[ 45.366138][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 45.375027][ T8] device veth1_macvtap left promiscuous mode
[ 45.381009][ T8] device veth0_macvtap left promiscuous mode
[ 45.387270][ T8] device veth1_vlan left promiscuous mode
[ 45.393178][ T8] device veth0_vlan left promiscuous mode
[ 45.438164][ T8] team0 (unregistering): Port device team_slave_1 removed
[ 45.446993][ T8] team0 (unregistering): Port device team_slave_0 removed
[ 45.456848][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 45.467737][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 45.493126][ T8] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.191' (ECDSA) to the list of known hosts.
2022/12/18 14:15:23 ignoring optional flag "sandboxArg"="0"
2022/12/18 14:15:23 parsed 1 programs
2022/12/18 14:15:23 executed programs: 0
[ 60.361831][ T3612] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 62.443306][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 62.450511][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 62.457711][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 62.465280][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 62.472646][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 62.479776][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 62.519824][ T4072] chnl_net:caif_netlink_parms(): no params data found
[ 62.540432][ T4072] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.548030][ T4072] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.555816][ T4072] device bridge_slave_0 entered promiscuous mode
[ 62.563492][ T4072] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.570551][ T4072] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.578062][ T4072] device bridge_slave_1 entered promiscuous mode
[ 62.589978][ T4072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 62.599971][ T4072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 62.614514][ T4072] team0: Port device team_slave_0 added
[ 62.620738][ T4072] team0: Port device team_slave_1 added
[ 62.631460][ T4072] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 62.638500][ T4072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 62.664864][ T4072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 62.676191][ T4072] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 62.683241][ T4072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 62.709106][ T4072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 62.727489][ T4072] device hsr_slave_0 entered promiscuous mode
[ 62.733791][ T4072] device hsr_slave_1 entered promiscuous mode
[ 63.072443][ T4072] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 63.080598][ T4072] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 63.089468][ T4072] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 63.098126][ T4072] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 63.112769][ T4072] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.119837][ T4072] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 63.127185][ T4072] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.134285][ T4072] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 63.162982][ T4072] 8021q: adding VLAN 0 to HW filter on device bond0
[ 63.174962][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 63.183436][ T26] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.190829][ T26] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.200198][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 63.209857][ T4072] 8021q: adding VLAN 0 to HW filter on device team0
[ 63.219982][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 63.229115][ T26] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.236288][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 63.253642][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 63.262315][ T3626] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.269360][ T3626] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 63.277231][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 63.285478][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 63.297087][ T4072] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 63.307590][ T4072] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 63.320169][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 63.327826][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 63.336194][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 63.344673][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 63.393647][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 63.401345][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 63.411051][ T4072] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 63.425264][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 63.439052][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 63.448353][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 63.456452][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 63.465724][ T4072] device veth0_vlan entered promiscuous mode
[ 63.475490][ T4072] device veth1_vlan entered promiscuous mode
[ 63.489317][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 63.497912][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 63.506183][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 63.515938][ T4072] device veth0_macvtap entered promiscuous mode
[ 63.524764][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 63.533711][ T4072] device veth1_macvtap entered promiscuous mode
[ 63.546965][ T4072] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 63.554877][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 63.564369][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 63.574078][ T4072] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 63.583696][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 63.593274][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 63.602227][ T4072] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 63.611059][ T4072] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 63.621466][ T4072] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 63.630860][ T4072] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2022/12/18 14:15:29 executed programs: 1
[ 63.660204][ T1000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.669182][ T1000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.675800][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.684577][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 63.692128][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.699478][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 65.482703][ T1233] ieee802154 phy0 wpan0: encryption failed: -22
[ 65.489163][ T1233] ieee802154 phy1 wpan1: encryption failed: -22
[ 67.802014][ T3620] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 67.819927][ T3620] Bluetooth: hci0: Injecting HCI hardware error event
[ 67.833250][ T47] Bluetooth: hci0: hardware error 0x00
[ 67.841527][ T47] ==================================================================
[ 67.849931][ T47] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0xa6/0x5e0
[ 67.857902][ T47] Read of size 8 at addr ffff888015f644b8 by task kworker/u5:0/47
[ 67.865696][ T47]
[ 67.868008][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 5.19.0-rc7-syzkaller #0
[ 67.876308][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 67.886353][ T47] Workqueue: hci0 hci_error_reset
[ 67.891376][ T47] Call Trace:
[ 67.894637][ T47]
[ 67.897540][ T47] dump_stack_lvl+0x57/0x7d
[ 67.902016][ T47] print_address_description.constprop.0.cold+0xeb/0x495
[ 67.909005][ T47] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 67.914514][ T47] kasan_report.cold+0xf4/0x1c6
[ 67.919687][ T47] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 67.925201][ T47] kasan_check_range+0x13d/0x180
[ 67.930106][ T47] __mutex_unlock_slowpath+0xa6/0x5e0
[ 67.935442][ T47] ? wait_for_completion_io_timeout+0x20/0x20
[ 67.941474][ T47] ? l2cap_conn_del+0x39c/0x720
[ 67.946291][ T47] ? kfree+0xd6/0x4d0
[ 67.950241][ T47] l2cap_conn_del+0x3a4/0x720
[ 67.954888][ T47] hci_conn_hash_flush+0xfb/0x210
[ 67.959880][ T47] hci_dev_close_sync+0x462/0xef0
[ 67.964873][ T47] ? hci_dev_open_sync+0x1b20/0x1b20
[ 67.970124][ T47] ? do_raw_spin_lock+0x120/0x2a0
[ 67.975115][ T47] hci_dev_do_close+0x23/0x60
[ 67.979759][ T47] hci_error_reset+0x79/0xf0
[ 67.984316][ T47] process_one_work+0x865/0x13d0
[ 67.989240][ T47] ? lock_release+0x780/0x780
[ 67.993885][ T47] ? pwq_dec_nr_in_flight+0x230/0x230
[ 67.999224][ T47] ? rwlock_bug.part.0+0x90/0x90
[ 68.004130][ T47] worker_thread+0x598/0xec0
[ 68.008688][ T47] ? process_one_work+0x13d0/0x13d0
[ 68.013851][ T47] kthread+0x299/0x340
[ 68.017886][ T47] ? kthread_complete_and_exit+0x20/0x20
[ 68.023483][ T47] ret_from_fork+0x1f/0x30
[ 68.027866][ T47]
[ 68.030862][ T47]
[ 68.033156][ T47] Allocated by task 47:
[ 68.037362][ T47] kasan_save_stack+0x1e/0x40
[ 68.042034][ T47] __kasan_kmalloc+0xa9/0xd0
[ 68.046598][ T47] l2cap_chan_create+0x39/0x530
[ 68.051432][ T47] amp_mgr_create+0x80/0x8e0
[ 68.056006][ T47] a2mp_channel_create+0x61/0x120
[ 68.061005][ T47] l2cap_recv_frame+0x3da7/0x7e80
[ 68.066001][ T47] hci_rx_work+0x3bf/0xba0
[ 68.070384][ T47] process_one_work+0x865/0x13d0
[ 68.075374][ T47] worker_thread+0x598/0xec0
[ 68.079929][ T47] kthread+0x299/0x340
[ 68.083969][ T47] ret_from_fork+0x1f/0x30
[ 68.088357][ T47]
[ 68.090654][ T47] Freed by task 47:
[ 68.094428][ T47] kasan_save_stack+0x1e/0x40
[ 68.099161][ T47] kasan_set_track+0x21/0x30
[ 68.103723][ T47] kasan_set_free_info+0x20/0x30
[ 68.108624][ T47] ____kasan_slab_free+0x166/0x1a0
[ 68.113703][ T47] slab_free_freelist_hook+0x8b/0x1c0
[ 68.119049][ T47] kfree+0xd6/0x4d0
[ 68.122922][ T47] l2cap_conn_del+0x39c/0x720
[ 68.127571][ T47] hci_conn_hash_flush+0xfb/0x210
[ 68.132564][ T47] hci_dev_close_sync+0x462/0xef0
[ 68.137562][ T47] hci_dev_do_close+0x23/0x60
[ 68.142205][ T47] hci_error_reset+0x79/0xf0
[ 68.146762][ T47] process_one_work+0x865/0x13d0
[ 68.151667][ T47] worker_thread+0x598/0xec0
[ 68.156224][ T47] kthread+0x299/0x340
[ 68.160343][ T47] ret_from_fork+0x1f/0x30
[ 68.164726][ T47]
[ 68.167025][ T47] The buggy address belongs to the object at ffff888015f64000
[ 68.167025][ T47] which belongs to the cache kmalloc-2k of size 2048
[ 68.181047][ T47] The buggy address is located 1208 bytes inside of
[ 68.181047][ T47] 2048-byte region [ffff888015f64000, ffff888015f64800)
[ 68.194466][ T47]
[ 68.196760][ T47] The buggy address belongs to the physical page:
[ 68.203139][ T47] page:ffffea000057d800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888015f67000 pfn:0x15f60
[ 68.214583][ T47] head:ffffea000057d800 order:3 compound_mapcount:0 compound_pincount:0
[ 68.222869][ T47] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 68.230836][ T47] raw: 00fff00000010200 ffffea000059c208 ffffea0001da7c08 ffff888010842000
[ 68.239387][ T47] raw: ffff888015f67000 0000000000080001 00000001ffffffff 0000000000000000
[ 68.247932][ T47] page dumped because: kasan: bad access detected
[ 68.254308][ T47] page_owner tracks the page as allocated
[ 68.260021][ T47] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3620, tgid 3620 (kworker/1:3), ts 63711870858, free_ts 63700203002
[ 68.282998][ T47] get_page_from_freelist+0x1290/0x3b70
[ 68.288537][ T47] __alloc_pages+0x1c7/0x510
[ 68.293101][ T47] allocate_slab+0x26c/0x3c0
[ 68.297659][ T47] ___slab_alloc+0x9c4/0xe20
[ 68.302221][ T47] __slab_alloc.constprop.0+0x4d/0xa0
[ 68.307567][ T47] __kmalloc_node_track_caller+0x2cb/0x360
[ 68.313827][ T47] __alloc_skb+0x8a/0x270
[ 68.318135][ T47] alloc_skb_with_frags+0x73/0x6f0
[ 68.323214][ T47] sock_alloc_send_pskb+0x636/0x7c0
[ 68.328376][ T47] mld_newpack.isra.0+0x1b4/0x770
[ 68.333366][ T47] add_grhead+0x273/0x370
[ 68.337662][ T47] add_grec+0xc87/0x1060
[ 68.341873][ T47] mld_ifc_work+0x3bb/0xa90
[ 68.346359][ T47] process_one_work+0x865/0x13d0
[ 68.351353][ T47] worker_thread+0x598/0xec0
[ 68.355910][ T47] kthread+0x299/0x340
[ 68.359954][ T47] page last free stack trace:
[ 68.364613][ T47] free_pcp_prepare+0x549/0xd20
[ 68.369428][ T47] free_unref_page+0x19/0x6a0
[ 68.374070][ T47] __unfreeze_partials+0x17c/0x1a0
[ 68.379145][ T47] qlist_free_all+0x6a/0x170
[ 68.383697][ T47] kasan_quarantine_reduce+0x180/0x200
[ 68.389127][ T47] __kasan_slab_alloc+0xa2/0xc0
[ 68.393944][ T47] kmem_cache_alloc+0x204/0x3b0
[ 68.398785][ T47] vm_area_alloc+0x17/0xf0
[ 68.403255][ T47] mmap_region+0x74e/0x11d0
[ 68.407724][ T47] do_mmap+0x5c4/0xd80
[ 68.411760][ T47] vm_mmap_pgoff+0x163/0x210
[ 68.416321][ T47] do_syscall_64+0x35/0xb0
[ 68.420704][ T47] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.426563][ T47]
[ 68.428859][ T47] Memory state around the buggy address:
[ 68.434546][ T47] ffff888015f64380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.442578][ T47] ffff888015f64400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.450607][ T47] >ffff888015f64480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.458636][ T47] ^
[ 68.464603][ T47] ffff888015f64500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.472629][ T47] ffff888015f64580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.480654][ T47] ==================================================================
[ 68.489431][ T47] Kernel panic - not syncing: panic_on_warn set ...
[ 68.496017][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 5.19.0-rc7-syzkaller #0
[ 68.504306][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 68.514352][ T47] Workqueue: hci0 hci_error_reset
[ 68.519345][ T47] Call Trace:
[ 68.522594][ T47]
[ 68.525495][ T47] dump_stack_lvl+0x57/0x7d
[ 68.529967][ T47] panic+0x227/0x466
[ 68.533916][ T47] ? panic_print_sys_info.part.0+0x69/0x69
[ 68.539689][ T47] ? preempt_schedule_common+0x59/0xc0
[ 68.545124][ T47] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 68.550640][ T47] ? preempt_schedule_thunk+0x16/0x18
[ 68.556008][ T47] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 68.561521][ T47] end_report.part.0+0x3f/0x7c
[ 68.566280][ T47] kasan_report.cold+0x93/0x1c6
[ 68.571097][ T47] ? __mutex_unlock_slowpath+0xa6/0x5e0
[ 68.576611][ T47] kasan_check_range+0x13d/0x180
[ 68.581515][ T47] __mutex_unlock_slowpath+0xa6/0x5e0
[ 68.586856][ T47] ? wait_for_completion_io_timeout+0x20/0x20
[ 68.592911][ T47] ? l2cap_conn_del+0x39c/0x720
[ 68.597739][ T47] ? kfree+0xd6/0x4d0
[ 68.601691][ T47] l2cap_conn_del+0x3a4/0x720
[ 68.606343][ T47] hci_conn_hash_flush+0xfb/0x210
[ 68.611340][ T47] hci_dev_close_sync+0x462/0xef0
[ 68.616337][ T47] ? hci_dev_open_sync+0x1b20/0x1b20
[ 68.621590][ T47] ? do_raw_spin_lock+0x120/0x2a0
[ 68.626580][ T47] hci_dev_do_close+0x23/0x60
[ 68.631224][ T47] hci_error_reset+0x79/0xf0
[ 68.635779][ T47] process_one_work+0x865/0x13d0
[ 68.640684][ T47] ? lock_release+0x780/0x780
[ 68.645327][ T47] ? pwq_dec_nr_in_flight+0x230/0x230
[ 68.650664][ T47] ? rwlock_bug.part.0+0x90/0x90
[ 68.655588][ T47] worker_thread+0x598/0xec0
[ 68.660146][ T47] ? process_one_work+0x13d0/0x13d0
[ 68.665312][ T47] kthread+0x299/0x340
[ 68.669347][ T47] ? kthread_complete_and_exit+0x20/0x20
[ 68.674946][ T47] ret_from_fork+0x1f/0x30
[ 68.679356][ T47]
[ 68.683065][ T47] Kernel Offset: disabled
[ 68.687363][ T47] Rebooting in 86400 seconds..