[   40.437406][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.450032][   T11] device veth1_macvtap left promiscuous mode
[   40.456617][   T11] device veth0_macvtap left promiscuous mode
[   40.462638][   T11] device veth1_vlan left promiscuous mode
[   40.468672][   T11] device veth0_vlan left promiscuous mode
[   40.558010][   T11] team0 (unregistering): Port device team_slave_1 removed
[   40.569383][   T11] team0 (unregistering): Port device team_slave_0 removed
[   40.579852][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   40.594679][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   40.631512][   T11] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts.
2022/10/09 18:30:18 ignoring optional flag "sandboxArg"="0"
2022/10/09 18:30:18 parsed 1 programs
2022/10/09 18:30:18 executed programs: 0
[   58.893436][ T3605] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   63.053499][ T3605] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   65.456038][ T1234] ieee802154 phy0 wpan0: encryption failed: -22
[   65.462409][ T1234] ieee802154 phy1 wpan1: encryption failed: -22
[   67.213466][ T3605] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   69.296346][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.303740][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.311162][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.319493][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.327010][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   69.334294][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.394476][ T4074] chnl_net:caif_netlink_parms(): no params data found
[   69.422308][ T4074] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.429710][ T4074] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.437370][ T4074] device bridge_slave_0 entered promiscuous mode
[   69.445058][ T4074] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.452112][ T4074] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.460053][ T4074] device bridge_slave_1 entered promiscuous mode
[   69.474991][ T4074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.485199][ T4074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.503011][ T4074] team0: Port device team_slave_0 added
[   69.509950][ T4074] team0: Port device team_slave_1 added
[   69.523092][ T4074] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.530040][ T4074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.557621][ T4074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.569592][ T4074] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.576627][ T4074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.603710][ T4074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.625368][ T4074] device hsr_slave_0 entered promiscuous mode
[   69.632074][ T4074] device hsr_slave_1 entered promiscuous mode
[   70.459926][ T4074] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   70.470524][ T4074] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   70.479219][ T4074] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   70.488942][ T4074] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.540273][ T4074] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.554147][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   70.561866][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.572460][ T4074] 8021q: adding VLAN 0 to HW filter on device team0
[   70.575352][  T917] cfg80211: failed to load regulatory.db
[   70.581682][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   70.593293][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.604240][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.611354][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.636680][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   70.644765][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   70.653102][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.665844][  T141] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.672891][  T141] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.681576][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   70.690027][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   70.699290][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   70.709745][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.718288][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   70.726903][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.740271][ T4074] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   70.754761][ T4074] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   70.766735][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.774857][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.782944][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.791875][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.811044][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.824909][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.944724][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   70.952103][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   70.964030][ T4074] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.983146][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   70.995159][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.016168][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.025627][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.034449][ T4074] device veth0_vlan entered promiscuous mode
[   71.042569][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.051882][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.061893][ T4074] device veth1_vlan entered promiscuous mode
[   71.080972][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   71.090310][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   71.098754][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   71.109146][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.118981][ T4074] device veth0_macvtap entered promiscuous mode
[   71.131087][ T4074] device veth1_macvtap entered promiscuous mode
[   71.145320][ T4074] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.152566][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   71.162496][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   71.170466][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   71.180322][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   71.191070][ T4074] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.199942][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   71.208310][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   71.220727][ T4074] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.229755][ T4074] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.239833][ T4074] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.249946][ T4074] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.305140][ T4172] ==================================================================
[   71.313210][ T4172] BUG: KASAN: use-after-free in io_uring_show_fdinfo+0x559/0x15df
[   71.320997][ T4172] Read of size 8 at addr ffff88806f7fff20 by task syz-executor.0/4172
[   71.329122][ T4172] 
[   71.331431][ T4172] CPU: 1 PID: 4172 Comm: syz-executor.0 Not tainted 6.0.0-rc6-syzkaller #0
[   71.340001][ T4172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   71.350041][ T4172] Call Trace:
[   71.353309][ T4172]  <TASK>
[   71.356225][ T4172]  dump_stack_lvl+0x57/0x7d
[   71.360711][ T4172]  print_report.cold+0x2ba/0x719
[   71.365633][ T4172]  ? io_uring_show_fdinfo+0x559/0x15df
[   71.371074][ T4172]  kasan_report+0xb1/0x1e0
[   71.375470][ T4172]  ? io_uring_show_fdinfo+0x559/0x15df
[   71.380904][ T4172]  io_uring_show_fdinfo+0x559/0x15df
[   71.386177][ T4172]  ? seq_file_path+0x10/0x10
[   71.390748][ T4172]  ? seq_show+0x2e6/0x6d0
[   71.395084][ T4172]  ? rcu_lock_acquire.constprop.0+0x22/0x22
[   71.400959][ T4172]  ? rwlock_bug.part.0+0x90/0x90
[   71.405875][ T4172]  seq_show+0x4aa/0x6d0
[   71.410014][ T4172]  seq_read_iter+0x3fa/0x1090
[   71.414670][ T4172]  seq_read+0x161/0x200
[   71.418805][ T4172]  ? seq_read_iter+0x1090/0x1090
[   71.423729][ T4172]  ? apparmor_file_permission+0x138/0x450
[   71.429432][ T4172]  ? fsnotify_perm.part.0+0x11c/0x500
[   71.434781][ T4172]  vfs_read+0x1b8/0x7c0
[   71.438913][ T4172]  ? kernel_read+0x120/0x120
[   71.443490][ T4172]  ? __fget_files+0x1bf/0x3a0
[   71.448154][ T4172]  __x64_sys_pread64+0x192/0x1e0
[   71.453074][ T4172]  ? ksys_pread64+0x130/0x130
[   71.457737][ T4172]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   71.463689][ T4172]  ? syscall_enter_from_user_mode+0x22/0xb0
[   71.469573][ T4172]  do_syscall_64+0x35/0xb0
[   71.473964][ T4172]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.479829][ T4172] RIP: 0033:0x7f87d628a5a9
[   71.484220][ T4172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   71.503805][ T4172] RSP: 002b:00007f87d7359168 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[   71.512195][ T4172] RAX: ffffffffffffffda RBX: 00007f87d63abf80 RCX: 00007f87d628a5a9
[   71.520156][ T4172] RDX: 0000000000000011 RSI: 0000000020002140 RDI: 0000000000000005
[   71.528111][ T4172] RBP: 00007f87d62e5580 R08: 0000000000000000 R09: 0000000000000000
[   71.536059][ T4172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.544007][ T4172] R13: 00007fffce164f1f R14: 00007f87d7359300 R15: 0000000000022000
[   71.551967][ T4172]  </TASK>
[   71.554966][ T4172] 
[   71.557268][ T4172] The buggy address belongs to the physical page:
[   71.563656][ T4172] page:ffffea0001bdffc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6f7ff
[   71.573777][ T4172] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   71.580860][ T4172] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   71.589422][ T4172] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   71.597982][ T4172] page dumped because: kasan: bad access detected
[   71.604365][ T4172] page_owner tracks the page as freed
[   71.609704][ T4172] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 3600, tgid 3592 (syz-fuzzer), ts 34787143565, free_ts 36525392267
[   71.628166][ T4172]  get_page_from_freelist+0x109b/0x2ce0
[   71.633695][ T4172]  __alloc_pages+0x1c7/0x510
[   71.638274][ T4172]  __folio_alloc+0x12/0x40
[   71.642669][ T4172]  vma_alloc_folio+0x44c/0x5b0
[   71.647498][ T4172]  do_huge_pmd_anonymous_page+0x1d9/0x1680
[   71.653278][ T4172]  __handle_mm_fault+0x1a22/0x2b70
[   71.658369][ T4172]  handle_mm_fault+0x166/0x5e0
[   71.663112][ T4172]  do_user_addr_fault+0x2da/0xcf0
[   71.668120][ T4172]  exc_page_fault+0x5a/0xc0
[   71.672609][ T4172]  asm_exc_page_fault+0x22/0x30
[   71.677444][ T4172] page last free stack trace:
[   71.682096][ T4172]  free_pcp_prepare+0x5e4/0xd20
[   71.686921][ T4172]  free_unref_page+0x19/0x4d0
[   71.691573][ T4172]  release_pages+0x291/0x1080
[   71.696237][ T4172]  tlb_batch_pages_flush+0x85/0x160
[   71.701417][ T4172]  tlb_finish_mmu+0x110/0x6c0
[   71.706066][ T4172]  exit_mmap+0x19d/0x3f0
[   71.710284][ T4172]  __mmput+0xed/0x430
[   71.714245][ T4172]  do_exit+0x8c8/0x2440
[   71.718379][ T4172]  do_group_exit+0xb2/0x2a0
[   71.722862][ T4172]  __x64_sys_exit_group+0x35/0x40
[   71.727868][ T4172]  do_syscall_64+0x35/0xb0
[   71.732262][ T4172]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.738312][ T4172] 
[   71.740631][ T4172] Memory state around the buggy address:
[   71.746247][ T4172]  ffff88806f7ffe00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.754295][ T4172]  ffff88806f7ffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.762344][ T4172] >ffff88806f7fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.770390][ T4172]                                ^
[   71.775480][ T4172]  ffff88806f7fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.783530][ T4172]  ffff88806f800000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   71.791575][ T4172] ==================================================================
[   71.801950][ T3615] Bluetooth: hci0: command 0x0409 tx timeout
[   71.822867][ T4172] Kernel panic - not syncing: panic_on_warn set ...
[   71.829444][ T4172] CPU: 1 PID: 4172 Comm: syz-executor.0 Not tainted 6.0.0-rc6-syzkaller #0
[   71.838007][ T4172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   71.848214][ T4172] Call Trace:
[   71.851494][ T4172]  <TASK>
[   71.854407][ T4172]  dump_stack_lvl+0x57/0x7d
[   71.858889][ T4172]  panic+0x219/0x458
[   71.862760][ T4172]  ? panic_print_sys_info.part.0+0x69/0x69
[   71.868629][ T4172]  ? preempt_schedule_common+0x59/0xc0
[   71.874068][ T4172]  ? preempt_schedule_thunk+0x16/0x18
[   71.879418][ T4172]  ? io_uring_show_fdinfo+0x559/0x15df
[   71.884850][ T4172]  end_report.part.0+0x3f/0x7c
[   71.889593][ T4172]  kasan_report.cold+0xa/0xf
[   71.894167][ T4172]  ? io_uring_show_fdinfo+0x559/0x15df
[   71.899605][ T4172]  io_uring_show_fdinfo+0x559/0x15df
[   71.904875][ T4172]  ? seq_file_path+0x10/0x10
[   71.909441][ T4172]  ? seq_show+0x2e6/0x6d0
[   71.913753][ T4172]  ? rcu_lock_acquire.constprop.0+0x22/0x22
[   71.919626][ T4172]  ? rwlock_bug.part.0+0x90/0x90
[   71.924543][ T4172]  seq_show+0x4aa/0x6d0
[   71.928685][ T4172]  seq_read_iter+0x3fa/0x1090
[   71.933350][ T4172]  seq_read+0x161/0x200
[   71.937482][ T4172]  ? seq_read_iter+0x1090/0x1090
[   71.942410][ T4172]  ? apparmor_file_permission+0x138/0x450
[   71.948114][ T4172]  ? fsnotify_perm.part.0+0x11c/0x500
[   71.953468][ T4172]  vfs_read+0x1b8/0x7c0
[   71.957606][ T4172]  ? kernel_read+0x120/0x120
[   71.962183][ T4172]  ? __fget_files+0x1bf/0x3a0
[   71.966843][ T4172]  __x64_sys_pread64+0x192/0x1e0
[   71.971766][ T4172]  ? ksys_pread64+0x130/0x130
[   71.976440][ T4172]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   71.982413][ T4172]  ? syscall_enter_from_user_mode+0x22/0xb0
[   71.988298][ T4172]  do_syscall_64+0x35/0xb0
[   71.992704][ T4172]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.998573][ T4172] RIP: 0033:0x7f87d628a5a9
[   72.002976][ T4172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.022597][ T4172] RSP: 002b:00007f87d7359168 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[   72.030985][ T4172] RAX: ffffffffffffffda RBX: 00007f87d63abf80 RCX: 00007f87d628a5a9
[   72.038932][ T4172] RDX: 0000000000000011 RSI: 0000000020002140 RDI: 0000000000000005
[   72.046888][ T4172] RBP: 00007f87d62e5580 R08: 0000000000000000 R09: 0000000000000000
[   72.054833][ T4172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.062788][ T4172] R13: 00007fffce164f1f R14: 00007f87d7359300 R15: 0000000000022000
[   72.071564][ T4172]  </TASK>
[   72.075328][ T4172] Kernel Offset: disabled
[   72.079628][ T4172] Rebooting in 86400 seconds..