[   67.748685][   T46] device veth1_macvtap left promiscuous mode
[   67.755313][   T46] device veth0_macvtap left promiscuous mode
[   67.763465][   T46] device veth1_vlan left promiscuous mode
[   67.770103][   T46] device veth0_vlan left promiscuous mode
[   68.018175][   T46] team0 (unregistering): Port device team_slave_1 removed
[   68.033918][   T46] team0 (unregistering): Port device team_slave_0 removed
[   68.050673][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   68.074967][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   68.155949][   T46] bond0 (unregistering): Released all slaves
[   81.777578][  T898] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts.
2023/01/18 15:26:09 ignoring optional flag "sandboxArg"="0"
2023/01/18 15:26:09 parsed 1 programs
2023/01/18 15:26:09 executed programs: 0
[   89.982394][ T4393] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.991284][ T4393] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   90.000616][ T4393] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   90.009543][ T4393] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   90.018265][ T4393] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   90.026200][ T4393] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   90.139817][ T5544] chnl_net:caif_netlink_parms(): no params data found
[   90.184032][ T5544] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.191747][ T5544] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.200342][ T5544] device bridge_slave_0 entered promiscuous mode
[   90.209631][ T5544] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.217167][ T5544] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.224953][ T5544] device bridge_slave_1 entered promiscuous mode
[   90.247732][ T5544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.258990][ T5544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.282267][ T5544] team0: Port device team_slave_0 added
[   90.289936][ T5544] team0: Port device team_slave_1 added
[   90.310136][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.317468][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.344191][ T5544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.358235][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.365296][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.391728][ T5544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.423329][ T5544] device hsr_slave_0 entered promiscuous mode
[   90.430125][ T5544] device hsr_slave_1 entered promiscuous mode
[   91.074666][ T5544] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.085246][ T5544] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.098062][ T5544] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.110159][ T5544] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.209062][ T5544] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.224376][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   91.237017][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.249074][ T5544] 8021q: adding VLAN 0 to HW filter on device team0
[   91.263604][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   91.274062][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   91.284804][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.292037][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.317565][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   91.326435][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   91.335465][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   91.346263][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.353427][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.361883][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   91.371112][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   91.380244][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   91.404216][ T5544] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   91.419519][ T5544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.434450][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   91.443020][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   91.452249][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   91.462062][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   91.470908][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   91.479603][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   91.488614][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   91.740246][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   91.748978][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   91.762332][ T5544] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.785351][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   91.798591][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   91.821854][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   91.831452][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   91.845386][ T5544] device veth0_vlan entered promiscuous mode
[   91.852969][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   91.863510][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   91.878838][ T5544] device veth1_vlan entered promiscuous mode
[   91.906844][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   91.917504][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   91.927507][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   91.938568][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   91.950267][ T5544] device veth0_macvtap entered promiscuous mode
[   91.965786][ T5544] device veth1_macvtap entered promiscuous mode
[   91.985523][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.994782][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   92.004400][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   92.014893][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   92.026355][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   92.038518][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.050539][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   92.060415][  T898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   92.073903][ T5544] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.084841][ T5544] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.096003][ T5544] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.104889][ T4393] Bluetooth: hci0: command 0x0409 tx timeout
[   92.115270][ T5544] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.194638][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.204686][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.215895][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   92.237802][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.250398][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.261248][ T1112] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   93.152711][ T1184] ==================================================================
[   93.160929][ T1184] BUG: KASAN: use-after-free in io_req_caches_free+0x1a8/0x201
[   93.168510][ T1184] Read of size 8 at addr ffff8880711c7938 by task kworker/u4:5/1184
[   93.176507][ T1184] 
[   93.178829][ T1184] CPU: 1 PID: 1184 Comm: kworker/u4:5 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   93.189084][ T1184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   93.199231][ T1184] Workqueue: events_unbound io_ring_exit_work
[   93.205318][ T1184] Call Trace:
[   93.208595][ T1184]  <TASK>
[   93.211527][ T1184]  dump_stack_lvl+0xd1/0x138
[   93.216127][ T1184]  print_report+0x15e/0x45d
[   93.220651][ T1184]  ? __phys_addr+0xc8/0x140
[   93.225258][ T1184]  ? io_req_caches_free+0x1a8/0x201
[   93.230816][ T1184]  kasan_report+0xc0/0xf0
[   93.235159][ T1184]  ? io_req_caches_free+0x1a8/0x201
[   93.240377][ T1184]  io_req_caches_free+0x1a8/0x201
[   93.245503][ T1184]  io_ring_exit_work+0x2e7/0xc80
[   93.250547][ T1184]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   93.256627][ T1184]  ? lock_release+0x810/0x810
[   93.261487][ T1184]  ? process_one_work+0x8a1/0x1750
[   93.267112][ T1184]  ? rcu_read_lock_sched_held+0x3e/0x70
[   93.272753][ T1184]  ? trace_lock_acquire+0x1f1/0x290
[   93.277964][ T1184]  process_one_work+0x9bf/0x1750
[   93.282920][ T1184]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   93.288306][ T1184]  ? rcu_read_lock_sched_held+0x3e/0x70
[   93.293869][ T1184]  ? rwlock_bug.part.0+0x90/0x90
[   93.298819][ T1184]  ? lock_acquire+0x32/0xc0
[   93.303333][ T1184]  ? worker_thread+0x16d/0x1090
[   93.308283][ T1184]  worker_thread+0x669/0x1090
[   93.313099][ T1184]  ? __kthread_parkme+0x163/0x220
[   93.318186][ T1184]  ? process_one_work+0x1750/0x1750
[   93.323568][ T1184]  kthread+0x2e8/0x3a0
[   93.327750][ T1184]  ? kthread_complete_and_exit+0x40/0x40
[   93.333509][ T1184]  ret_from_fork+0x1f/0x30
[   93.338133][ T1184]  </TASK>
[   93.341157][ T1184] 
[   93.343504][ T1184] Allocated by task 5597:
[   93.347865][ T1184]  kasan_save_stack+0x22/0x40
[   93.352584][ T1184]  kasan_set_track+0x25/0x30
[   93.357210][ T1184]  __kasan_slab_alloc+0x7f/0x90
[   93.362587][ T1184]  kmem_cache_alloc_bulk+0x3aa/0x730
[   93.370182][ T1184]  __io_alloc_req_refill+0xcc/0x40b
[   93.375515][ T1184]  io_submit_sqes.cold+0x7c/0xc2
[   93.380476][ T1184]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   93.386055][ T1184]  do_syscall_64+0x39/0xb0
[   93.390677][ T1184]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   93.396686][ T1184] 
[   93.399096][ T1184] Freed by task 1184:
[   93.403089][ T1184]  kasan_save_stack+0x22/0x40
[   93.408060][ T1184]  kasan_set_track+0x25/0x30
[   93.412674][ T1184]  kasan_save_free_info+0x2e/0x40
[   93.417754][ T1184]  ____kasan_slab_free+0x160/0x1c0
[   93.423066][ T1184]  slab_free_freelist_hook+0x8b/0x1c0
[   93.428648][ T1184]  kmem_cache_free+0xec/0x4e0
[   93.433512][ T1184]  io_req_caches_free+0x1c4/0x201
[   93.438549][ T1184]  io_ring_exit_work+0x2e7/0xc80
[   93.443501][ T1184]  process_one_work+0x9bf/0x1750
[   93.448462][ T1184]  worker_thread+0x669/0x1090
[   93.453239][ T1184]  kthread+0x2e8/0x3a0
[   93.457333][ T1184]  ret_from_fork+0x1f/0x30
[   93.461870][ T1184] 
[   93.464195][ T1184] The buggy address belongs to the object at ffff8880711c78c0
[   93.464195][ T1184]  which belongs to the cache io_kiocb of size 224
[   93.478081][ T1184] The buggy address is located 120 bytes inside of
[   93.478081][ T1184]  224-byte region [ffff8880711c78c0, ffff8880711c79a0)
[   93.491475][ T1184] 
[   93.493798][ T1184] The buggy address belongs to the physical page:
[   93.503526][ T1184] page:ffffea0001c471c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x711c7
[   93.513855][ T1184] memcg:ffff88802b0a9f01
[   93.518097][ T1184] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   93.525653][ T1184] raw: 00fff00000000200 ffff88801c3f03c0 dead000000000122 0000000000000000
[   93.534242][ T1184] raw: 0000000000000000 00000000800c000c 00000001ffffffff ffff88802b0a9f01
[   93.543003][ T1184] page dumped because: kasan: bad access detected
[   93.549411][ T1184] page_owner tracks the page as allocated
[   93.555555][ T1184] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5597, tgid 5596 (syz-executor.0), ts 92319099413, free_ts 80415300921
[   93.574149][ T1184]  get_page_from_freelist+0x11bb/0x2d50
[   93.579901][ T1184]  __alloc_pages+0x1cb/0x5c0
[   93.584764][ T1184]  alloc_pages+0x1aa/0x270
[   93.589200][ T1184]  allocate_slab+0x25f/0x350
[   93.593809][ T1184]  ___slab_alloc+0xa91/0x1400
[   93.598925][ T1184]  kmem_cache_alloc_bulk+0x23d/0x730
[   93.604219][ T1184]  __io_alloc_req_refill+0xcc/0x40b
[   93.609455][ T1184]  io_submit_sqes.cold+0x7c/0xc2
[   93.614839][ T1184]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   93.620580][ T1184]  do_syscall_64+0x39/0xb0
[   93.625112][ T1184]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   93.631024][ T1184] page last free stack trace:
[   93.637786][ T1184]  free_pcp_prepare+0x4d0/0x910
[   93.642819][ T1184]  free_unref_page+0x1d/0x490
[   93.647519][ T1184]  __folio_put+0xc5/0x140
[   93.651861][ T1184]  anon_pipe_buf_release+0x3fb/0x4c0
[   93.657329][ T1184]  pipe_read+0x614/0x1110
[   93.661678][ T1184]  vfs_read+0x7fa/0x930
[   93.665942][ T1184]  ksys_read+0x1ec/0x250
[   93.670206][ T1184]  do_syscall_64+0x39/0xb0
[   93.674643][ T1184]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   93.680567][ T1184] 
[   93.682891][ T1184] Memory state around the buggy address:
[   93.689140][ T1184]  ffff8880711c7800: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   93.697374][ T1184]  ffff8880711c7880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   93.705436][ T1184] >ffff8880711c7900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   93.713505][ T1184]                                         ^
[   93.719398][ T1184]  ffff8880711c7980: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   93.727461][ T1184]  ffff8880711c7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.735610][ T1184] ==================================================================
[   93.777686][ T1184] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   93.784932][ T1184] CPU: 1 PID: 1184 Comm: kworker/u4:5 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   93.795121][ T1184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   93.805203][ T1184] Workqueue: events_unbound io_ring_exit_work
[   93.811495][ T1184] Call Trace:
[   93.814879][ T1184]  <TASK>
[   93.817832][ T1184]  dump_stack_lvl+0xd1/0x138
[   93.822477][ T1184]  panic+0x2cc/0x626
[   93.822520][ T1184]  ? panic_print_sys_info.part.0+0x112/0x112
[   93.822562][ T1184]  ? preempt_schedule_thunk+0x1a/0x20
[   93.822601][ T1184]  ? preempt_schedule_common+0x59/0xc0
[   93.822638][ T1184]  check_panic_on_warn.cold+0x19/0x35
[   93.822675][ T1184]  end_report.part.0+0x36/0x73
[   93.822700][ T1184]  ? io_req_caches_free+0x1a8/0x201
[   93.822730][ T1184]  kasan_report.cold+0xa/0xf
[   93.822755][ T1184]  ? io_req_caches_free+0x1a8/0x201
[   93.822785][ T1184]  io_req_caches_free+0x1a8/0x201
[   93.822817][ T1184]  io_ring_exit_work+0x2e7/0xc80
[   93.822848][ T1184]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   93.822881][ T1184]  ? lock_release+0x810/0x810
[   93.822907][ T1184]  ? process_one_work+0x8a1/0x1750
[   93.822936][ T1184]  ? rcu_read_lock_sched_held+0x3e/0x70
[   93.822970][ T1184]  ? trace_lock_acquire+0x1f1/0x290
[   93.823000][ T1184]  process_one_work+0x9bf/0x1750
[   93.823034][ T1184]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   93.823064][ T1184]  ? rcu_read_lock_sched_held+0x3e/0x70
[   93.823091][ T1184]  ? rwlock_bug.part.0+0x90/0x90
[   93.823118][ T1184]  ? lock_acquire+0x32/0xc0
[   93.823141][ T1184]  ? worker_thread+0x16d/0x1090
[   93.823173][ T1184]  worker_thread+0x669/0x1090
[   93.823208][ T1184]  ? __kthread_parkme+0x163/0x220
[   93.823232][ T1184]  ? process_one_work+0x1750/0x1750
[   93.823263][ T1184]  kthread+0x2e8/0x3a0
[   93.823288][ T1184]  ? kthread_complete_and_exit+0x40/0x40
[   93.823316][ T1184]  ret_from_fork+0x1f/0x30
[   93.823355][ T1184]  </TASK>
[   93.826879][ T1184] Kernel Offset: disabled
[   93.974901][ T1184] Rebooting in 86400 seconds..