forked to background, child pid 4654
no interfaces have a carrier
[   53.832155][ T4655] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.862696][ T4655] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts.
syzkaller login: [   82.513450][ T5078] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.522031][ T5078] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.529621][ T5078] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.537465][ T5078] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.545703][ T5078] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   82.553356][ T5078] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[   82.634566][ T5075] FAULT_INJECTION: forcing a failure.
[   82.634566][ T5075] name failslab, interval 1, probability 0, space 0, times 1
[   82.647345][ T5075] CPU: 0 PID: 5075 Comm: syz-executor290 Not tainted 6.2.0-syzkaller-05261-gfd2a55e74a99 #0
[   82.657457][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[   82.667609][ T5075] Call Trace:
[   82.670898][ T5075]  <TASK>
[   82.673858][ T5075]  dump_stack_lvl+0x136/0x150
[   82.678568][ T5075]  should_fail_ex+0x4a3/0x5b0
[   82.683274][ T5075]  should_failslab+0x9/0x20
[   82.687805][ T5075]  __kmem_cache_alloc_node+0x5b/0x330
[   82.693203][ T5075]  ? tcf_exts_init_ex+0x246/0x5a0
[   82.698292][ T5075]  kmalloc_trace+0x26/0x60
[   82.702741][ T5075]  tcf_exts_init_ex+0x246/0x5a0
[   82.707644][ T5075]  fl_change+0x56f/0x4ab0
[   82.712047][ T5075]  ? fl_destroy+0x320/0x320
[   82.716604][ T5075]  ? __radix_tree_lookup+0x215/0x2a0
[   82.721927][ T5075]  ? fl_get+0x229/0x3c0
[   82.726119][ T5075]  ? fl_put+0x20/0x20
[   82.730147][ T5075]  tc_new_tfilter+0x97c/0x2290
[   82.734982][ T5075]  ? tc_del_tfilter+0x15d0/0x15d0
[   82.740043][ T5075]  ? mark_lock.part.0+0xee/0x1970
[   82.745095][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   82.751110][ T5075]  ? mark_lock.part.0+0xee/0x1970
[   82.756180][ T5075]  ? print_usage_bug.part.0+0x660/0x660
[   82.761779][ T5075]  ? rtnetlink_rcv_msg+0x956/0xd50
[   82.766929][ T5075]  ? lock_downgrade+0x690/0x690
[   82.771823][ T5075]  ? tc_del_tfilter+0x15d0/0x15d0
[   82.776881][ T5075]  rtnetlink_rcv_msg+0x996/0xd50
[   82.781866][ T5075]  ? rtnl_stats_set+0x4d0/0x4d0
[   82.786755][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   82.792784][ T5075]  ? __sys_sendmsg+0xf7/0x1c0
[   82.797502][ T5075]  ? do_syscall_64+0x39/0xb0
[   82.802151][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   82.808202][ T5075]  netlink_rcv_skb+0x165/0x440
[   82.813027][ T5075]  ? rtnl_stats_set+0x4d0/0x4d0
[   82.817932][ T5075]  ? netlink_ack+0x1360/0x1360
[   82.822789][ T5075]  ? netlink_deliver_tap+0x1b1/0xcf0
[   82.828126][ T5075]  netlink_unicast+0x547/0x7f0
[   82.832939][ T5075]  ? netlink_attachskb+0x890/0x890
[   82.838088][ T5075]  ? __virt_addr_valid+0x61/0x2e0
[   82.843159][ T5075]  ? __phys_addr_symbol+0x30/0x70
[   82.848234][ T5075]  ? __check_object_size+0x333/0x6e0
[   82.853552][ T5075]  netlink_sendmsg+0x925/0xe30
[   82.858368][ T5075]  ? netlink_unicast+0x7f0/0x7f0
[   82.863386][ T5075]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   82.868753][ T5075]  ? netlink_unicast+0x7f0/0x7f0
[   82.873728][ T5075]  sock_sendmsg+0xde/0x190
[   82.878183][ T5075]  ____sys_sendmsg+0x71c/0x900
[   82.883006][ T5075]  ? copy_msghdr_from_user+0xfc/0x150
[   82.888421][ T5075]  ? kernel_sendmsg+0x50/0x50
[   82.893145][ T5075]  ? find_held_lock+0x2d/0x110
[   82.897962][ T5075]  ___sys_sendmsg+0x110/0x1b0
[   82.902694][ T5075]  ? do_recvmmsg+0x6e0/0x6e0
[   82.907323][ T5075]  ? find_held_lock+0x2d/0x110
[   82.912132][ T5075]  ? ksys_write+0x12b/0x250
[   82.916678][ T5075]  ? lock_downgrade+0x690/0x690
[   82.921570][ T5075]  ? proc_fail_nth_write+0x99/0x220
[   82.926813][ T5075]  ? proc_task_getattr+0x1f0/0x1f0
[   82.931981][ T5075]  ? vfs_write+0x49e/0xe10
[   82.936455][ T5075]  ? __fget_light+0x20a/0x270
[   82.941189][ T5075]  __sys_sendmsg+0xf7/0x1c0
[   82.945742][ T5075]  ? __sys_sendmsg_sock+0x40/0x40
[   82.950816][ T5075]  ? up_write+0x520/0x520
[   82.955203][ T5075]  ? __fget_light+0x20a/0x270
[   82.959948][ T5075]  ? syscall_enter_from_user_mode+0x26/0xb0
[   82.965882][ T5075]  ? lockdep_hardirqs_on+0x7d/0x100
[   82.971121][ T5075]  do_syscall_64+0x39/0xb0
[   82.975584][ T5075]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   82.981508][ T5075] RIP: 0033:0x7fcc7b3bf779
[   82.985947][ T5075] Code: 28 c3 e8 9a 18 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   83.005592][ T5075] RSP: 002b:00007ffe7e54a2f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.014039][ T5075] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc7b3bf779
[   83.022034][ T5075] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[   83.030026][ T5075] RBP: 00007ffe7e54a300 R08: 0000000000000002 R09: 0000000000003931
[   83.038023][ T5075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   83.046037][ T5075] R13: 00007ffe7e54a390 R14: 00007ffe7e54a360 R15: 00007ffe7e54a358
[   83.054071][ T5075]  </TASK>
[   83.108520][    T9] ==================================================================
[   83.116635][    T9] BUG: KASAN: use-after-free in tcf_action_destroy+0x17f/0x1b0
[   83.124205][    T9] Read of size 8 at addr ffff888144edda00 by task kworker/u4:0/9
[   83.131925][    T9] 
[   83.134261][    T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.2.0-syzkaller-05261-gfd2a55e74a99 #0
[   83.143809][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[   83.153873][    T9] Workqueue: tc_filter_workqueue fl_destroy_filter_work
[   83.160837][    T9] Call Trace:
[   83.164115][    T9]  <TASK>
[   83.167051][    T9]  dump_stack_lvl+0xd9/0x150
[   83.171658][    T9]  print_address_description.constprop.0+0x28/0x360
[   83.178263][    T9]  ? tcf_action_destroy+0x17f/0x1b0
[   83.183488][    T9]  kasan_report+0x11c/0x130
[   83.188008][    T9]  ? tcf_action_destroy+0x17f/0x1b0
[   83.193236][    T9]  tcf_action_destroy+0x17f/0x1b0
[   83.198274][    T9]  tcf_exts_destroy+0xc5/0x160
[   83.203057][    T9]  __fl_destroy_filter+0x1a/0x100
[   83.208100][    T9]  process_one_work+0x9bf/0x1820
[   83.213052][    T9]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   83.218441][    T9]  ? spin_bug+0x1c0/0x1c0
[   83.222797][    T9]  worker_thread+0x669/0x1090
[   83.227488][    T9]  ? process_one_work+0x1820/0x1820
[   83.232704][    T9]  kthread+0x2e8/0x3a0
[   83.236780][    T9]  ? kthread_complete_and_exit+0x40/0x40
[   83.242422][    T9]  ret_from_fork+0x1f/0x30
[   83.246861][    T9]  </TASK>
[   83.249880][    T9] 
[   83.252202][    T9] Allocated by task 5075:
[   83.256522][    T9]  kasan_save_stack+0x22/0x40
[   83.261223][    T9]  kasan_set_track+0x25/0x30
[   83.265830][    T9]  __kasan_kmalloc+0xa5/0xb0
[   83.270460][    T9]  tcf_exts_init_ex+0xe4/0x5a0
[   83.275242][    T9]  fl_change+0x56f/0x4ab0
[   83.279600][    T9]  tc_new_tfilter+0x97c/0x2290
[   83.284372][    T9]  rtnetlink_rcv_msg+0x996/0xd50
[   83.289589][    T9]  netlink_rcv_skb+0x165/0x440
[   83.294362][    T9]  netlink_unicast+0x547/0x7f0
[   83.299143][    T9]  netlink_sendmsg+0x925/0xe30
[   83.303920][    T9]  sock_sendmsg+0xde/0x190
[   83.308368][    T9]  ____sys_sendmsg+0x71c/0x900
[   83.313143][    T9]  ___sys_sendmsg+0x110/0x1b0
[   83.317849][    T9]  __sys_sendmsg+0xf7/0x1c0
[   83.322402][    T9]  do_syscall_64+0x39/0xb0
[   83.326837][    T9]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   83.332740][    T9] 
[   83.335059][    T9] Freed by task 5075:
[   83.339037][    T9]  kasan_save_stack+0x22/0x40
[   83.343736][    T9]  kasan_set_track+0x25/0x30
[   83.348345][    T9]  kasan_save_free_info+0x2e/0x40
[   83.353377][    T9]  ____kasan_slab_free+0x160/0x1c0
[   83.358508][    T9]  slab_free_freelist_hook+0x8b/0x1c0
[   83.363896][    T9]  __kmem_cache_free+0xaf/0x2d0
[   83.368764][    T9]  tcf_exts_destroy+0xe5/0x160
[   83.373553][    T9]  tcf_exts_init_ex+0x484/0x5a0
[   83.378452][    T9]  fl_change+0x56f/0x4ab0
[   83.382812][    T9]  tc_new_tfilter+0x97c/0x2290
[   83.387580][    T9]  rtnetlink_rcv_msg+0x996/0xd50
[   83.392535][    T9]  netlink_rcv_skb+0x165/0x440
[   83.397310][    T9]  netlink_unicast+0x547/0x7f0
[   83.402087][    T9]  netlink_sendmsg+0x925/0xe30
[   83.406878][    T9]  sock_sendmsg+0xde/0x190
[   83.411309][    T9]  ____sys_sendmsg+0x71c/0x900
[   83.416085][    T9]  ___sys_sendmsg+0x110/0x1b0
[   83.420785][    T9]  __sys_sendmsg+0xf7/0x1c0
[   83.425304][    T9]  do_syscall_64+0x39/0xb0
[   83.429735][    T9]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   83.435638][    T9] 
[   83.437963][    T9] The buggy address belongs to the object at ffff888144edda00
[   83.437963][    T9]  which belongs to the cache kmalloc-256 of size 256
[   83.452043][    T9] The buggy address is located 0 bytes inside of
[   83.452043][    T9]  256-byte region [ffff888144edda00, ffff888144eddb00)
[   83.465147][    T9] 
[   83.467466][    T9] The buggy address belongs to the physical page:
[   83.473873][    T9] page:ffffea000513b700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x144edc
[   83.484113][    T9] head:ffffea000513b700 order:1 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[   83.494174][    T9] anon flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[   83.502690][    T9] raw: 057ff00000010200 ffff888012441b40 0000000000000000 dead000000000001
[   83.511277][    T9] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   83.519855][    T9] page dumped because: kasan: bad access detected
[   83.526257][    T9] page_owner tracks the page as allocated
[   83.531970][    T9] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 12066229885, free_ts 0
[   83.551689][    T9]  get_page_from_freelist+0x119c/0x2d00
[   83.557347][    T9]  __alloc_pages+0x1cb/0x5c0
[   83.561948][    T9]  alloc_page_interleave+0x1e/0x200
[   83.567168][    T9]  alloc_pages+0x233/0x270
[   83.571692][    T9]  allocate_slab+0x25f/0x390
[   83.576294][    T9]  ___slab_alloc+0xa91/0x1400
[   83.580983][    T9]  __slab_alloc.constprop.0+0x56/0xa0
[   83.586380][    T9]  __kmem_cache_alloc_node+0x136/0x330
[   83.591872][    T9]  kmalloc_trace+0x26/0x60
[   83.596302][    T9]  blk_iolatency_init+0x46/0x230
[   83.601254][    T9]  blkcg_init_disk+0x1ee/0x6c0
[   83.606031][    T9]  __alloc_disk_node+0x2a1/0x650
[   83.610989][    T9]  __blk_alloc_disk+0x37/0x90
[   83.615693][    T9]  brd_alloc.part.0+0x281/0x7a0
[   83.620558][    T9]  brd_init+0x1b5/0x2a0
[   83.624715][    T9]  do_one_initcall+0x141/0x7d0
[   83.629503][    T9] page_owner free stack trace missing
[   83.634864][    T9] 
[   83.637184][    T9] Memory state around the buggy address:
[   83.642811][    T9]  ffff888144edd900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.650875][    T9]  ffff888144edd980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.658938][    T9] >ffff888144edda00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   83.666995][    T9]                    ^
[   83.671059][    T9]  ffff888144edda80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   83.679120][    T9]  ffff888144eddb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.687189][    T9] ==================================================================
[   83.695497][    T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   83.702729][    T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.2.0-syzkaller-05261-gfd2a55e74a99 #0
[   83.712294][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[   83.722410][    T9] Workqueue: tc_filter_workqueue fl_destroy_filter_work
[   83.729390][    T9] Call Trace:
[   83.732689][    T9]  <TASK>
[   83.735635][    T9]  dump_stack_lvl+0xd9/0x150
[   83.740257][    T9]  panic+0x61b/0x6c0
[   83.744196][    T9]  ? panic_smp_self_stop+0x90/0x90
[   83.749338][    T9]  ? preempt_schedule_thunk+0x1a/0x20
[   83.754744][    T9]  ? preempt_schedule_common+0x45/0xb0
[   83.760245][    T9]  check_panic_on_warn+0xb1/0xc0
[   83.765314][    T9]  end_report+0xf6/0x180
[   83.769582][    T9]  ? tcf_action_destroy+0x17f/0x1b0
[   83.774818][    T9]  kasan_report+0xf9/0x130
[   83.779263][    T9]  ? tcf_action_destroy+0x17f/0x1b0
[   83.784500][    T9]  tcf_action_destroy+0x17f/0x1b0
[   83.789572][    T9]  tcf_exts_destroy+0xc5/0x160
[   83.794377][    T9]  __fl_destroy_filter+0x1a/0x100
[   83.799454][    T9]  process_one_work+0x9bf/0x1820
[   83.804442][    T9]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   83.809855][    T9]  ? spin_bug+0x1c0/0x1c0
[   83.814218][    T9]  worker_thread+0x669/0x1090
[   83.818954][    T9]  ? process_one_work+0x1820/0x1820
[   83.824193][    T9]  kthread+0x2e8/0x3a0
[   83.828292][    T9]  ? kthread_complete_and_exit+0x40/0x40
[   83.833948][    T9]  ret_from_fork+0x1f/0x30
[   83.838422][    T9]  </TASK>
[   83.841726][    T9] Kernel Offset: disabled
[   83.846065][    T9] Rebooting in 86400 seconds..