[ 68.496776][ T2822] device veth1_macvtap left promiscuous mode
[ 68.503417][ T2822] device veth0_macvtap left promiscuous mode
[ 68.509589][ T2822] device veth1_vlan left promiscuous mode
[ 68.516340][ T2822] device veth0_vlan left promiscuous mode
[ 68.786607][ T2822] team0 (unregistering): Port device team_slave_1 removed
[ 68.806151][ T2822] team0 (unregistering): Port device team_slave_0 removed
[ 68.823328][ T2822] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 68.841990][ T2822] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 68.935363][ T2822] bond0 (unregistering): Released all slaves
[ 81.543533][ T22] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.188' (ECDSA) to the list of known hosts.
2023/02/01 16:39:25 ignoring optional flag "sandboxArg"="0"
2023/02/01 16:39:25 parsed 1 programs
2023/02/01 16:39:25 executed programs: 0
[ 89.430203][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 89.438383][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 89.447424][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 89.455710][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 89.463713][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 89.471162][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 89.577758][ T5544] chnl_net:caif_netlink_parms(): no params data found
[ 89.618732][ T5544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.626309][ T5544] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.634284][ T5544] device bridge_slave_0 entered promiscuous mode
[ 89.643057][ T5544] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.650978][ T5544] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.659264][ T5544] device bridge_slave_1 entered promiscuous mode
[ 89.679976][ T5544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.691194][ T5544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.715717][ T5544] team0: Port device team_slave_0 added
[ 89.723426][ T5544] team0: Port device team_slave_1 added
[ 89.742425][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.749474][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.775782][ T5544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.788157][ T5544] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.795259][ T5544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.821412][ T5544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 89.851242][ T5544] device hsr_slave_0 entered promiscuous mode
[ 89.858199][ T5544] device hsr_slave_1 entered promiscuous mode
[ 90.597116][ T5544] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 90.608350][ T5544] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 90.620745][ T5544] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 90.633206][ T5544] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 90.718817][ T5544] 8021q: adding VLAN 0 to HW filter on device bond0
[ 90.734372][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 90.744185][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 90.756716][ T5544] 8021q: adding VLAN 0 to HW filter on device team0
[ 90.769261][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 90.780374][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 90.789648][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.796834][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 90.811946][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 90.820175][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 90.830242][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 90.839516][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.846728][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 90.855187][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 90.881844][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 90.890974][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 90.901338][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 90.911176][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 90.921064][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 90.929905][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 90.938918][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 90.949586][ T5544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 90.961428][ T5578] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 91.204847][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 91.213246][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 91.224388][ T5544] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.247286][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 91.256279][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 91.277721][ T5578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 91.289250][ T5578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 91.301251][ T5544] device veth0_vlan entered promiscuous mode
[ 91.309712][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 91.317979][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 91.333577][ T5544] device veth1_vlan entered promiscuous mode
[ 91.361058][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 91.371375][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 91.382457][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 91.393291][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 91.404666][ T5544] device veth0_macvtap entered promiscuous mode
[ 91.419763][ T5544] device veth1_macvtap entered promiscuous mode
[ 91.444288][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 91.454327][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 91.464497][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 91.475196][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 91.484463][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 91.499948][ T5544] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 91.508019][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 91.518739][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 91.530573][ T5544] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.540290][ T5544] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.549758][ T5544] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.558721][ T48] Bluetooth: hci0: command 0x0409 tx timeout
[ 91.566381][ T5544] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.635445][ T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.663217][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.663534][ T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.671180][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.680265][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 91.697408][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 92.602844][ T5578] ==================================================================
[ 92.610966][ T5578] BUG: KASAN: use-after-free in io_fallback_req_func+0xc7/0x204
[ 92.618811][ T5578] Read of size 8 at addr ffff8880271e8948 by task kworker/0:5/5578
[ 92.626901][ T5578]
[ 92.629290][ T5578] CPU: 0 PID: 5578 Comm: kworker/0:5 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[ 92.639643][ T5578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 92.649818][ T5578] Workqueue: events io_fallback_req_func
[ 92.649855][ T5578] Call Trace:
[ 92.649865][ T5578]
[ 92.649875][ T5578] dump_stack_lvl+0xd1/0x138
[ 92.649904][ T5578] print_report+0x15e/0x45d
[ 92.649930][ T5578] ? __phys_addr+0xc8/0x140
[ 92.675587][ T5578] ? io_fallback_req_func+0xc7/0x204
[ 92.680870][ T5578] kasan_report+0xc0/0xf0
[ 92.685200][ T5578] ? io_fallback_req_func+0xc7/0x204
[ 92.690488][ T5578] io_fallback_req_func+0xc7/0x204
[ 92.695679][ T5578] ? __io_commit_cqring_flush.cold+0x42/0x42
[ 92.701672][ T5578] process_one_work+0x9bf/0x1750
[ 92.706800][ T5578] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 92.712198][ T5578] ? rcu_read_lock_sched_held+0x3e/0x70
[ 92.717771][ T5578] ? rwlock_bug.part.0+0x90/0x90
[ 92.722793][ T5578] ? lock_acquire+0x32/0xc0
[ 92.727395][ T5578] ? worker_thread+0x16d/0x1090
[ 92.732246][ T5578] worker_thread+0x669/0x1090
[ 92.736922][ T5578] ? __kthread_parkme+0x163/0x220
[ 92.741942][ T5578] ? process_one_work+0x1750/0x1750
[ 92.747320][ T5578] kthread+0x2e8/0x3a0
[ 92.751407][ T5578] ? kthread_complete_and_exit+0x40/0x40
[ 92.757060][ T5578] ret_from_fork+0x1f/0x30
[ 92.761631][ T5578]
[ 92.764701][ T5578]
[ 92.767039][ T5578] Allocated by task 5603:
[ 92.771381][ T5578] kasan_save_stack+0x22/0x40
[ 92.776172][ T5578] kasan_set_track+0x25/0x30
[ 92.780847][ T5578] __kasan_slab_alloc+0x7f/0x90
[ 92.785700][ T5578] kmem_cache_alloc_bulk+0x3aa/0x730
[ 92.791075][ T5578] __io_alloc_req_refill+0xcc/0x434
[ 92.796376][ T5578] io_submit_sqes.cold+0xd/0xc2
[ 92.801256][ T5578] __do_sys_io_uring_enter+0x9e4/0x2c10
[ 92.806814][ T5578] do_syscall_64+0x39/0xb0
[ 92.811322][ T5578] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 92.817243][ T5578]
[ 92.819578][ T5578] Freed by task 2822:
[ 92.823752][ T5578] kasan_save_stack+0x22/0x40
[ 92.828715][ T5578] kasan_set_track+0x25/0x30
[ 92.833350][ T5578] kasan_save_free_info+0x2e/0x40
[ 92.838496][ T5578] ____kasan_slab_free+0x160/0x1c0
[ 92.843619][ T5578] slab_free_freelist_hook+0x8b/0x1c0
[ 92.849174][ T5578] kmem_cache_free+0xec/0x4e0
[ 92.853851][ T5578] io_req_caches_free+0x203/0x248
[ 92.858876][ T5578] io_ring_exit_work+0x2e7/0xc80
[ 92.863968][ T5578] process_one_work+0x9bf/0x1750
[ 92.868925][ T5578] worker_thread+0x669/0x1090
[ 92.873812][ T5578] kthread+0x2e8/0x3a0
[ 92.877894][ T5578] ret_from_fork+0x1f/0x30
[ 92.882414][ T5578]
[ 92.884730][ T5578] The buggy address belongs to the object at ffff8880271e88c0
[ 92.884730][ T5578] which belongs to the cache io_kiocb of size 232
[ 92.898519][ T5578] The buggy address is located 136 bytes inside of
[ 92.898519][ T5578] 232-byte region [ffff8880271e88c0, ffff8880271e89a8)
[ 92.911883][ T5578]
[ 92.914210][ T5578] The buggy address belongs to the physical page:
[ 92.920610][ T5578] page:ffffea00009c7a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x271e8
[ 92.930759][ T5578] memcg:ffff888017b98f01
[ 92.935106][ T5578] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 92.942750][ T5578] raw: 00fff00000000200 ffff888146255140 dead000000000122 0000000000000000
[ 92.951370][ T5578] raw: 0000000000000000 00000000800c000c 00000001ffffffff ffff888017b98f01
[ 92.959972][ T5578] page dumped because: kasan: bad access detected
[ 92.966405][ T5578] page_owner tracks the page as allocated
[ 92.972200][ T5578] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5603, tgid 5602 (syz-executor.0), ts 91755579199, free_ts 91135623998
[ 92.990991][ T5578] get_page_from_freelist+0x11bb/0x2d50
[ 92.996587][ T5578] __alloc_pages+0x1cb/0x5c0
[ 93.001215][ T5578] alloc_pages+0x1aa/0x270
[ 93.005633][ T5578] allocate_slab+0x25f/0x350
[ 93.010257][ T5578] ___slab_alloc+0xa91/0x1400
[ 93.014986][ T5578] kmem_cache_alloc_bulk+0x23d/0x730
[ 93.020558][ T5578] __io_alloc_req_refill+0xcc/0x434
[ 93.026024][ T5578] io_submit_sqes.cold+0xd/0xc2
[ 93.030868][ T5578] __do_sys_io_uring_enter+0x9e4/0x2c10
[ 93.036414][ T5578] do_syscall_64+0x39/0xb0
[ 93.041009][ T5578] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 93.046937][ T5578] page last free stack trace:
[ 93.051606][ T5578] free_pcp_prepare+0x4d0/0x910
[ 93.056453][ T5578] free_unref_page_list+0x176/0xcd0
[ 93.061657][ T5578] release_pages+0xcb1/0x1330
[ 93.066536][ T5578] tlb_batch_pages_flush+0xa8/0x1a0
[ 93.071756][ T5578] tlb_finish_mmu+0x14b/0x7e0
[ 93.076446][ T5578] exit_mmap+0x202/0x7c0
[ 93.080855][ T5578] __mmput+0x128/0x4c0
[ 93.084939][ T5578] mmput+0x60/0x70
[ 93.088652][ T5578] do_exit+0x9ac/0x2a90
[ 93.092805][ T5578] do_group_exit+0xd4/0x2a0
[ 93.097391][ T5578] __x64_sys_exit_group+0x3e/0x50
[ 93.102423][ T5578] do_syscall_64+0x39/0xb0
[ 93.106837][ T5578] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 93.112739][ T5578]
[ 93.115076][ T5578] Memory state around the buggy address:
[ 93.120695][ T5578] ffff8880271e8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 93.129021][ T5578] ffff8880271e8880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 93.137075][ T5578] >ffff8880271e8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.145213][ T5578] ^
[ 93.151641][ T5578] ffff8880271e8980: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[ 93.159697][ T5578] ffff8880271e8a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.167773][ T5578] ==================================================================
[ 93.181081][ T5578] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 93.188303][ T5578] CPU: 0 PID: 5578 Comm: kworker/0:5 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[ 93.198404][ T5578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 93.208518][ T5578] Workqueue: events io_fallback_req_func
[ 93.214180][ T5578] Call Trace:
[ 93.217464][ T5578]
[ 93.220416][ T5578] dump_stack_lvl+0xd1/0x138
[ 93.225026][ T5578] panic+0x2cc/0x626
[ 93.228941][ T5578] ? panic_print_sys_info.part.0+0x112/0x112
[ 93.235085][ T5578] ? preempt_schedule_thunk+0x1a/0x20
[ 93.240485][ T5578] ? preempt_schedule_common+0x59/0xc0
[ 93.245964][ T5578] check_panic_on_warn.cold+0x19/0x35
[ 93.251448][ T5578] end_report.part.0+0x36/0x73
[ 93.257187][ T5578] ? io_fallback_req_func+0xc7/0x204
[ 93.262493][ T5578] kasan_report.cold+0xa/0xf
[ 93.267092][ T5578] ? io_fallback_req_func+0xc7/0x204
[ 93.272392][ T5578] io_fallback_req_func+0xc7/0x204
[ 93.277602][ T5578] ? __io_commit_cqring_flush.cold+0x42/0x42
[ 93.283598][ T5578] process_one_work+0x9bf/0x1750
[ 93.288555][ T5578] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 93.293949][ T5578] ? rcu_read_lock_sched_held+0x3e/0x70
[ 93.299507][ T5578] ? rwlock_bug.part.0+0x90/0x90
[ 93.304456][ T5578] ? lock_acquire+0x32/0xc0
[ 93.309009][ T5578] ? worker_thread+0x16d/0x1090
[ 93.314054][ T5578] worker_thread+0x669/0x1090
[ 93.318746][ T5578] ? __kthread_parkme+0x163/0x220
[ 93.323778][ T5578] ? process_one_work+0x1750/0x1750
[ 93.329765][ T5578] kthread+0x2e8/0x3a0
[ 93.333871][ T5578] ? kthread_complete_and_exit+0x40/0x40
[ 93.339998][ T5578] ret_from_fork+0x1f/0x30
[ 93.344551][ T5578]
[ 93.347822][ T5578] Kernel Offset: disabled
[ 93.352274][ T5578] Rebooting in 86400 seconds..