlink_unicast+0x454/0x700
[ 412.097504][T28946] ? vfree_atomic+0x90/0x90
[ 412.102440][T28946] ? netlink_sendmsg+0x558/0xc10
[ 412.107374][T28946] vmalloc+0x62/0x80
[ 412.111266][T28946] ? netlink_sendmsg+0x558/0xc10
[ 412.116289][T28946] netlink_sendmsg+0x558/0xc10
[ 412.121048][T28946] ? netlink_unicast+0x700/0x700
[ 412.125984][T28946] ? netlink_unicast+0x700/0x700
[ 412.131091][T28946] sock_sendmsg+0xab/0xe0
[ 412.135516][T28946] sock_no_sendpage+0xea/0x130
[ 412.140288][T28946] ? sock_no_shutdown+0x10/0x10
[ 412.145308][T28946] ? lock_release+0x720/0x720
[ 412.150168][T28946] kernel_sendpage.part.0+0x121/0x250
[ 412.156416][T28946] ? __sock_recv_ts_and_drops+0x350/0x350
[ 412.162126][T28946] sock_sendpage+0xc7/0x1a0
[ 412.166624][T28946] pipe_to_sendpage+0x245/0x410
[ 412.171470][T28946] ? propagate_umount+0x1830/0x1830
[ 412.176696][T28946] __splice_from_pipe+0x362/0x810
[ 412.181889][T28946] ? propagate_umount+0x1830/0x1830
[ 412.187263][T28946] generic_splice_sendpage+0xba/0x120
[ 412.192627][T28946] ? __do_sys_vmsplice+0x7d0/0x7d0
[ 412.197732][T28946] ? apparmor_file_permission+0x138/0x450
[ 412.203449][T28946] ? security_file_permission+0x3c/0x90
[ 412.208990][T28946] do_splice+0x9ef/0x1b30
[ 412.213316][T28946] ? find_held_lock+0x2d/0x110
[ 412.218101][T28946] ? __fget_files+0x1bf/0x3c0
[ 412.222867][T28946] ? splice_file_to_pipe+0xf0/0xf0
[ 412.227974][T28946] ? __context_tracking_exit+0x80/0x90
[ 412.233527][T28946] __do_splice+0xf4/0x1b0
[ 412.237851][T28946] ? do_splice+0x1b30/0x1b30
[ 412.242622][T28946] __x64_sys_splice+0x14a/0x200
[ 412.247470][T28946] do_syscall_64+0x35/0xb0
[ 412.251894][T28946] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 412.257777][T28946] RIP: 0033:0x7fde75cb1a39
[ 412.262183][T28946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 412.282663][T28946] RSP: 002b:00007fde75427188 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 412.291257][T28946] RAX: ffffffffffffffda RBX: 00007fde75db4f60 RCX: 00007fde75cb1a39
[ 412.299316][T28946] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[ 412.307283][T28946] RBP: 00007fde75d0be8f R08: 0000000000010976 R09: 0000000000000000
[ 412.315253][T28946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 412.323219][T28946] R13: 00007fde762e8b2f R14: 00007fde75427300 R15: 0000000000022000
[ 412.331200][T28946]
[ 412.345987][T28946] Mem-Info:
[ 412.349136][T28946] active_anon:287 inactive_anon:5908 isolated_anon:0
[ 412.349136][T28946] active_file:10713 inactive_file:38006 isolated_file:0
[ 412.349136][T28946] unevictable:768 dirty:343 writeback:0
[ 412.349136][T28946] slab_reclaimable:19506 slab_unreclaimable:98325
[ 412.349136][T28946] mapped:1565 shmem:1748 pagetables:366 bounce:0
[ 412.349136][T28946] kernel_misc_reclaimable:0
[ 412.349136][T28946] free:1456984 free_pcp:13045 free_cma:0
[ 412.479603][T28946] Node 0 active_anon:1144kB inactive_anon:22700kB active_file:42784kB inactive_file:152024kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:6260kB dirty:1372kB writeback:0kB shmem:4520kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB kernel_stack:9240kB pagetables:1460kB all_unreclaimable? no
[ 412.566913][T28946] Node 1 active_anon:4kB inactive_anon:932kB active_file:68kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2472kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:4kB all_unreclaimable? no
[ 412.604548][T28946] Node 0 DMA free:15360kB boost:0kB min:200kB low:248kB high:296kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 412.670645][T28946] lowmem_reserve[]: 0 2663 2663 2663 2663
[ 412.698044][T28946] Node 0 DMA32 free:1871628kB boost:0kB min:35820kB low:44772kB high:53724kB reserved_highatomic:0KB active_anon:1140kB inactive_anon:22596kB active_file:42832kB inactive_file:151976kB unevictable:1536kB writepending:1368kB present:3129332kB managed:2733924kB mlocked:0kB bounce:0kB free_pcp:40368kB local_pcp:18460kB free_cma:0kB
[ 412.748988][T28946] lowmem_reserve[]: 0 0 0 0 0
[ 412.753744][T28946] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:400kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 412.792793][T28946] lowmem_reserve[]: 0 0 0 0 0
[ 412.808347][T28946] Node 1 Normal free:3940972kB boost:0kB min:54080kB low:67600kB high:81120kB reserved_highatomic:0KB active_anon:4kB inactive_anon:932kB active_file:68kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:12412kB local_pcp:2112kB free_cma:0kB
[ 412.843566][T28946] lowmem_reserve[]: 0 0 0 0 0
[ 412.854092][T28946] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 412.902482][T28946] Node 0 DMA32: 1632*4kB (UME) 215*8kB (UME) 47*16kB (UME) 230*32kB (UME) 65*64kB (UE) 18*128kB (UME) 3*256kB (UE) 2*512kB (UM) 3*1024kB (UME) 10*2048kB (UME) 445*4096kB (M) = 1870888kB
[ 412.945769][T28946] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 412.960883][T28946] Node 1 Normal: 59*4kB (UME) 14*8kB (UME) 11*16kB (UME) 103*32kB (UME) 28*64kB (UE) 13*128kB (UME) 4*256kB (UME) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UM) 958*4096kB (M) = 3940972kB
[ 413.002429][T28946] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 413.025651][T28946] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 413.035057][T28946] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 413.045868][T28946] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 413.061457][T28946] 50469 total pagecache pages
[ 413.066952][T28946] 0 pages in swap cache
[ 413.071135][T28946] Swap cache stats: add 0, delete 0, find 0/0
[ 413.077631][T28946] Free swap = 0kB
[ 413.081348][T28946] Total swap = 0kB
[ 413.109023][T28946] 2097051 pages RAM
[ 413.112844][T28946] 0 pages HighMem/MovableOnly
[ 413.124161][T28946] 380225 pages reserved
[ 413.128330][T28946] 0 pages cma reserved
[ 413.963636][ T157] device hsr_slave_0 left promiscuous mode
[ 413.986844][ T157] device hsr_slave_1 left promiscuous mode
[ 413.998155][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 414.012168][ T157] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 414.060953][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 414.092274][ T157] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 414.111791][ T157] device bridge_slave_1 left promiscuous mode
[ 414.119897][ T157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 414.131505][ T157] device bridge_slave_0 left promiscuous mode
[ 414.137959][ T157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 414.151849][ T157] device veth1_macvtap left promiscuous mode
[ 414.159138][ T157] device veth0_macvtap left promiscuous mode
[ 414.165720][ T157] device veth1_vlan left promiscuous mode
[ 414.171613][ T157] device veth0_vlan left promiscuous mode
[ 414.480926][ T157] team0 (unregistering): Port device team_slave_1 removed
[ 414.508871][ T157] team0 (unregistering): Port device team_slave_0 removed
[ 414.528156][ T157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 414.548917][ T157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 414.618508][ T157] bond0 (unregistering): Released all slaves
[ 415.672994][ T157] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 415.738648][ T157] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 415.801819][ T157] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 415.867961][ T157] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.042243][ T157] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.093395][ T157] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.156385][ T157] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.210401][ T157] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.397778][ T157] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.463315][ T157] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
[ 416.526800][ T157] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.605818][ T157] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.677475][T28991] cgroup: Unknown subsys name 'net'
[ 416.687165][T28991] cgroup: Unknown subsys name 'rlimit'
[ 416.790911][ T157] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.877195][ T157] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 416.950182][ T157] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 417.016675][ T157] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 417.209433][ T157] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 417.262799][ T157] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 417.317123][ T157] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 417.396997][ T157] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 417.781010][ T3932] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 417.789645][ T3932] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 417.798011][ T3932] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 417.812676][ T3932] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 417.820254][ T3932] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 417.830561][ T3932] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 418.002068][T29065] chnl_net:caif_netlink_parms(): no params data found
[ 418.120384][T29065] bridge0: port 1(bridge_slave_0) entered blocking state
[ 418.128048][T29065] bridge0: port 1(bridge_slave_0) entered disabled state
[ 418.136299][T29065] device bridge_slave_0 entered promiscuous mode
[ 418.145108][T29065] bridge0: port 2(bridge_slave_1) entered blocking state
[ 418.152225][T29065] bridge0: port 2(bridge_slave_1) entered disabled state
[ 418.161804][T29065] device bridge_slave_1 entered promiscuous mode
[ 418.208575][T29065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 418.221770][T29065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 418.262448][T29065] team0: Port device team_slave_0 added
[ 418.300197][T29065] team0: Port device team_slave_1 added
[ 418.333597][T29065] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 418.340650][T29065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 418.367070][T29065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 418.379783][T29065] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 418.388972][T29065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 418.416389][T29065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 418.464510][T29065] device hsr_slave_0 entered promiscuous mode
[ 418.471200][T29065] device hsr_slave_1 entered promiscuous mode
[ 418.681371][T29065] bridge0: port 2(bridge_slave_1) entered blocking state
[ 418.688466][T29065] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 418.696024][T29065] bridge0: port 1(bridge_slave_0) entered blocking state
[ 418.703080][T29065] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 418.827038][T29065] 8021q: adding VLAN 0 to HW filter on device bond0
[ 418.840911][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 418.858705][T29051] bridge0: port 1(bridge_slave_0) entered disabled state
[ 418.871685][T29051] bridge0: port 2(bridge_slave_1) entered disabled state
[ 418.883561][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 418.900718][T29065] 8021q: adding VLAN 0 to HW filter on device team0
[ 418.950606][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 418.959735][T29051] bridge0: port 1(bridge_slave_0) entered blocking state
[ 418.966823][T29051] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 418.987260][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 418.997183][ T3651] bridge0: port 2(bridge_slave_1) entered blocking state
[ 419.004371][ T3651] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 419.013023][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 419.042877][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 419.050728][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 419.059883][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 419.069127][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 419.078739][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 419.089656][T29065] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 419.101769][T29065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 419.121286][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 419.129801][ T3651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 419.150759][T29065] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 419.160431][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 419.167943][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 419.218947][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 419.228257][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 419.252984][T29065] device veth0_vlan entered promiscuous mode
[ 419.271323][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 419.281021][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 419.304141][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 419.311834][T29051] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 419.327514][T29065] device veth1_vlan entered promiscuous mode
[ 419.402571][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 419.418625][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 419.431070][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 419.445455][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 419.475267][T29065] device veth0_macvtap entered promiscuous mode
[ 419.493106][T29065] device veth1_macvtap entered promiscuous mode
[ 419.547296][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 419.565996][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.582099][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 419.595537][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.610927][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 419.623990][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.633793][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 419.644712][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.654714][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 419.665237][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.676133][T29065] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 419.685546][ T3970] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 419.693684][ T3970] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 419.708179][ T3970] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 419.718433][ T3970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 419.731786][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 419.742710][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.753614][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 419.764970][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.774931][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 419.785483][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.795378][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 419.805909][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.815917][T29065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 419.826453][T29065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 419.837300][T29065] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 419.851114][T29050] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 419.859878][T29050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 419.924284][ T3651] Bluetooth: hci0: command 0x0409 tx timeout
[ 419.957130][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 419.978331][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 419.994592][ T157] device hsr_slave_0 left promiscuous mode
[ 420.004327][ T157] device hsr_slave_1 left promiscuous mode
[ 420.018292][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 420.028395][ T157] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 420.043086][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 420.052913][ T157] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 420.067254][ T157] device bridge_slave_1 left promiscuous mode
[ 420.073474][ T157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 420.082599][ T157] device bridge_slave_0 left promiscuous mode
[ 420.092696][ T157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 420.110716][ T157] device hsr_slave_0 left promiscuous mode
[ 420.118934][ T157] device hsr_slave_1 left promiscuous mode
[ 420.131579][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 420.140498][ T157] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 420.157008][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 420.165081][ T157] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 420.174517][ T157] device bridge_slave_1 left promiscuous mode
[ 420.180712][ T157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 420.191115][ T157] device bridge_slave_0 left promiscuous mode
[ 420.197359][ T157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 420.212687][ T157] device hsr_slave_0 left promiscuous mode
[ 420.219152][ T157] device hsr_slave_1 left promiscuous mode
[ 420.226292][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 420.233688][ T157] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 420.244431][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 420.251929][ T157] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 420.261899][ T157] device bridge_slave_1 left promiscuous mode
[ 420.275470][ T157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 420.284416][ T157] device bridge_slave_0 left promiscuous mode
[ 420.290584][ T157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 420.304984][ T157] device hsr_slave_0 left promiscuous mode
[ 420.311272][ T157] device hsr_slave_1 left promiscuous mode
[ 420.318892][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 420.326752][ T157] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 420.336125][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 420.343521][ T157] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 420.352987][ T157] device bridge_slave_1 left promiscuous mode
[ 420.366561][ T157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 420.375284][ T157] device bridge_slave_0 left promiscuous mode
[ 420.381455][ T157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 420.397969][ T157] device hsr_slave_0 left promiscuous mode
[ 420.404286][ T157] device hsr_slave_1 left promiscuous mode
[ 420.410728][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 420.418219][ T157] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 420.427900][ T157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 420.435475][ T157] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 420.444462][ T157] device bridge_slave_1 left promiscuous mode
[ 420.450570][ T157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 420.458926][ T157] device bridge_slave_0 left promiscuous mode
[ 420.465151][ T157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 420.483455][ T157] device veth1_macvtap left promiscuous mode
[ 420.489692][ T157] device veth0_macvtap left promiscuous mode
[ 420.496460][ T157] device veth1_vlan left promiscuous mode
[ 420.502219][ T157] device veth0_vlan left promiscuous mode
[ 420.509089][ T157] device veth1_macvtap left promiscuous mode
[ 420.516924][ T157] device veth0_macvtap left promiscuous mode
[ 420.522945][ T157] device veth1_vlan left promiscuous mode
[ 420.528923][ T157] device veth0_vlan left promiscuous mode
[ 420.536567][ T157] device veth1_macvtap left promiscuous mode
[ 420.542563][ T157] device veth0_macvtap left promiscuous mode
[ 420.549486][ T157] device veth1_vlan left promiscuous mode
[ 420.559080][ T157] device veth0_vlan left promiscuous mode
[ 420.565734][ T157] device veth1_macvtap left promiscuous mode
[ 420.571720][ T157] device veth0_macvtap left promiscuous mode
[ 420.578125][ T157] device veth1_vlan left promiscuous mode
[ 420.584154][ T157] device veth0_vlan left promiscuous mode
[ 420.591193][ T157] device veth1_macvtap left promiscuous mode
[ 420.597615][ T157] device veth0_macvtap left promiscuous mode
[ 420.603642][ T157] device veth1_vlan left promiscuous mode
[ 420.609747][ T157] device veth0_vlan left promiscuous mode
[ 420.963720][ T157] team0 (unregistering): Port device team_slave_1 removed
[ 420.977201][ T157] team0 (unregistering): Port device team_slave_0 removed
[ 420.989250][ T157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 421.004114][ T157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 421.056352][ T157] bond0 (unregistering): Released all slaves
[ 421.158234][ T157] team0 (unregistering): Port device team_slave_1 removed
[ 421.171336][ T157] team0 (unregistering): Port device team_slave_0 removed
[ 421.187546][ T157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 421.200397][ T157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 421.251409][ T157] bond0 (unregistering): Released all slaves
[ 421.351792][ T157] team0 (unregistering): Port device team_slave_1 removed
[ 421.363040][ T157] team0 (unregistering): Port device team_slave_0 removed
[ 421.373790][ T157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 421.389307][ T157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 421.441488][ T157] bond0 (unregistering): Released all slaves
[ 421.556937][ T157] team0 (unregistering): Port device team_slave_1 removed
[ 421.568705][ T157] team0 (unregistering): Port device team_slave_0 removed
[ 421.581799][ T157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 421.596776][ T157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 421.648644][ T157] bond0 (unregistering): Released all slaves
[ 421.743112][ T157] team0 (unregistering): Port device team_slave_1 removed
[ 421.756700][ T157] team0 (unregistering): Port device team_slave_0 removed
[ 421.767299][ T157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 421.781042][ T157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 421.828618][ T157] bond0 (unregistering): Released all slaves
[ 421.860873][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 421.869042][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 421.872508][T29050] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 421.886309][T29050] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 422.004189][ T2964] Bluetooth: hci0: command 0x041b tx timeout
[ 424.084023][ T2964] Bluetooth: hci0: command 0x040f tx timeout
[ 426.164371][T28956] Bluetooth: hci0: command 0x0419 tx timeout
[ 434.567295][ T1232] ieee802154 phy0 wpan0: encryption failed: -22
[ 434.573595][ T1232] ieee802154 phy1 wpan1: encryption failed: -22
[ 496.015884][ T1232] ieee802154 phy0 wpan0: encryption failed: -22
[ 496.022175][ T1232] ieee802154 phy1 wpan1: encryption failed: -22
[ 518.295301][ T7232] ==================================================================
[ 518.303492][ T7232] BUG: KASAN: use-after-free in dump_schedule+0x68e/0x6f0
[ 518.310697][ T7232] Read of size 8 at addr ffff888061087ac0 by task syz-executor390/7232
[ 518.318942][ T7232]
[ 518.321263][ T7232] CPU: 0 PID: 7232 Comm: syz-executor390 Not tainted 5.17.0-rc5-syzkaller #0
[ 518.329993][ T7232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 518.340023][ T7232] Call Trace:
[ 518.343378][ T7232]
[ 518.346288][ T7232] dump_stack_lvl+0x57/0x7d
[ 518.350770][ T7232] print_address_description.constprop.0.cold+0x8d/0x336
[ 518.357777][ T7232] ? dump_schedule+0x68e/0x6f0
[ 518.362535][ T7232] ? dump_schedule+0x68e/0x6f0
[ 518.367269][ T7232] kasan_report.cold+0x83/0xdf
[ 518.372013][ T7232] ? dump_schedule+0x68e/0x6f0
[ 518.376752][ T7232] dump_schedule+0x68e/0x6f0
[ 518.381323][ T7232] ? lock_release+0x720/0x720
[ 518.386181][ T7232] ? taprio_offload_get+0x60/0x60
[ 518.391190][ T7232] ? memset+0x20/0x40
[ 518.395179][ T7232] ? __nla_reserve+0x8f/0xb0
[ 518.399773][ T7232] ? memcpy+0x39/0x60
[ 518.403802][ T7232] taprio_dump+0x431/0xb70
[ 518.408213][ T7232] ? rtnetlink_rcv_msg+0x31d/0x8d0
[ 518.413316][ T7232] ? netlink_rcv_skb+0x118/0x370
[ 518.418321][ T7232] ? advance_sched+0x920/0x920
[ 518.423063][ T7232] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 518.429582][ T7232] ? sock_sendpage+0xc7/0x1a0
[ 518.434256][ T7232] ? __splice_from_pipe+0x362/0x810
[ 518.439445][ T7232] ? __nla_reserve+0x8f/0xb0
[ 518.444016][ T7232] ? memcpy+0x39/0x60
[ 518.447980][ T7232] tc_fill_qdisc+0x570/0xf60
[ 518.452695][ T7232] ? lock_downgrade+0x6e0/0x6e0
[ 518.457549][ T7232] ? qdisc_class_hash_init+0x210/0x210
[ 518.462997][ T7232] ? rcu_read_lock_sched_held+0x3a/0x70
[ 518.468546][ T7232] ? memset+0x20/0x40
[ 518.472513][ T7232] ? __build_skb_around+0x1f3/0x2b0
[ 518.477688][ T7232] ? __alloc_skb+0xca/0x270
[ 518.482171][ T7232] qdisc_notify.isra.0+0x22b/0x2a0
[ 518.487282][ T7232] tc_modify_qdisc+0xc4d/0x1680
[ 518.492120][ T7232] ? __mutex_lock+0x21a/0x12f0
[ 518.496868][ T7232] ? qdisc_create.constprop.0+0xdc0/0xdc0
[ 518.502754][ T7232] rtnetlink_rcv_msg+0x31d/0x8d0
[ 518.507670][ T7232] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 518.512425][ T7232] netlink_rcv_skb+0x118/0x370
[ 518.517285][ T7232] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 518.522035][ T7232] ? netlink_ack+0x930/0x930
[ 518.526596][ T7232] ? netlink_deliver_tap+0x130/0xaa0
[ 518.531862][ T7232] ? netlink_deliver_tap+0x135/0xaa0
[ 518.537220][ T7232] netlink_unicast+0x430/0x700
[ 518.541993][ T7232] ? netlink_attachskb+0x740/0x740
[ 518.547096][ T7232] netlink_sendmsg+0x770/0xc10
[ 518.551836][ T7232] ? netlink_unicast+0x700/0x700
[ 518.556749][ T7232] ? netlink_unicast+0x700/0x700
[ 518.561690][ T7232] sock_sendmsg+0xab/0xe0
[ 518.565998][ T7232] sock_no_sendpage+0xea/0x130
[ 518.570741][ T7232] ? sock_no_shutdown+0x10/0x10
[ 518.575574][ T7232] ? kfree+0xd0/0x390
[ 518.579552][ T7232] ? lock_release+0x720/0x720
[ 518.584293][ T7232] kernel_sendpage.part.0+0x121/0x250
[ 518.591700][ T7232] ? __sock_recv_ts_and_drops+0x350/0x350
[ 518.597418][ T7232] sock_sendpage+0xc7/0x1a0
[ 518.602007][ T7232] pipe_to_sendpage+0x245/0x410
[ 518.606863][ T7232] ? propagate_umount+0x1830/0x1830
[ 518.612054][ T7232] __splice_from_pipe+0x362/0x810
[ 518.617062][ T7232] ? propagate_umount+0x1830/0x1830
[ 518.622242][ T7232] generic_splice_sendpage+0xba/0x120
[ 518.627615][ T7232] ? __lock_acquire+0x15e4/0x5630
[ 518.632614][ T7232] ? __do_sys_vmsplice+0x7d0/0x7d0
[ 518.637716][ T7232] ? apparmor_file_permission+0x138/0x450
[ 518.643425][ T7232] ? security_file_permission+0x3c/0x90
[ 518.648950][ T7232] do_splice+0x9ef/0x1b30
[ 518.653294][ T7232] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 518.659282][ T7232] ? splice_file_to_pipe+0xf0/0xf0
[ 518.664380][ T7232] ? __context_tracking_exit+0x80/0x90
[ 518.669848][ T7232] __do_splice+0xf4/0x1b0
[ 518.674160][ T7232] ? do_splice+0x1b30/0x1b30
[ 518.678744][ T7232] __x64_sys_splice+0x14a/0x200
[ 518.683572][ T7232] do_syscall_64+0x35/0xb0
[ 518.687973][ T7232] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 518.693868][ T7232] RIP: 0033:0x7f1d6f928c99
[ 518.698286][ T7232] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 518.717894][ T7232] RSP: 002b:00007f1d6faccc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 518.726387][ T7232] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1d6f928c99
[ 518.734353][ T7232] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[ 518.742308][ T7232] RBP: 0000000000000000 R08: 0000000000010976 R09: 0000000000000000
[ 518.750430][ T7232] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d6facccc8
[ 518.758381][ T7232] R13: 00007f1d6faccce0 R14: 00007f1d6faccd20 R15: 0000000000002202
[ 518.766606][ T7232]
[ 518.769608][ T7232]
[ 518.771924][ T7232] Allocated by task 7226:
[ 518.776313][ T7232] kasan_save_stack+0x1e/0x40
[ 518.781074][ T7232] __kasan_kmalloc+0xa9/0xd0
[ 518.785658][ T7232] taprio_change+0x51b/0x3a80
[ 518.790340][ T7232] tc_modify_qdisc+0xafd/0x1680
[ 518.795174][ T7232] rtnetlink_rcv_msg+0x31d/0x8d0
[ 518.800116][ T7232] netlink_rcv_skb+0x118/0x370
[ 518.804868][ T7232] netlink_unicast+0x430/0x700
[ 518.809781][ T7232] netlink_sendmsg+0x770/0xc10
[ 518.814601][ T7232] sock_sendmsg+0xab/0xe0
[ 518.819005][ T7232] sock_no_sendpage+0xea/0x130
[ 518.823740][ T7232] kernel_sendpage.part.0+0x121/0x250
[ 518.829107][ T7232] sock_sendpage+0xc7/0x1a0
[ 518.833617][ T7232] pipe_to_sendpage+0x245/0x410
[ 518.838456][ T7232] __splice_from_pipe+0x362/0x810
[ 518.843626][ T7232] generic_splice_sendpage+0xba/0x120
[ 518.848974][ T7232] do_splice+0x9ef/0x1b30
[ 518.853290][ T7232] __do_splice+0xf4/0x1b0
[ 518.857604][ T7232] __x64_sys_splice+0x14a/0x200
[ 518.862432][ T7232] do_syscall_64+0x35/0xb0
[ 518.866832][ T7232] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 518.872703][ T7232]
[ 518.875018][ T7232] Freed by task 7232:
[ 518.878975][ T7232] kasan_save_stack+0x1e/0x40
[ 518.883625][ T7232] kasan_set_track+0x21/0x30
[ 518.888206][ T7232] kasan_set_free_info+0x20/0x30
[ 518.893182][ T7232] ____kasan_slab_free+0x126/0x160
[ 518.898409][ T7232] slab_free_freelist_hook+0x8b/0x1c0
[ 518.903761][ T7232] kfree+0xd0/0x390
[ 518.907567][ T7232] rcu_core+0x7b1/0x1820
[ 518.911787][ T7232] __do_softirq+0x29b/0x9c2
[ 518.916266][ T7232]
[ 518.918667][ T7232] Last potentially related work creation:
[ 518.924441][ T7232] kasan_save_stack+0x1e/0x40
[ 518.929639][ T7232] __kasan_record_aux_stack+0xbe/0xd0
[ 518.935034][ T7232] call_rcu+0xb1/0x740
[ 518.939283][ T7232] taprio_change+0x259a/0x3a80
[ 518.944163][ T7232] tc_modify_qdisc+0xafd/0x1680
[ 518.948991][ T7232] rtnetlink_rcv_msg+0x31d/0x8d0
[ 518.953993][ T7232] netlink_rcv_skb+0x118/0x370
[ 518.958743][ T7232] netlink_unicast+0x430/0x700
[ 518.964178][ T7232] netlink_sendmsg+0x770/0xc10
[ 518.969019][ T7232] sock_sendmsg+0xab/0xe0
[ 518.973506][ T7232] sock_no_sendpage+0xea/0x130
[ 518.978248][ T7232] kernel_sendpage.part.0+0x121/0x250
[ 518.983593][ T7232] sock_sendpage+0xc7/0x1a0
[ 518.988069][ T7232] pipe_to_sendpage+0x245/0x410
[ 518.992986][ T7232] __splice_from_pipe+0x362/0x810
[ 518.998009][ T7232] generic_splice_sendpage+0xba/0x120
[ 519.003535][ T7232] do_splice+0x9ef/0x1b30
[ 519.007840][ T7232] __do_splice+0xf4/0x1b0
[ 519.012148][ T7232] __x64_sys_splice+0x14a/0x200
[ 519.017077][ T7232] do_syscall_64+0x35/0xb0
[ 519.021646][ T7232] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 519.027538][ T7232]
[ 519.029856][ T7232] Second to last potentially related work creation:
[ 519.036412][ T7232] kasan_save_stack+0x1e/0x40
[ 519.041068][ T7232] __kasan_record_aux_stack+0xbe/0xd0
[ 519.046474][ T7232] call_rcu+0xb1/0x740
[ 519.050630][ T7232] taprio_change+0x259a/0x3a80
[ 519.055383][ T7232] tc_modify_qdisc+0xafd/0x1680
[ 519.060209][ T7232] rtnetlink_rcv_msg+0x31d/0x8d0
[ 519.065125][ T7232] netlink_rcv_skb+0x118/0x370
[ 519.069875][ T7232] netlink_unicast+0x430/0x700
[ 519.074701][ T7232] netlink_sendmsg+0x770/0xc10
[ 519.079579][ T7232] sock_sendmsg+0xab/0xe0
[ 519.083892][ T7232] sock_no_sendpage+0xea/0x130
[ 519.088631][ T7232] kernel_sendpage.part.0+0x121/0x250
[ 519.093984][ T7232] sock_sendpage+0xc7/0x1a0
[ 519.098484][ T7232] pipe_to_sendpage+0x245/0x410
[ 519.103329][ T7232] __splice_from_pipe+0x362/0x810
[ 519.108334][ T7232] generic_splice_sendpage+0xba/0x120
[ 519.113703][ T7232] do_splice+0x9ef/0x1b30
[ 519.118002][ T7232] __do_splice+0xf4/0x1b0
[ 519.122589][ T7232] __x64_sys_splice+0x14a/0x200
[ 519.127411][ T7232] do_syscall_64+0x35/0xb0
[ 519.131808][ T7232] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 519.137689][ T7232]
[ 519.139988][ T7232] The buggy address belongs to the object at ffff888061087a80
[ 519.139988][ T7232] which belongs to the cache kmalloc-96 of size 96
[ 519.153846][ T7232] The buggy address is located 64 bytes inside of
[ 519.153846][ T7232] 96-byte region [ffff888061087a80, ffff888061087ae0)
[ 519.167067][ T7232] The buggy address belongs to the page:
[ 519.172677][ T7232] page:ffffea00018421c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61087
[ 519.182818][ T7232] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 519.190343][ T7232] raw: 00fff00000000200 ffffea00007da7c0 dead000000000002 ffff88800fc41780
[ 519.198925][ T7232] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[ 519.207957][ T7232] page dumped because: kasan: bad access detected
[ 519.214344][ T7232] page_owner tracks the page as allocated
[ 519.220155][ T7232] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3939, ts 59112571770, free_ts 59112429262
[ 519.236112][ T7232] get_page_from_freelist+0xa6f/0x2f10
[ 519.241587][ T7232] __alloc_pages+0x1b2/0x500
[ 519.246166][ T7232] allocate_slab+0x27f/0x3c0
[ 519.250737][ T7232] ___slab_alloc+0xbe3/0x12a0
[ 519.255386][ T7232] __slab_alloc.constprop.0+0x4d/0xa0
[ 519.260754][ T7232] __kmalloc_track_caller+0x35a/0x430
[ 519.266100][ T7232] kmemdup+0x1a/0x40
[ 519.269967][ T7232] xt_register_table+0x142/0x6d0
[ 519.274889][ T7232] ip6t_register_table+0x127/0x320
[ 519.280087][ T7232] ip6table_nat_table_init+0x3d/0x360
[ 519.285435][ T7232] xt_find_table_lock+0x2d8/0x500
[ 519.290442][ T7232] xt_request_find_table_lock+0x17/0xa0
[ 519.295973][ T7232] get_info+0x128/0x5f0
[ 519.300205][ T7232] do_ip6t_get_ctl+0x125/0x800
[ 519.304941][ T7232] nf_getsockopt+0x57/0xb0
[ 519.309348][ T7232] ipv6_getsockopt+0x137/0x1c0
[ 519.314086][ T7232] page last free stack trace:
[ 519.318736][ T7232] free_pcp_prepare+0x374/0x870
[ 519.323575][ T7232] free_unref_page+0x19/0x690
[ 519.328227][ T7232] __vunmap+0x5af/0x9e0
[ 519.333198][ T7232] do_ip6t_get_ctl+0x66a/0x800
[ 519.337938][ T7232] nf_getsockopt+0x57/0xb0
[ 519.342326][ T7232] ipv6_getsockopt+0x137/0x1c0
[ 519.347075][ T7232] __sys_getsockopt+0x1a8/0x550
[ 519.351906][ T7232] __x64_sys_getsockopt+0xb5/0x150
[ 519.356996][ T7232] do_syscall_64+0x35/0xb0
[ 519.361440][ T7232] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 519.367314][ T7232]
[ 519.369624][ T7232] Memory state around the buggy address:
[ 519.375364][ T7232] ffff888061087980: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 519.383420][ T7232] ffff888061087a00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 519.391553][ T7232] >ffff888061087a80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 519.399600][ T7232] ^
[ 519.405754][ T7232] ffff888061087b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 519.413885][ T7232] ffff888061087b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 519.423505][ T7232] ==================================================================
[ 519.431540][ T7232] Disabling lock debugging due to kernel taint
[ 519.439284][ T7232] Kernel panic - not syncing: panic_on_warn set ...
[ 519.445873][ T7232] CPU: 1 PID: 7232 Comm: syz-executor390 Tainted: G B 5.17.0-rc5-syzkaller #0
[ 519.456001][ T7232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 519.466026][ T7232] Call Trace:
[ 519.469302][ T7232]
[ 519.472206][ T7232] dump_stack_lvl+0x57/0x7d
[ 519.476679][ T7232] panic+0x214/0x49f
[ 519.480543][ T7232] ? __warn_printk+0xee/0xee
[ 519.485099][ T7232] ? preempt_schedule_common+0x59/0xc0
[ 519.490526][ T7232] ? dump_schedule+0x68e/0x6f0
[ 519.495344][ T7232] ? preempt_schedule_thunk+0x16/0x18
[ 519.500688][ T7232] ? dump_schedule+0x68e/0x6f0
[ 519.505425][ T7232] ? dump_schedule+0x68e/0x6f0
[ 519.510438][ T7232] end_report.cold+0x63/0x6f
[ 519.515014][ T7232] kasan_report.cold+0x71/0xdf
[ 519.519768][ T7232] ? dump_schedule+0x68e/0x6f0
[ 519.524609][ T7232] dump_schedule+0x68e/0x6f0
[ 519.529267][ T7232] ? lock_release+0x720/0x720
[ 519.533916][ T7232] ? taprio_offload_get+0x60/0x60
[ 519.538915][ T7232] ? memset+0x20/0x40
[ 519.542864][ T7232] ? __nla_reserve+0x8f/0xb0
[ 519.547461][ T7232] ? memcpy+0x39/0x60
[ 519.551408][ T7232] taprio_dump+0x431/0xb70
[ 519.555808][ T7232] ? rtnetlink_rcv_msg+0x31d/0x8d0
[ 519.560894][ T7232] ? netlink_rcv_skb+0x118/0x370
[ 519.565887][ T7232] ? advance_sched+0x920/0x920
[ 519.570714][ T7232] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 519.576667][ T7232] ? sock_sendpage+0xc7/0x1a0
[ 519.581415][ T7232] ? __splice_from_pipe+0x362/0x810
[ 519.586632][ T7232] ? __nla_reserve+0x8f/0xb0
[ 519.591314][ T7232] ? memcpy+0x39/0x60
[ 519.595350][ T7232] tc_fill_qdisc+0x570/0xf60
[ 519.600084][ T7232] ? lock_downgrade+0x6e0/0x6e0
[ 519.604905][ T7232] ? qdisc_class_hash_init+0x210/0x210
[ 519.610368][ T7232] ? rcu_read_lock_sched_held+0x3a/0x70
[ 519.615918][ T7232] ? memset+0x20/0x40
[ 519.619899][ T7232] ? __build_skb_around+0x1f3/0x2b0
[ 519.625075][ T7232] ? __alloc_skb+0xca/0x270
[ 519.629560][ T7232] qdisc_notify.isra.0+0x22b/0x2a0
[ 519.634646][ T7232] tc_modify_qdisc+0xc4d/0x1680
[ 519.639582][ T7232] ? __mutex_lock+0x21a/0x12f0
[ 519.644324][ T7232] ? qdisc_create.constprop.0+0xdc0/0xdc0
[ 519.650032][ T7232] rtnetlink_rcv_msg+0x31d/0x8d0
[ 519.654954][ T7232] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 519.659770][ T7232] netlink_rcv_skb+0x118/0x370
[ 519.664500][ T7232] ? rtnl_fdb_dump+0x7e0/0x7e0
[ 519.669245][ T7232] ? netlink_ack+0x930/0x930
[ 519.673820][ T7232] ? netlink_deliver_tap+0x130/0xaa0
[ 519.679074][ T7232] ? netlink_deliver_tap+0x135/0xaa0
[ 519.684526][ T7232] netlink_unicast+0x430/0x700
[ 519.689890][ T7232] ? netlink_attachskb+0x740/0x740
[ 519.694967][ T7232] netlink_sendmsg+0x770/0xc10
[ 519.699698][ T7232] ? netlink_unicast+0x700/0x700
[ 519.704619][ T7232] ? netlink_unicast+0x700/0x700
[ 519.709526][ T7232] sock_sendmsg+0xab/0xe0
[ 519.714138][ T7232] sock_no_sendpage+0xea/0x130
[ 519.719154][ T7232] ? sock_no_shutdown+0x10/0x10
[ 519.724352][ T7232] ? kfree+0xd0/0x390
[ 519.728597][ T7232] ? lock_release+0x720/0x720
[ 519.733344][ T7232] kernel_sendpage.part.0+0x121/0x250
[ 519.738709][ T7232] ? __sock_recv_ts_and_drops+0x350/0x350
[ 519.744415][ T7232] sock_sendpage+0xc7/0x1a0
[ 519.748917][ T7232] pipe_to_sendpage+0x245/0x410
[ 519.753742][ T7232] ? propagate_umount+0x1830/0x1830
[ 519.758925][ T7232] __splice_from_pipe+0x362/0x810
[ 519.763931][ T7232] ? propagate_umount+0x1830/0x1830
[ 519.769374][ T7232] generic_splice_sendpage+0xba/0x120
[ 519.774712][ T7232] ? __lock_acquire+0x15e4/0x5630
[ 519.779724][ T7232] ? __do_sys_vmsplice+0x7d0/0x7d0
[ 519.784803][ T7232] ? apparmor_file_permission+0x138/0x450
[ 519.790835][ T7232] ? security_file_permission+0x3c/0x90
[ 519.796363][ T7232] do_splice+0x9ef/0x1b30
[ 519.800661][ T7232] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 519.806889][ T7232] ? splice_file_to_pipe+0xf0/0xf0
[ 519.812071][ T7232] ? __context_tracking_exit+0x80/0x90
[ 519.817497][ T7232] __do_splice+0xf4/0x1b0
[ 519.821806][ T7232] ? do_splice+0x1b30/0x1b30
[ 519.826365][ T7232] __x64_sys_splice+0x14a/0x200
[ 519.833258][ T7232] do_syscall_64+0x35/0xb0
[ 519.837691][ T7232] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 519.843561][ T7232] RIP: 0033:0x7f1d6f928c99
[ 519.848006][ T7232] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 519.867692][ T7232] RSP: 002b:00007f1d6faccc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 519.876111][ T7232] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1d6f928c99
[ 519.884162][ T7232] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[ 519.892336][ T7232] RBP: 0000000000000000 R08: 0000000000010976 R09: 0000000000000000
[ 519.900521][ T7232] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d6facccc8
[ 519.908554][ T7232] R13: 00007f1d6faccce0 R14: 00007f1d6faccd20 R15: 0000000000002202
[ 519.916592][ T7232]
[ 519.919820][ T7232] Kernel Offset: disabled
[ 519.924140][ T7232] Rebooting in 86400 seconds..