Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts.
2023/01/16 01:53:25 ignoring optional flag "sandboxArg"="0"
2023/01/16 01:53:25 parsed 1 programs
2023/01/16 01:53:25 executed programs: 0
[   91.169552][ T4393] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   91.178379][ T4393] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   91.186612][ T4393] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   91.195696][ T4393] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   91.203960][ T4393] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   91.211879][ T4393] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   91.324586][ T5541] chnl_net:caif_netlink_parms(): no params data found
[   91.368651][ T5541] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.376807][ T5541] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.384737][ T5541] device bridge_slave_0 entered promiscuous mode
[   91.394171][ T5541] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.401460][ T5541] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.409503][ T5541] device bridge_slave_1 entered promiscuous mode
[   91.432073][ T5541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.443352][ T5541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.467995][ T5541] team0: Port device team_slave_0 added
[   91.475619][ T5541] team0: Port device team_slave_1 added
[   91.496889][ T5541] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.504308][ T5541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.530379][ T5541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.542701][ T5541] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.549835][ T5541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.576238][ T5541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.607137][ T5541] device hsr_slave_0 entered promiscuous mode
[   91.616548][ T5541] device hsr_slave_1 entered promiscuous mode
[   92.329850][ T5541] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.342998][ T5541] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.355164][ T5541] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.365971][ T5541] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.458778][ T5541] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.475685][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   92.485071][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.497415][ T5541] 8021q: adding VLAN 0 to HW filter on device team0
[   92.510617][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   92.520489][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   92.529537][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.537235][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.563025][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   92.571564][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   92.581961][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   92.590776][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.598088][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.607210][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   92.616707][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   92.626923][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   92.639642][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   92.648390][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   92.665240][ T5541] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   92.678191][ T5541] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   92.692887][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   92.702247][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   92.710829][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.720853][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   92.729252][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   92.981474][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   92.990599][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   93.002220][ T5541] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.027951][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   93.039831][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   93.067117][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   93.077086][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   93.090273][ T5541] device veth0_vlan entered promiscuous mode
[   93.099125][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   93.109416][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   93.124971][ T5541] device veth1_vlan entered promiscuous mode
[   93.154143][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   93.165562][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   93.175436][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   93.186272][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   93.197794][ T5541] device veth0_macvtap entered promiscuous mode
[   93.213636][ T5541] device veth1_macvtap entered promiscuous mode
[   93.238690][ T5541] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.248319][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   93.258818][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   93.267607][ T5081] Bluetooth: hci0: command 0x0409 tx timeout
[   93.278451][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   93.288327][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   93.302145][ T5541] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.316457][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   93.326129][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   93.337811][ T5541] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.348273][ T5541] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.360555][ T5541] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.370475][ T5541] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.458228][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.476224][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.496883][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   93.515914][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.526355][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.536956][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   94.418559][   T46] ==================================================================
[   94.426952][   T46] BUG: KASAN: use-after-free in io_req_caches_free+0x199/0x1f2
[   94.434860][   T46] Read of size 8 at addr ffff88801da98938 by task kworker/u4:3/46
[   94.442874][   T46] 
[   94.445493][   T46] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   94.445522][   T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   94.445535][   T46] Workqueue: events_unbound io_ring_exit_work
[   94.445566][   T46] Call Trace:
[   94.445572][   T46]  <TASK>
[   94.445579][   T46]  dump_stack_lvl+0xd1/0x138
[   94.445602][   T46]  print_report+0x15e/0x45d
[   94.445625][   T46]  ? __phys_addr+0xc8/0x140
[   94.445656][   T46]  ? io_req_caches_free+0x199/0x1f2
[   94.445681][   T46]  kasan_report+0xc0/0xf0
[   94.445707][   T46]  ? io_req_caches_free+0x199/0x1f2
[   94.445736][   T46]  io_req_caches_free+0x199/0x1f2
[   94.445764][   T46]  io_ring_exit_work+0x2e7/0xc80
[   94.445794][   T46]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   94.445822][   T46]  ? lock_release+0x810/0x810
[   94.445845][   T46]  ? process_one_work+0x8a1/0x1750
[   94.445872][   T46]  ? rcu_read_lock_sched_held+0x3e/0x70
[   94.445893][   T46]  ? trace_lock_acquire+0x1f1/0x290
[   94.445918][   T46]  process_one_work+0x9bf/0x1750
[   94.445949][   T46]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   94.445978][   T46]  ? rcu_read_lock_sched_held+0x3e/0x70
[   94.446006][   T46]  ? rwlock_bug.part.0+0x90/0x90
[   94.446031][   T46]  ? lock_acquire+0x32/0xc0
[   94.446054][   T46]  ? worker_thread+0x16d/0x1090
[   94.446088][   T46]  worker_thread+0x669/0x1090
[   94.446123][   T46]  ? __kthread_parkme+0x163/0x220
[   94.446148][   T46]  ? process_one_work+0x1750/0x1750
[   94.446191][   T46]  kthread+0x2e8/0x3a0
[   94.446216][   T46]  ? kthread_complete_and_exit+0x40/0x40
[   94.604462][   T46]  ret_from_fork+0x1f/0x30
[   94.609025][   T46]  </TASK>
[   94.612161][   T46] 
[   94.614497][   T46] Allocated by task 5596:
[   94.618972][   T46]  kasan_save_stack+0x22/0x40
[   94.624034][   T46]  kasan_set_track+0x25/0x30
[   94.628668][   T46]  __kasan_slab_alloc+0x7f/0x90
[   94.633563][   T46]  kmem_cache_alloc_bulk+0x3aa/0x730
[   94.639069][   T46]  __io_alloc_req_refill+0xcc/0x40b
[   94.644516][   T46]  io_submit_sqes.cold+0x7c/0xc2
[   94.649499][   T46]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   94.655184][   T46]  do_syscall_64+0x39/0xb0
[   94.659912][   T46]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.666044][   T46] 
[   94.668739][   T46] Freed by task 46:
[   94.672563][   T46]  kasan_save_stack+0x22/0x40
[   94.677458][   T46]  kasan_set_track+0x25/0x30
[   94.682173][   T46]  kasan_save_free_info+0x2e/0x40
[   94.687329][   T46]  ____kasan_slab_free+0x160/0x1c0
[   94.692475][   T46]  slab_free_freelist_hook+0x8b/0x1c0
[   94.697882][   T46]  kmem_cache_free+0xec/0x4e0
[   94.705463][   T46]  io_req_caches_free+0x1b5/0x1f2
[   94.710539][   T46]  io_ring_exit_work+0x2e7/0xc80
[   94.715613][   T46]  process_one_work+0x9bf/0x1750
[   94.720596][   T46]  worker_thread+0x669/0x1090
[   94.725406][   T46]  kthread+0x2e8/0x3a0
[   94.729606][   T46]  ret_from_fork+0x1f/0x30
[   94.734066][   T46] 
[   94.736405][   T46] The buggy address belongs to the object at ffff88801da988c0
[   94.736405][   T46]  which belongs to the cache io_kiocb of size 224
[   94.750223][   T46] The buggy address is located 120 bytes inside of
[   94.750223][   T46]  224-byte region [ffff88801da988c0, ffff88801da989a0)
[   94.763943][   T46] 
[   94.766290][   T46] The buggy address belongs to the physical page:
[   94.772898][   T46] page:ffffea000076a600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1da98
[   94.783608][   T46] memcg:ffff88801cfa1401
[   94.787962][   T46] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   94.795637][   T46] raw: 00fff00000000200 ffff88801bf2a280 dead000000000122 0000000000000000
[   94.804353][   T46] raw: 0000000000000000 00000000000c000c 00000001ffffffff ffff88801cfa1401
[   94.813133][   T46] page dumped because: kasan: bad access detected
[   94.819653][   T46] page_owner tracks the page as allocated
[   94.825570][   T46] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5596, tgid 5595 (syz-executor.0), ts 93592785724, free_ts 93586502326
[   94.844545][   T46]  get_page_from_freelist+0x11bb/0x2d50
[   94.850307][   T46]  __alloc_pages+0x1cb/0x5c0
[   94.855026][   T46]  alloc_pages+0x1aa/0x270
[   94.859491][   T46]  allocate_slab+0x25f/0x350
[   94.864418][   T46]  ___slab_alloc+0xa91/0x1400
[   94.869132][   T46]  kmem_cache_alloc_bulk+0x23d/0x730
[   94.874468][   T46]  __io_alloc_req_refill+0xcc/0x40b
[   94.879711][   T46]  io_submit_sqes.cold+0x7c/0xc2
[   94.884781][   T46]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   94.890816][   T46]  do_syscall_64+0x39/0xb0
[   94.898156][   T46]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.904716][   T46] page last free stack trace:
[   94.909590][   T46]  free_pcp_prepare+0x4d0/0x910
[   94.914590][   T46]  free_unref_page+0x1d/0x490
[   94.919932][   T46]  __unfreeze_partials+0x17c/0x1a0
[   94.925355][   T46]  qlist_free_all+0x6a/0x170
[   94.930197][   T46]  kasan_quarantine_reduce+0x192/0x220
[   94.935881][   T46]  __kasan_slab_alloc+0x63/0x90
[   94.940863][   T46]  kmem_cache_alloc_lru+0x20e/0x580
[   94.946367][   T46]  sock_alloc_inode+0x27/0x1d0
[   94.951597][   T46]  alloc_inode+0x61/0x230
[   94.955986][   T46]  new_inode_pseudo+0x17/0x80
[   94.960916][   T46]  sock_alloc+0x40/0x270
[   94.965362][   T46]  __sock_create+0xbd/0x810
[   94.970079][   T46]  io_uring_setup.cold+0x1913/0x1d97
[   94.975583][   T46]  do_syscall_64+0x39/0xb0
[   94.980049][   T46]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.986172][   T46] 
[   94.988539][   T46] Memory state around the buggy address:
[   94.994188][   T46]  ffff88801da98800: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   95.002545][   T46]  ffff88801da98880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   95.010660][   T46] >ffff88801da98900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   95.018744][   T46]                                         ^
[   95.024661][   T46]  ffff88801da98980: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   95.033362][   T46]  ffff88801da98a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   95.042498][   T46] ==================================================================
[   95.068429][   T46] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   95.075868][   T46] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   95.086927][   T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   95.097372][   T46] Workqueue: events_unbound io_ring_exit_work
[   95.103846][   T46] Call Trace:
[   95.108191][   T46]  <TASK>
[   95.111239][   T46]  dump_stack_lvl+0xd1/0x138
[   95.115881][   T46]  panic+0x2cc/0x626
[   95.120053][   T46]  ? panic_print_sys_info.part.0+0x112/0x112
[   95.126221][   T46]  ? preempt_schedule_thunk+0x1a/0x20
[   95.131667][   T46]  ? preempt_schedule_common+0x59/0xc0
[   95.137187][   T46]  check_panic_on_warn.cold+0x19/0x35
[   95.143179][   T46]  end_report.part.0+0x36/0x73
[   95.148081][   T46]  ? io_req_caches_free+0x199/0x1f2
[   95.153413][   T46]  kasan_report.cold+0xa/0xf
[   95.158140][   T46]  ? io_req_caches_free+0x199/0x1f2
[   95.163739][   T46]  io_req_caches_free+0x199/0x1f2
[   95.168815][   T46]  io_ring_exit_work+0x2e7/0xc80
[   95.173882][   T46]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   95.180032][   T46]  ? lock_release+0x810/0x810
[   95.184823][   T46]  ? process_one_work+0x8a1/0x1750
[   95.190259][   T46]  ? rcu_read_lock_sched_held+0x3e/0x70
[   95.196182][   T46]  ? trace_lock_acquire+0x1f1/0x290
[   95.201510][   T46]  process_one_work+0x9bf/0x1750
[   95.206680][   T46]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   95.212347][   T46]  ? rcu_read_lock_sched_held+0x3e/0x70
[   95.218011][   T46]  ? rwlock_bug.part.0+0x90/0x90
[   95.223140][   T46]  ? lock_acquire+0x32/0xc0
[   95.227925][   T46]  ? worker_thread+0x16d/0x1090
[   95.232821][   T46]  worker_thread+0x669/0x1090
[   95.237530][   T46]  ? __kthread_parkme+0x163/0x220
[   95.242937][   T46]  ? process_one_work+0x1750/0x1750
[   95.248242][   T46]  kthread+0x2e8/0x3a0
[   95.252335][   T46]  ? kthread_complete_and_exit+0x40/0x40
[   95.258389][   T46]  ret_from_fork+0x1f/0x30
[   95.263195][   T46]  </TASK>
[   95.266438][   T46] Kernel Offset: disabled
[   95.270866][   T46] Rebooting in 86400 seconds..