forked to background, child pid 3183
no interfaces have a carrier
[   18.290358][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0
[   18.298516][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts.
syzkaller login: [   39.932079][ T3610] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   39.939361][ T3610] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   39.946574][ T3610] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   39.954318][ T3610] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   39.961781][ T3610] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   39.969029][ T3610] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   39.976889][ T3607] Bluetooth: hci0: HCI_REQ-0x0c1a
[   40.021091][ T3607] chnl_net:caif_netlink_parms(): no params data found
[   40.047615][ T3607] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.055060][ T3607] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.062902][ T3607] device bridge_slave_0 entered promiscuous mode
[   40.070612][ T3607] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.077660][ T3607] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.085376][ T3607] device bridge_slave_1 entered promiscuous mode
[   40.099788][ T3607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   40.110211][ T3607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   40.127027][ T3607] team0: Port device team_slave_0 added
[   40.133662][ T3607] team0: Port device team_slave_1 added
[   40.146398][ T3607] batman_adv: batadv0: Adding interface: batadv_slave_0
[   40.153687][ T3607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   40.180645][ T3607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   40.192464][ T3607] batman_adv: batadv0: Adding interface: batadv_slave_1
[   40.199404][ T3607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   40.225347][ T3607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   40.246508][ T3607] device hsr_slave_0 entered promiscuous mode
[   40.253018][ T3607] device hsr_slave_1 entered promiscuous mode
[   40.297707][ T3607] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   40.306119][ T3607] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   40.314526][ T3607] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   40.322616][ T3607] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   40.336275][ T3607] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.343354][ T3607] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.350666][ T3607] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.357822][ T3607] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.385227][ T3607] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.395835][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.404496][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.412414][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.419888][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   40.429899][ T3607] 8021q: adding VLAN 0 to HW filter on device team0
[   40.438490][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.447073][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.454128][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.463525][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.471895][ T3616] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.479280][ T3616] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.497355][ T3607] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   40.508015][ T3607] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   40.521441][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   40.529835][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   40.538363][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.546809][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.555270][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   40.562941][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   40.578175][ T3607] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.585877][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   40.593784][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   40.610957][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.623530][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.632229][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   40.640485][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   40.649347][ T3607] device veth0_vlan entered promiscuous mode
[   40.658502][ T3607] device veth1_vlan entered promiscuous mode
[   40.671894][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   40.679882][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   40.688071][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.697985][ T3607] device veth0_macvtap entered promiscuous mode
[   40.706083][ T3607] device veth1_macvtap entered promiscuous mode
[   40.717594][ T3607] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.725933][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.734877][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
executing program
[   40.744370][ T3607] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.752153][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.762403][ T3607] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.771490][ T3607] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.780430][ T3607] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.789131][ T3607] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.809482][ T3619] ==================================================================
[   40.817681][ T3619] BUG: KASAN: use-after-free in nf_tables_trans_destroy_work+0x7f4/0x820
[   40.826293][ T3619] Read of size 1 at addr ffff88801bf29954 by task kworker/1:4/3619
[   40.834343][ T3619] 
[   40.836646][ T3619] CPU: 1 PID: 3619 Comm: kworker/1:4 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
[   40.846515][ T3619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   40.856686][ T3619] Workqueue: events nf_tables_trans_destroy_work
[   40.863023][ T3619] Call Trace:
[   40.866380][ T3619]  <TASK>
[   40.869310][ T3619]  dump_stack_lvl+0xcd/0x134
[   40.873911][ T3619]  print_report.cold+0x2ba/0x719
[   40.879026][ T3619]  ? nf_tables_trans_destroy_work+0x7f4/0x820
[   40.885106][ T3619]  kasan_report+0xb1/0x1e0
[   40.889531][ T3619]  ? nf_tables_trans_destroy_work+0x7f4/0x820
[   40.895610][ T3619]  nf_tables_trans_destroy_work+0x7f4/0x820
[   40.901685][ T3619]  ? nf_tables_destroy_set+0xa0/0xa0
[   40.907059][ T3619]  ? __switch_to+0x5cc/0x1050
[   40.911735][ T3619]  process_one_work+0x991/0x1610
[   40.916678][ T3619]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   40.922050][ T3619]  ? rwlock_bug.part.0+0x90/0x90
[   40.927170][ T3619]  worker_thread+0x665/0x1080
[   40.931852][ T3619]  ? __kthread_parkme+0x15f/0x220
[   40.936869][ T3619]  ? process_one_work+0x1610/0x1610
[   40.942067][ T3619]  kthread+0x2e4/0x3a0
[   40.946132][ T3619]  ? kthread_complete_and_exit+0x40/0x40
[   40.951950][ T3619]  ret_from_fork+0x1f/0x30
[   40.956460][ T3619]  </TASK>
[   40.959470][ T3619] 
[   40.961787][ T3619] Allocated by task 3607:
[   40.966104][ T3619]  kasan_save_stack+0x1e/0x40
[   40.970782][ T3619]  __kasan_kmalloc+0xa9/0xd0
[   40.975632][ T3619]  nf_tables_addchain.constprop.0+0x7ff/0x1830
[   40.981794][ T3619]  nf_tables_newchain+0x16d1/0x1ef0
[   40.986997][ T3619]  nfnetlink_rcv_batch+0x171f/0x2600
[   40.992464][ T3619]  nfnetlink_rcv+0x3af/0x420
[   40.997053][ T3619]  netlink_unicast+0x543/0x7f0
[   41.001808][ T3619]  netlink_sendmsg+0x917/0xe10
[   41.006561][ T3619]  sock_sendmsg+0xcf/0x120
[   41.010978][ T3619]  ____sys_sendmsg+0x712/0x8c0
[   41.015740][ T3619]  ___sys_sendmsg+0x110/0x1b0
[   41.020411][ T3619]  __sys_sendmsg+0xf3/0x1c0
[   41.024905][ T3619]  do_syscall_64+0x35/0xb0
[   41.029322][ T3619]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.035217][ T3619] 
[   41.037702][ T3619] Freed by task 3607:
[   41.041668][ T3619]  kasan_save_stack+0x1e/0x40
[   41.046346][ T3619]  kasan_set_track+0x21/0x30
[   41.050938][ T3619]  kasan_set_free_info+0x20/0x30
[   41.055873][ T3619]  ____kasan_slab_free+0x166/0x1c0
[   41.060982][ T3619]  slab_free_freelist_hook+0x8b/0x1c0
[   41.066869][ T3619]  kfree+0xe2/0x580
[   41.070668][ T3619]  nf_tables_chain_destroy+0x4ec/0x640
[   41.076223][ T3619]  __nft_release_table+0x96c/0xcd0
[   41.081333][ T3619]  nft_rcv_nl_event+0x3f6/0x5b0
[   41.086270][ T3619]  notifier_call_chain+0xb5/0x200
[   41.091290][ T3619]  blocking_notifier_call_chain+0x67/0x90
[   41.097025][ T3619]  netlink_release+0xcad/0x1db0
[   41.101892][ T3619]  __sock_release+0xcd/0x280
[   41.106491][ T3619]  sock_close+0x18/0x20
[   41.110645][ T3619]  __fput+0x27c/0xa90
[   41.114628][ T3619]  task_work_run+0xdd/0x1a0
[   41.119135][ T3619]  exit_to_user_mode_prepare+0x23c/0x250
[   41.124765][ T3619]  syscall_exit_to_user_mode+0x19/0x50
[   41.130218][ T3619]  do_syscall_64+0x42/0xb0
[   41.134805][ T3619]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.140697][ T3619] 
[   41.143008][ T3619] The buggy address belongs to the object at ffff88801bf29900
[   41.143008][ T3619]  which belongs to the cache kmalloc-cg-128 of size 128
[   41.157404][ T3619] The buggy address is located 84 bytes inside of
[   41.157404][ T3619]  128-byte region [ffff88801bf29900, ffff88801bf29980)
[   41.170767][ T3619] 
[   41.173083][ T3619] The buggy address belongs to the physical page:
[   41.179477][ T3619] page:ffffea00006fca40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bf29
[   41.189625][ T3619] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   41.197172][ T3619] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888011842a00
[   41.205757][ T3619] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   41.214335][ T3619] page dumped because: kasan: bad access detected
[   41.220735][ T3619] page_owner tracks the page as allocated
[   41.226608][ T3619] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3607, tgid 3607 (syz-executor159), ts 40604180427, free_ts 40577443917
[   41.245204][ T3619]  get_page_from_freelist+0x109b/0x2ce0
[   41.250759][ T3619]  __alloc_pages+0x1c7/0x510
[   41.255346][ T3619]  alloc_pages+0x1a6/0x270
[   41.259756][ T3619]  allocate_slab+0x27e/0x3d0
[   41.264354][ T3619]  ___slab_alloc+0x84f/0xe80
[   41.268947][ T3619]  __slab_alloc.constprop.0+0x4d/0xa0
[   41.274315][ T3619]  kmem_cache_alloc_trace+0x323/0x3e0
[   41.279681][ T3619]  rtm_to_ifaddr+0x240/0xc40
[   41.284270][ T3619]  inet_rtm_newaddr+0x126/0x980
[   41.289133][ T3619]  rtnetlink_rcv_msg+0x43a/0xca0
[   41.294080][ T3619]  netlink_rcv_skb+0x153/0x420
[   41.298837][ T3619]  netlink_unicast+0x543/0x7f0
[   41.303597][ T3619]  netlink_sendmsg+0x917/0xe10
[   41.308353][ T3619]  sock_sendmsg+0xcf/0x120
[   41.312774][ T3619]  __sys_sendto+0x236/0x340
[   41.317268][ T3619]  __x64_sys_sendto+0xdd/0x1b0
[   41.322033][ T3619] page last free stack trace:
[   41.326691][ T3619]  free_pcp_prepare+0x5e4/0xd20
[   41.331547][ T3619]  free_unref_page+0x19/0x4d0
[   41.336220][ T3619]  qlist_free_all+0x6a/0x170
[   41.340888][ T3619]  kasan_quarantine_reduce+0x180/0x200
[   41.346342][ T3619]  __kasan_slab_alloc+0xa2/0xc0
[   41.351195][ T3619]  kmem_cache_alloc_trace+0x2c0/0x3e0
[   41.356570][ T3619]  netdevice_event+0x1ad/0x8b0
[   41.361327][ T3619]  notifier_call_chain+0xb5/0x200
[   41.366347][ T3619]  call_netdevice_notifiers_info+0xb5/0x130
[   41.372231][ T3619]  __dev_notify_flags+0x110/0x2b0
[   41.377256][ T3619]  dev_change_flags+0x112/0x170
[   41.382144][ T3619]  do_setlink+0x9f1/0x3bb0
[   41.386648][ T3619]  __rtnl_newlink+0xd6a/0x17e0
[   41.391411][ T3619]  rtnl_newlink+0x64/0xa0
[   41.395737][ T3619]  rtnetlink_rcv_msg+0x43a/0xca0
[   41.400670][ T3619]  netlink_rcv_skb+0x153/0x420
[   41.405426][ T3619] 
[   41.407739][ T3619] Memory state around the buggy address:
[   41.413355][ T3619]  ffff88801bf29800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   41.421408][ T3619]  ffff88801bf29880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.429456][ T3619] >ffff88801bf29900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.437508][ T3619]                                                  ^
[   41.444169][ T3619]  ffff88801bf29980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.452219][ T3619]  ffff88801bf29a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.460267][ T3619] ==================================================================
[   41.475728][ T3619] Kernel panic - not syncing: panic_on_warn set ...
[   41.482429][ T3619] CPU: 1 PID: 3619 Comm: kworker/1:4 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
[   41.492130][ T3619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   41.502641][ T3619] Workqueue: events nf_tables_trans_destroy_work
[   41.508962][ T3619] Call Trace:
[   41.512226][ T3619]  <TASK>
[   41.515142][ T3619]  dump_stack_lvl+0xcd/0x134
[   41.519715][ T3619]  panic+0x2c8/0x622
[   41.523908][ T3619]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   41.529976][ T3619]  ? preempt_schedule_common+0x59/0xc0
[   41.535532][ T3619]  ? preempt_schedule_thunk+0x16/0x18
[   41.540896][ T3619]  ? nf_tables_trans_destroy_work+0x7f4/0x820
[   41.546953][ T3619]  end_report.part.0+0x3f/0x7c
[   41.551730][ T3619]  kasan_report.cold+0xa/0xf
[   41.556301][ T3619]  ? nf_tables_trans_destroy_work+0x7f4/0x820
[   41.562356][ T3619]  nf_tables_trans_destroy_work+0x7f4/0x820
[   41.568409][ T3619]  ? nf_tables_destroy_set+0xa0/0xa0
[   41.573710][ T3619]  ? __switch_to+0x5cc/0x1050
[   41.578374][ T3619]  process_one_work+0x991/0x1610
[   41.583303][ T3619]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   41.588757][ T3619]  ? rwlock_bug.part.0+0x90/0x90
[   41.593725][ T3619]  worker_thread+0x665/0x1080
[   41.598403][ T3619]  ? __kthread_parkme+0x15f/0x220
[   41.603437][ T3619]  ? process_one_work+0x1610/0x1610
[   41.608643][ T3619]  kthread+0x2e4/0x3a0
[   41.612764][ T3619]  ? kthread_complete_and_exit+0x40/0x40
[   41.618381][ T3619]  ret_from_fork+0x1f/0x30
[   41.622797][ T3619]  </TASK>
[   41.626505][ T3619] Kernel Offset: disabled
[   41.630863][ T3619] Rebooting in 86400 seconds..