[ 64.136374][ T31] bridge0: port 1(bridge_slave_0) entered disabled state
[ 64.154841][ T31] device veth1_macvtap left promiscuous mode
[ 64.161352][ T31] device veth0_macvtap left promiscuous mode
[ 64.169397][ T31] device veth1_vlan left promiscuous mode
[ 64.175746][ T31] device veth0_vlan left promiscuous mode
[ 64.423673][ T31] team0 (unregistering): Port device team_slave_1 removed
[ 64.442620][ T31] team0 (unregistering): Port device team_slave_0 removed
[ 64.463351][ T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 64.481521][ T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 64.567129][ T31] bond0 (unregistering): Released all slaves
[ 81.499788][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
2023/01/15 23:41:43 ignoring optional flag "sandboxArg"="0"
2023/01/15 23:41:43 parsed 1 programs
2023/01/15 23:41:43 executed programs: 0
[ 86.936953][ T4393] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 86.945719][ T4393] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 86.954457][ T4393] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 86.962115][ T4393] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 86.969889][ T4393] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 87.076605][ T5540] chnl_net:caif_netlink_parms(): no params data found
[ 87.119167][ T5540] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.126744][ T5540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.134799][ T5540] device bridge_slave_0 entered promiscuous mode
[ 87.143190][ T5540] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.150629][ T5540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.159052][ T5540] device bridge_slave_1 entered promiscuous mode
[ 87.179581][ T5540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.191086][ T5540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.214742][ T5540] team0: Port device team_slave_0 added
[ 87.222711][ T5540] team0: Port device team_slave_1 added
[ 87.242198][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.249309][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.275751][ T5540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.289245][ T5540] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.296743][ T5540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.323330][ T5540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.354579][ T5540] device hsr_slave_0 entered promiscuous mode
[ 87.361601][ T5540] device hsr_slave_1 entered promiscuous mode
[ 88.211362][ T5540] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 88.222014][ T5540] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 88.232862][ T5540] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 88.245444][ T5540] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 88.331019][ T5540] 8021q: adding VLAN 0 to HW filter on device bond0
[ 88.346055][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 88.355402][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 88.368259][ T5540] 8021q: adding VLAN 0 to HW filter on device team0
[ 88.383141][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 88.392758][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 88.402508][ T5099] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.410845][ T5099] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 88.428885][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 88.438422][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 88.448135][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 88.456763][ T5099] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.464044][ T5099] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 88.472472][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 88.497843][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 88.508276][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 88.518805][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 88.529172][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 88.538309][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 88.546922][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 88.556080][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 88.567738][ T5540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 88.578038][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 88.820626][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 88.828912][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 88.842685][ T5540] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 88.867137][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 88.878770][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 88.903069][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 88.914711][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 88.925953][ T5540] device veth0_vlan entered promiscuous mode
[ 88.935545][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 88.945068][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 88.960506][ T5540] device veth1_vlan entered promiscuous mode
[ 88.990089][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 89.000304][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 89.010733][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 89.019947][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 89.028579][ T48] Bluetooth: hci0: command 0x0409 tx timeout
[ 89.042325][ T5540] device veth0_macvtap entered promiscuous mode
[ 89.053962][ T5540] device veth1_macvtap entered promiscuous mode
[ 89.073857][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 89.081710][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 89.091024][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 89.100755][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 89.110003][ T5099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 89.122971][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 89.133520][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 89.143463][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 89.155092][ T5540] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.171037][ T5540] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.188921][ T5540] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.198141][ T5540] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.263986][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.282310][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.295259][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 89.310543][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.319633][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.331305][ T5091] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 90.235963][ T5593] ==================================================================
[ 90.244078][ T5593] BUG: KASAN: use-after-free in io_fallback_req_func+0xce/0x2fd
[ 90.251818][ T5593] Read of size 8 at addr ffff88807ed29948 by task kworker/1:4/5593
[ 90.259894][ T5593]
[ 90.262564][ T5593] CPU: 1 PID: 5593 Comm: kworker/1:4 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[ 90.272725][ T5593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 90.282800][ T5593] Workqueue: events io_fallback_req_func
[ 90.288579][ T5593] Call Trace:
[ 90.291860][ T5593]
[ 90.294797][ T5593] dump_stack_lvl+0xd1/0x138
[ 90.299400][ T5593] print_report+0x15e/0x45d
[ 90.303926][ T5593] ? __phys_addr+0xc8/0x140
[ 90.308450][ T5593] ? io_fallback_req_func+0xce/0x2fd
[ 90.313840][ T5593] kasan_report+0xc0/0xf0
[ 90.318186][ T5593] ? io_fallback_req_func+0xce/0x2fd
[ 90.323491][ T5593] io_fallback_req_func+0xce/0x2fd
[ 90.328884][ T5593] ? trace_lock_acquire+0x1f1/0x290
[ 90.334178][ T5593] ? __io_commit_cqring_flush.cold+0x42/0x42
[ 90.340183][ T5593] process_one_work+0x9bf/0x1750
[ 90.345319][ T5593] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 90.351170][ T5593] ? rcu_read_lock_sched_held+0x3e/0x70
[ 90.357098][ T5593] ? rwlock_bug.part.0+0x90/0x90
[ 90.362343][ T5593] ? move_linked_works+0x1ec/0x2f0
[ 90.367566][ T5593] worker_thread+0x807/0x1090
[ 90.372297][ T5593] ? __kthread_parkme+0x163/0x220
[ 90.377422][ T5593] ? process_one_work+0x1750/0x1750
[ 90.382754][ T5593] kthread+0x2e8/0x3a0
[ 90.386935][ T5593] ? kthread_complete_and_exit+0x40/0x40
[ 90.392679][ T5593] ret_from_fork+0x1f/0x30
[ 90.397216][ T5593]
[ 90.400320][ T5593]
[ 90.402639][ T5593] Allocated by task 5603:
[ 90.406969][ T5593] kasan_save_stack+0x22/0x40
[ 90.411744][ T5593] kasan_set_track+0x25/0x30
[ 90.416344][ T5593] __kasan_slab_alloc+0x7f/0x90
[ 90.421380][ T5593] kmem_cache_alloc_bulk+0x3aa/0x730
[ 90.426759][ T5593] __io_alloc_req_refill+0xcc/0x40b
[ 90.432070][ T5593] io_submit_sqes.cold+0x7c/0xc2
[ 90.437109][ T5593] __do_sys_io_uring_enter+0x9e4/0x2c10
[ 90.442670][ T5593] do_syscall_64+0x39/0xb0
[ 90.447193][ T5593] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.453130][ T5593]
[ 90.455482][ T5593] Freed by task 1170:
[ 90.459543][ T5593] kasan_save_stack+0x22/0x40
[ 90.464233][ T5593] kasan_set_track+0x25/0x30
[ 90.468921][ T5593] kasan_save_free_info+0x2e/0x40
[ 90.474138][ T5593] ____kasan_slab_free+0x160/0x1c0
[ 90.479279][ T5593] slab_free_freelist_hook+0x8b/0x1c0
[ 90.484667][ T5593] kmem_cache_free+0xec/0x4e0
[ 90.489420][ T5593] io_req_caches_free+0x1a9/0x1e6
[ 90.494541][ T5593] io_ring_exit_work+0x2e7/0xc80
[ 90.499495][ T5593] process_one_work+0x9bf/0x1750
[ 90.504458][ T5593] worker_thread+0x669/0x1090
[ 90.509347][ T5593] kthread+0x2e8/0x3a0
[ 90.513534][ T5593] ret_from_fork+0x1f/0x30
[ 90.517976][ T5593]
[ 90.520303][ T5593] The buggy address belongs to the object at ffff88807ed298c0
[ 90.520303][ T5593] which belongs to the cache io_kiocb of size 224
[ 90.534136][ T5593] The buggy address is located 136 bytes inside of
[ 90.534136][ T5593] 224-byte region [ffff88807ed298c0, ffff88807ed299a0)
[ 90.548111][ T5593]
[ 90.550433][ T5593] The buggy address belongs to the physical page:
[ 90.556943][ T5593] page:ffffea0001fb4a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ed29
[ 90.567293][ T5593] memcg:ffff8880290cd081
[ 90.571814][ T5593] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 90.579392][ T5593] raw: 00fff00000000200 ffff8881462e6280 dead000000000122 0000000000000000
[ 90.588182][ T5593] raw: 0000000000000000 00000000800c000c 00000001ffffffff ffff8880290cd081
[ 90.596854][ T5593] page dumped because: kasan: bad access detected
[ 90.603268][ T5593] page_owner tracks the page as allocated
[ 90.609514][ T5593] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5603, tgid 5602 (syz-executor.0), ts 89380836523, free_ts 88705663139
[ 90.628133][ T5593] get_page_from_freelist+0x11bb/0x2d50
[ 90.633711][ T5593] __alloc_pages+0x1cb/0x5c0
[ 90.638590][ T5593] alloc_pages+0x1aa/0x270
[ 90.643018][ T5593] allocate_slab+0x25f/0x350
[ 90.647699][ T5593] ___slab_alloc+0xa91/0x1400
[ 90.652378][ T5593] kmem_cache_alloc_bulk+0x23d/0x730
[ 90.657672][ T5593] __io_alloc_req_refill+0xcc/0x40b
[ 90.662886][ T5593] io_submit_sqes.cold+0x7c/0xc2
[ 90.667832][ T5593] __do_sys_io_uring_enter+0x9e4/0x2c10
[ 90.673475][ T5593] do_syscall_64+0x39/0xb0
[ 90.677921][ T5593] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.683832][ T5593] page last free stack trace:
[ 90.688497][ T5593] free_pcp_prepare+0x4d0/0x910
[ 90.693377][ T5593] free_unref_page_list+0x176/0xcd0
[ 90.698678][ T5593] release_pages+0xcb1/0x1330
[ 90.703541][ T5593] tlb_batch_pages_flush+0xa8/0x1a0
[ 90.708755][ T5593] tlb_finish_mmu+0x14b/0x7e0
[ 90.713530][ T5593] exit_mmap+0x202/0x7c0
[ 90.717871][ T5593] __mmput+0x128/0x4c0
[ 90.721952][ T5593] mmput+0x60/0x70
[ 90.725706][ T5593] do_exit+0x9ac/0x2a90
[ 90.729995][ T5593] do_group_exit+0xd4/0x2a0
[ 90.734523][ T5593] __x64_sys_exit_group+0x3e/0x50
[ 90.739640][ T5593] do_syscall_64+0x39/0xb0
[ 90.744155][ T5593] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.750170][ T5593]
[ 90.752494][ T5593] Memory state around the buggy address:
[ 90.758295][ T5593] ffff88807ed29800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 90.766361][ T5593] ffff88807ed29880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 90.774437][ T5593] >ffff88807ed29900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 90.782756][ T5593] ^
[ 90.789430][ T5593] ffff88807ed29980: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 90.797582][ T5593] ffff88807ed29a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 90.805818][ T5593] ==================================================================
[ 90.875125][ T5593] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.882377][ T5593] CPU: 1 PID: 5593 Comm: kworker/1:4 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[ 90.892735][ T5593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 90.902814][ T5593] Workqueue: events io_fallback_req_func
[ 90.908668][ T5593] Call Trace:
[ 90.912042][ T5593]
[ 90.915411][ T5593] dump_stack_lvl+0xd1/0x138
[ 90.920024][ T5593] panic+0x2cc/0x626
[ 90.924144][ T5593] ? panic_print_sys_info.part.0+0x112/0x112
[ 90.930353][ T5593] ? preempt_schedule_thunk+0x1a/0x20
[ 90.935759][ T5593] ? preempt_schedule_common+0x59/0xc0
[ 90.941525][ T5593] check_panic_on_warn.cold+0x19/0x35
[ 90.947024][ T5593] end_report.part.0+0x36/0x73
[ 90.951799][ T5593] ? io_fallback_req_func+0xce/0x2fd
[ 90.957094][ T5593] kasan_report.cold+0xa/0xf
[ 90.961781][ T5593] ? io_fallback_req_func+0xce/0x2fd
[ 90.967090][ T5593] io_fallback_req_func+0xce/0x2fd
[ 90.972222][ T5593] ? trace_lock_acquire+0x1f1/0x290
[ 90.977518][ T5593] ? __io_commit_cqring_flush.cold+0x42/0x42
[ 90.983520][ T5593] process_one_work+0x9bf/0x1750
[ 90.988491][ T5593] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 90.993900][ T5593] ? rcu_read_lock_sched_held+0x3e/0x70
[ 90.999497][ T5593] ? rwlock_bug.part.0+0x90/0x90
[ 91.004542][ T5593] ? move_linked_works+0x1ec/0x2f0
[ 91.009780][ T5593] worker_thread+0x807/0x1090
[ 91.014506][ T5593] ? __kthread_parkme+0x163/0x220
[ 91.019553][ T5593] ? process_one_work+0x1750/0x1750
[ 91.024878][ T5593] kthread+0x2e8/0x3a0
[ 91.029051][ T5593] ? kthread_complete_and_exit+0x40/0x40
[ 91.034698][ T5593] ret_from_fork+0x1f/0x30
[ 91.039242][ T5593]
[ 91.042491][ T5593] Kernel Offset: disabled
[ 91.046811][ T5593] Rebooting in 86400 seconds..