[   81.581162][ T1121] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts.
2023/01/19 02:00:30 ignoring optional flag "sandboxArg"="0"
2023/01/19 02:00:30 parsed 1 programs
2023/01/19 02:00:31 executed programs: 0
[   87.607167][ T4395] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.615470][ T4395] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.623948][ T4395] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.632207][ T4395] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.640026][ T4395] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   87.647363][ T4395] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.757151][ T5540] chnl_net:caif_netlink_parms(): no params data found
[   87.799804][ T5540] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.807226][ T5540] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.815522][ T5540] device bridge_slave_0 entered promiscuous mode
[   87.825208][ T5540] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.832880][ T5540] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.841232][ T5540] device bridge_slave_1 entered promiscuous mode
[   87.863726][ T5540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.875150][ T5540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.898711][ T5540] team0: Port device team_slave_0 added
[   87.907432][ T5540] team0: Port device team_slave_1 added
[   87.927061][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.934601][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.961132][ T5540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.973770][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.980886][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.008580][ T5540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.041941][ T5540] device hsr_slave_0 entered promiscuous mode
[   88.048678][ T5540] device hsr_slave_1 entered promiscuous mode
[   88.741036][ T5540] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.752488][ T5540] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.764996][ T5540] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.777316][ T5540] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.870858][ T5540] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.893654][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   88.902756][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   88.914970][ T5540] 8021q: adding VLAN 0 to HW filter on device team0
[   88.926438][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.936919][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   88.946302][ T1121] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.953491][ T1121] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.969269][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   88.977406][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.986974][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   88.996293][ T1121] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.003666][ T1121] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.012424][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   89.034423][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   89.044738][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   89.054606][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   89.071788][ T5540] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   89.084237][ T5540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   89.098361][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   89.107324][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   89.120422][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   89.129765][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   89.138329][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   89.147799][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   89.369558][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   89.377549][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   89.392444][ T5540] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.416652][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   89.426418][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   89.449446][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   89.458205][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   89.469412][ T5540] device veth0_vlan entered promiscuous mode
[   89.482395][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   89.491104][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   89.502525][ T5540] device veth1_vlan entered promiscuous mode
[   89.530132][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   89.538370][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   89.547869][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   89.557544][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   89.569656][ T5540] device veth0_macvtap entered promiscuous mode
[   89.581864][ T5540] device veth1_macvtap entered promiscuous mode
[   89.603562][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.611595][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   89.621318][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   89.630782][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   89.639862][ T5089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   89.652017][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.662818][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   89.672719][ T1121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   89.688721][ T5540] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.699651][ T5540] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.708397][ T5540] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.718618][ T5540] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.749871][ T5080] Bluetooth: hci0: command 0x0409 tx timeout
[   89.796094][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.804974][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.822492][ T1822] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   89.853984][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.862451][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.872866][ T1822] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   90.774194][    T9] ==================================================================
[   90.782319][    T9] BUG: KASAN: use-after-free in io_req_caches_free+0x199/0x1f2
[   90.789905][    T9] Read of size 8 at addr ffff88802990f938 by task kworker/u4:0/9
[   90.797656][    T9] 
[   90.800007][    T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   90.810010][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   90.820093][    T9] Workqueue: events_unbound io_ring_exit_work
[   90.826537][    T9] Call Trace:
[   90.829854][    T9]  <TASK>
[   90.832792][    T9]  dump_stack_lvl+0xd1/0x138
[   90.837402][    T9]  print_report+0x15e/0x45d
[   90.842007][    T9]  ? __phys_addr+0xc8/0x140
[   90.846531][    T9]  ? io_req_caches_free+0x199/0x1f2
[   90.851755][    T9]  kasan_report+0xc0/0xf0
[   90.856098][    T9]  ? io_req_caches_free+0x199/0x1f2
[   90.861491][    T9]  io_req_caches_free+0x199/0x1f2
[   90.866537][    T9]  io_ring_exit_work+0x2e7/0xc80
[   90.871493][    T9]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   90.877675][    T9]  ? lock_release+0x810/0x810
[   90.882411][    T9]  ? process_one_work+0x8a1/0x1750
[   90.887542][    T9]  ? rcu_read_lock_sched_held+0x3e/0x70
[   90.893386][    T9]  ? trace_lock_acquire+0x1f1/0x290
[   90.898604][    T9]  process_one_work+0x9bf/0x1750
[   90.903563][    T9]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   90.908951][    T9]  ? rcu_read_lock_sched_held+0x3e/0x70
[   90.914776][    T9]  ? rwlock_bug.part.0+0x90/0x90
[   90.919818][    T9]  ? lock_acquire+0x32/0xc0
[   90.924332][    T9]  ? worker_thread+0x16d/0x1090
[   90.929217][    T9]  worker_thread+0x669/0x1090
[   90.933941][    T9]  ? process_one_work+0x1750/0x1750
[   90.939170][    T9]  kthread+0x2e8/0x3a0
[   90.943254][    T9]  ? kthread_complete_and_exit+0x40/0x40
[   90.948901][    T9]  ret_from_fork+0x1f/0x30
[   90.953342][    T9]  </TASK>
[   90.956359][    T9] 
[   90.958680][    T9] Allocated by task 5595:
[   90.963031][    T9]  kasan_save_stack+0x22/0x40
[   90.967722][    T9]  kasan_set_track+0x25/0x30
[   90.972323][    T9]  __kasan_slab_alloc+0x7f/0x90
[   90.977370][    T9]  kmem_cache_alloc_bulk+0x3aa/0x730
[   90.982684][    T9]  __io_alloc_req_refill+0xcc/0x40b
[   90.987917][    T9]  io_submit_sqes.cold+0x7c/0xc2
[   90.992970][    T9]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   90.998541][    T9]  do_syscall_64+0x39/0xb0
[   91.002984][    T9]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.009004][    T9] 
[   91.011338][    T9] Freed by task 9:
[   91.015097][    T9]  kasan_save_stack+0x22/0x40
[   91.020239][    T9]  kasan_set_track+0x25/0x30
[   91.024952][    T9]  kasan_save_free_info+0x2e/0x40
[   91.029990][    T9]  ____kasan_slab_free+0x160/0x1c0
[   91.035254][    T9]  slab_free_freelist_hook+0x8b/0x1c0
[   91.040642][    T9]  kmem_cache_free+0xec/0x4e0
[   91.045325][    T9]  io_req_caches_free+0x1b5/0x1f2
[   91.050450][    T9]  io_ring_exit_work+0x2e7/0xc80
[   91.055414][    T9]  process_one_work+0x9bf/0x1750
[   91.060458][    T9]  worker_thread+0x669/0x1090
[   91.066449][    T9]  kthread+0x2e8/0x3a0
[   91.070612][    T9]  ret_from_fork+0x1f/0x30
[   91.075069][    T9] 
[   91.077399][    T9] The buggy address belongs to the object at ffff88802990f8c0
[   91.077399][    T9]  which belongs to the cache io_kiocb of size 224
[   91.091293][    T9] The buggy address is located 120 bytes inside of
[   91.091293][    T9]  224-byte region [ffff88802990f8c0, ffff88802990f9a0)
[   91.104592][    T9] 
[   91.106922][    T9] The buggy address belongs to the physical page:
[   91.113333][    T9] page:ffffea0000a643c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2990f
[   91.123751][    T9] memcg:ffff888021c15d01
[   91.128023][    T9] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   91.136886][    T9] raw: 00fff00000000200 ffff88801c3adc80 dead000000000122 0000000000000000
[   91.145875][    T9] raw: 0000000000000000 00000000800c000c 00000001ffffffff ffff888021c15d01
[   91.154620][    T9] page dumped because: kasan: bad access detected
[   91.161668][    T9] page_owner tracks the page as allocated
[   91.167481][    T9] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5595, tgid 5594 (syz-executor.0), ts 89945650593, free_ts 79190938979
[   91.186449][    T9]  get_page_from_freelist+0x11bb/0x2d50
[   91.192659][    T9]  __alloc_pages+0x1cb/0x5c0
[   91.197571][    T9]  alloc_pages+0x1aa/0x270
[   91.202795][    T9]  allocate_slab+0x25f/0x350
[   91.208021][    T9]  ___slab_alloc+0xa91/0x1400
[   91.212741][    T9]  kmem_cache_alloc_bulk+0x23d/0x730
[   91.218162][    T9]  __io_alloc_req_refill+0xcc/0x40b
[   91.223400][    T9]  io_submit_sqes.cold+0x7c/0xc2
[   91.228455][    T9]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   91.234803][    T9]  do_syscall_64+0x39/0xb0
[   91.239359][    T9]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.245531][    T9] page last free stack trace:
[   91.250409][    T9]  free_pcp_prepare+0x4d0/0x910
[   91.255278][    T9]  free_unref_page+0x1d/0x490
[   91.259969][    T9]  __folio_put+0xc5/0x140
[   91.264490][    T9]  anon_pipe_buf_release+0x3fb/0x4c0
[   91.269815][    T9]  pipe_read+0x614/0x1110
[   91.274243][    T9]  vfs_read+0x7fa/0x930
[   91.278452][    T9]  ksys_read+0x1ec/0x250
[   91.283365][    T9]  do_syscall_64+0x39/0xb0
[   91.287794][    T9]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.293819][    T9] 
[   91.296146][    T9] Memory state around the buggy address:
[   91.301863][    T9]  ffff88802990f800: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   91.310215][    T9]  ffff88802990f880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   91.318453][    T9] >ffff88802990f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   91.326529][    T9]                                         ^
[   91.332472][    T9]  ffff88802990f980: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   91.340534][    T9]  ffff88802990fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.348598][    T9] ==================================================================
[   91.409864][    T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   91.417221][    T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   91.428209][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   91.438734][    T9] Workqueue: events_unbound io_ring_exit_work
[   91.444866][    T9] Call Trace:
[   91.448290][    T9]  <TASK>
[   91.451244][    T9]  dump_stack_lvl+0xd1/0x138
[   91.455965][    T9]  panic+0x2cc/0x626
[   91.459915][    T9]  ? panic_print_sys_info.part.0+0x112/0x112
[   91.466036][    T9]  ? preempt_schedule_thunk+0x1a/0x20
[   91.472155][    T9]  ? preempt_schedule_common+0x59/0xc0
[   91.477845][    T9]  check_panic_on_warn.cold+0x19/0x35
[   91.483269][    T9]  end_report.part.0+0x36/0x73
[   91.488066][    T9]  ? io_req_caches_free+0x199/0x1f2
[   91.493410][    T9]  kasan_report.cold+0xa/0xf
[   91.498050][    T9]  ? io_req_caches_free+0x199/0x1f2
[   91.503329][    T9]  io_req_caches_free+0x199/0x1f2
[   91.508574][    T9]  io_ring_exit_work+0x2e7/0xc80
[   91.513561][    T9]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   91.519677][    T9]  ? lock_release+0x810/0x810
[   91.524420][    T9]  ? process_one_work+0x8a1/0x1750
[   91.529716][    T9]  ? rcu_read_lock_sched_held+0x3e/0x70
[   91.535280][    T9]  ? trace_lock_acquire+0x1f1/0x290
[   91.540994][    T9]  process_one_work+0x9bf/0x1750
[   91.546054][    T9]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   91.552238][    T9]  ? rcu_read_lock_sched_held+0x3e/0x70
[   91.558221][    T9]  ? rwlock_bug.part.0+0x90/0x90
[   91.563199][    T9]  ? lock_acquire+0x32/0xc0
[   91.567710][    T9]  ? worker_thread+0x16d/0x1090
[   91.572651][    T9]  worker_thread+0x669/0x1090
[   91.577552][    T9]  ? process_one_work+0x1750/0x1750
[   91.582754][    T9]  kthread+0x2e8/0x3a0
[   91.586858][    T9]  ? kthread_complete_and_exit+0x40/0x40
[   91.592497][    T9]  ret_from_fork+0x1f/0x30
[   91.597181][    T9]  </TASK>
[   91.600481][    T9] Kernel Offset: disabled
[   91.605170][    T9] Rebooting in 86400 seconds..