[   62.653685][    T9] device veth1_macvtap left promiscuous mode
[   62.660150][    T9] device veth0_macvtap left promiscuous mode
[   62.668201][    T9] device veth1_vlan left promiscuous mode
[   62.674474][    T9] device veth0_vlan left promiscuous mode
[   62.942081][    T9] team0 (unregistering): Port device team_slave_1 removed
[   62.957753][    T9] team0 (unregistering): Port device team_slave_0 removed
[   62.977192][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   62.994179][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   63.079120][    T9] bond0 (unregistering): Released all slaves
[   76.415528][    T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts.
2023/01/19 03:16:45 ignoring optional flag "sandboxArg"="0"
2023/01/19 03:16:45 parsed 1 programs
2023/01/19 03:16:45 executed programs: 0
[   85.948593][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   85.957295][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   85.966977][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   85.975763][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.984465][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   85.991761][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.102574][ T5544] chnl_net:caif_netlink_parms(): no params data found
[   86.143173][ T5544] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.150378][ T5544] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.158446][ T5544] device bridge_slave_0 entered promiscuous mode
[   86.167486][ T5544] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.174755][ T5544] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.182564][ T5544] device bridge_slave_1 entered promiscuous mode
[   86.205210][ T5544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.216426][ T5544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.241093][ T5544] team0: Port device team_slave_0 added
[   86.248689][ T5544] team0: Port device team_slave_1 added
[   86.268744][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.275817][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.302157][ T5544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.315464][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.322475][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.348480][ T5544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.379451][ T5544] device hsr_slave_0 entered promiscuous mode
[   86.386706][ T5544] device hsr_slave_1 entered promiscuous mode
[   87.150376][ T5544] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.162164][ T5544] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.174011][ T5544] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.186130][ T5544] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.273396][ T5544] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.290340][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.299328][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.312075][ T5544] 8021q: adding VLAN 0 to HW filter on device team0
[   87.325319][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.334971][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.344328][ T5078] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.351463][ T5078] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.375657][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   87.384657][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.394924][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.403902][  T898] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.410973][  T898] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.418765][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.427701][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   87.450204][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   87.460017][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   87.475819][ T5544] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   87.488501][ T5544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   87.504195][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   87.512365][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   87.522605][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   87.531898][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   87.541039][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   87.555231][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   87.786848][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   87.795068][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   87.808036][ T5544] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.837192][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   87.846771][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   87.871665][ T5544] device veth0_vlan entered promiscuous mode
[   87.880379][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   87.890395][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   87.904912][ T5544] device veth1_vlan entered promiscuous mode
[   87.913689][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   87.921679][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   87.930305][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   87.958046][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   87.967770][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   87.978432][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   87.990930][ T5544] device veth0_macvtap entered promiscuous mode
[   88.005950][ T5544] device veth1_macvtap entered promiscuous mode
[   88.014061][   T48] Bluetooth: hci0: command 0x0409 tx timeout
[   88.029501][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.039132][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   88.048257][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   88.058226][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   88.067805][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   88.081765][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.091032][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   88.101942][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   88.114098][ T5544] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.122864][ T5544] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.135166][ T5544] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.144613][ T5544] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.240073][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.253672][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.270665][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.271789][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   88.286454][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.299078][ T2199] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   89.210069][   T41] ==================================================================
[   89.218197][   T41] BUG: KASAN: use-after-free in io_req_caches_free+0x1a2/0x254
[   89.225876][   T41] Read of size 8 at addr ffff88801c8dc938 by task kworker/u4:2/41
[   89.233713][   T41] 
[   89.236058][   T41] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   89.246089][   T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   89.256189][   T41] Workqueue: events_unbound io_ring_exit_work
[   89.262304][   T41] Call Trace:
[   89.265603][   T41]  <TASK>
[   89.268593][   T41]  dump_stack_lvl+0xd1/0x138
[   89.273240][   T41]  print_report+0x15e/0x45d
[   89.273278][   T41]  ? __phys_addr+0xc8/0x140
[   89.273316][   T41]  ? io_req_caches_free+0x1a2/0x254
[   89.273350][   T41]  kasan_report+0xc0/0xf0
[   89.273385][   T41]  ? io_req_caches_free+0x1a2/0x254
[   89.273418][   T41]  io_req_caches_free+0x1a2/0x254
[   89.273457][   T41]  io_ring_exit_work+0x2e7/0xc80
[   89.273489][   T41]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   89.273525][   T41]  ? lock_release+0x810/0x810
[   89.273552][   T41]  ? process_one_work+0x8a1/0x1750
[   89.273585][   T41]  ? rcu_read_lock_sched_held+0x3e/0x70
[   89.273613][   T41]  ? trace_lock_acquire+0x1f1/0x290
[   89.273646][   T41]  process_one_work+0x9bf/0x1750
[   89.273684][   T41]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   89.273717][   T41]  ? rcu_read_lock_sched_held+0x3e/0x70
[   89.273744][   T41]  ? rwlock_bug.part.0+0x90/0x90
[   89.273772][   T41]  ? lock_acquire+0x32/0xc0
[   89.273799][   T41]  ? worker_thread+0x16d/0x1090
[   89.273833][   T41]  worker_thread+0x669/0x1090
[   89.273866][   T41]  ? __kthread_parkme+0x163/0x220
[   89.273891][   T41]  ? process_one_work+0x1750/0x1750
[   89.273921][   T41]  kthread+0x2e8/0x3a0
[   89.273947][   T41]  ? kthread_complete_and_exit+0x40/0x40
[   89.273977][   T41]  ret_from_fork+0x1f/0x30
[   89.274016][   T41]  </TASK>
[   89.274025][   T41] 
[   89.274029][   T41] Allocated by task 5602:
[   89.274039][   T41]  kasan_save_stack+0x22/0x40
[   89.274066][   T41]  kasan_set_track+0x25/0x30
[   89.274092][   T41]  __kasan_slab_alloc+0x7f/0x90
[   89.274118][   T41]  kmem_cache_alloc_bulk+0x3aa/0x730
[   89.274143][   T41]  __io_alloc_req_refill+0xcc/0x434
[   89.274171][   T41]  io_submit_sqes.cold+0xd/0xc2
[   89.274200][   T41]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   89.274234][   T41]  do_syscall_64+0x39/0xb0
[   89.274259][   T41]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.274292][   T41] 
[   89.274296][   T41] Freed by task 41:
[   89.274305][   T41]  kasan_save_stack+0x22/0x40
[   89.274328][   T41]  kasan_set_track+0x25/0x30
[   89.274350][   T41]  kasan_save_free_info+0x2e/0x40
[   89.274379][   T41]  ____kasan_slab_free+0x160/0x1c0
[   89.274403][   T41]  slab_free_freelist_hook+0x8b/0x1c0
[   89.274424][   T41]  kmem_cache_free+0xec/0x4e0
[   89.274454][   T41]  io_req_caches_free+0x20f/0x254
[   89.274482][   T41]  io_ring_exit_work+0x2e7/0xc80
[   89.495067][   T41]  process_one_work+0x9bf/0x1750
[   89.500059][   T41]  worker_thread+0x669/0x1090
[   89.504785][   T41]  kthread+0x2e8/0x3a0
[   89.508891][   T41]  ret_from_fork+0x1f/0x30
[   89.513351][   T41] 
[   89.515689][   T41] The buggy address belongs to the object at ffff88801c8dc8c0
[   89.515689][   T41]  which belongs to the cache io_kiocb of size 232
[   89.529767][   T41] The buggy address is located 120 bytes inside of
[   89.529767][   T41]  232-byte region [ffff88801c8dc8c0, ffff88801c8dc9a8)
[   89.543078][   T41] 
[   89.545424][   T41] The buggy address belongs to the physical page:
[   89.551856][   T41] page:ffffea0000723700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c8dc
[   89.562038][   T41] memcg:ffff888021840981
[   89.566306][   T41] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   89.573893][   T41] raw: 00fff00000000200 ffff88801bf2ba00 dead000000000122 0000000000000000
[   89.582515][   T41] raw: 0000000000000000 00000000000c000c 00000001ffffffff ffff888021840981
[   89.591127][   T41] page dumped because: kasan: bad access detected
[   89.597564][   T41] page_owner tracks the page as allocated
[   89.603299][   T41] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5602, tgid 5601 (syz-executor.0), ts 88366341970, free_ts 87676511455
[   89.621745][   T41]  get_page_from_freelist+0x11bb/0x2d50
[   89.627336][   T41]  __alloc_pages+0x1cb/0x5c0
[   89.631974][   T41]  alloc_pages+0x1aa/0x270
[   89.636523][   T41]  allocate_slab+0x25f/0x350
[   89.641166][   T41]  ___slab_alloc+0xa91/0x1400
[   89.645878][   T41]  kmem_cache_alloc_bulk+0x23d/0x730
[   89.651212][   T41]  __io_alloc_req_refill+0xcc/0x434
[   89.656451][   T41]  io_submit_sqes.cold+0xd/0xc2
[   89.661343][   T41]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   89.666940][   T41]  do_syscall_64+0x39/0xb0
[   89.671503][   T41]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.677449][   T41] page last free stack trace:
[   89.682141][   T41]  free_pcp_prepare+0x4d0/0x910
[   89.687038][   T41]  free_unref_page_list+0x176/0xcd0
[   89.692279][   T41]  release_pages+0xcb1/0x1330
[   89.697003][   T41]  tlb_batch_pages_flush+0xa8/0x1a0
[   89.702246][   T41]  tlb_finish_mmu+0x14b/0x7e0
[   89.706965][   T41]  exit_mmap+0x202/0x7c0
[   89.711243][   T41]  __mmput+0x128/0x4c0
[   89.715347][   T41]  mmput+0x60/0x70
[   89.719106][   T41]  begin_new_exec+0x1027/0x2f80
[   89.723991][   T41]  load_elf_binary+0x801/0x4ff0
[   89.728876][   T41]  bprm_execve+0x7fd/0x1ae0
[   89.733425][   T41]  do_execveat_common+0x72c/0x880
[   89.738487][   T41]  __x64_sys_execve+0x93/0xc0
[   89.743205][   T41]  do_syscall_64+0x39/0xb0
[   89.747751][   T41]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.753694][   T41] 
[   89.756039][   T41] Memory state around the buggy address:
[   89.761692][   T41]  ffff88801c8dc800: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   89.769786][   T41]  ffff88801c8dc880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   89.777878][   T41] >ffff88801c8dc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   89.785962][   T41]                                         ^
[   89.791878][   T41]  ffff88801c8dc980: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   89.799991][   T41]  ffff88801c8dca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.808077][   T41] ==================================================================
[   89.842952][   T41] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.850201][   T41] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   89.860214][   T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   89.870306][   T41] Workqueue: events_unbound io_ring_exit_work
[   89.876452][   T41] Call Trace:
[   89.879763][   T41]  <TASK>
[   89.882723][   T41]  dump_stack_lvl+0xd1/0x138
[   89.887355][   T41]  panic+0x2cc/0x626
[   89.891307][   T41]  ? panic_print_sys_info.part.0+0x112/0x112
[   89.897438][   T41]  ? preempt_schedule_thunk+0x1a/0x20
[   89.902864][   T41]  ? preempt_schedule_common+0x59/0xc0
[   89.908385][   T41]  check_panic_on_warn.cold+0x19/0x35
[   89.913818][   T41]  end_report.part.0+0x36/0x73
[   89.918622][   T41]  ? io_req_caches_free+0x1a2/0x254
[   89.923862][   T41]  kasan_report.cold+0xa/0xf
[   89.928495][   T41]  ? io_req_caches_free+0x1a2/0x254
[   89.933741][   T41]  io_req_caches_free+0x1a2/0x254
[   89.938819][   T41]  io_ring_exit_work+0x2e7/0xc80
[   89.943784][   T41]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   89.949866][   T41]  ? lock_release+0x810/0x810
[   89.954569][   T41]  ? process_one_work+0x8a1/0x1750
[   89.959696][   T41]  ? rcu_read_lock_sched_held+0x3e/0x70
[   89.965253][   T41]  ? trace_lock_acquire+0x1f1/0x290
[   89.970466][   T41]  process_one_work+0x9bf/0x1750
[   89.975488][   T41]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   89.980901][   T41]  ? rcu_read_lock_sched_held+0x3e/0x70
[   89.986468][   T41]  ? rwlock_bug.part.0+0x90/0x90
[   89.991420][   T41]  ? lock_acquire+0x32/0xc0
[   89.995931][   T41]  ? worker_thread+0x16d/0x1090
[   90.000912][   T41]  worker_thread+0x669/0x1090
[   90.005622][   T41]  ? __kthread_parkme+0x163/0x220
[   90.010661][   T41]  ? process_one_work+0x1750/0x1750
[   90.015899][   T41]  kthread+0x2e8/0x3a0
[   90.020008][   T41]  ? kthread_complete_and_exit+0x40/0x40
[   90.025843][   T41]  ret_from_fork+0x1f/0x30
[   90.030313][   T41]  </TASK>
[   90.033509][   T41] Kernel Offset: disabled
[   90.037833][   T41] Rebooting in 86400 seconds..