[   63.983064][   T42] device veth1_macvtap left promiscuous mode
[   63.989642][   T42] device veth0_macvtap left promiscuous mode
[   63.995796][   T42] device veth1_vlan left promiscuous mode
[   64.002410][   T42] device veth0_vlan left promiscuous mode
[   64.235023][   T42] team0 (unregistering): Port device team_slave_1 removed
[   64.250605][   T42] team0 (unregistering): Port device team_slave_0 removed
[   64.261904][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   64.274440][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   64.321792][   T42] bond0 (unregistering): Released all slaves
[   76.258144][ T1703] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts.
2023/01/17 02:38:28 ignoring optional flag "sandboxArg"="0"
2023/01/17 02:38:28 parsed 1 programs
2023/01/17 02:38:28 executed programs: 0
[   84.464470][ T4396] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.472398][ T4396] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.481140][ T4396] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.489388][ T4396] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.497046][ T4396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.591350][ T5537] chnl_net:caif_netlink_parms(): no params data found
[   84.626580][ T5537] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.633816][ T5537] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.641813][ T5537] device bridge_slave_0 entered promiscuous mode
[   84.650140][ T5537] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.657561][ T5537] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.665323][ T5537] device bridge_slave_1 entered promiscuous mode
[   84.684794][ T5537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.697561][ T5537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.718750][ T5537] team0: Port device team_slave_0 added
[   84.726919][ T5537] team0: Port device team_slave_1 added
[   84.743688][ T5537] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.750875][ T5537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.777060][ T5537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.790075][ T5537] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.797571][ T5537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.823721][ T5537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.852066][ T5537] device hsr_slave_0 entered promiscuous mode
[   84.858882][ T5537] device hsr_slave_1 entered promiscuous mode
[   85.478284][ T5537] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.489245][ T5537] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.499333][ T5537] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.509962][ T5537] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.535656][ T5537] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.542942][ T5537] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.550829][ T5537] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.558020][ T5537] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.625585][ T5537] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.633393][ T4775] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.643077][ T4775] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.653634][ T4775] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   85.674259][ T5537] 8021q: adding VLAN 0 to HW filter on device team0
[   85.682028][ T4775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   85.690315][ T4775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.706110][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   85.715257][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.724904][ T5088] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.732178][ T5088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.740539][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   85.749675][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.758399][ T5088] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.765762][ T5088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.789992][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   85.799475][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   85.810116][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   85.820439][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   85.838731][ T5537] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   85.854359][ T5537] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   85.870859][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   85.880496][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   85.890955][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   85.900122][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   85.910924][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   85.924123][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   86.128709][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   86.137400][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   86.151003][ T5537] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.174326][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   86.186372][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   86.209809][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   86.218978][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   86.230568][ T5537] device veth0_vlan entered promiscuous mode
[   86.240923][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   86.250847][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   86.262629][ T5537] device veth1_vlan entered promiscuous mode
[   86.287996][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   86.296676][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   86.305414][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   86.315159][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.326929][ T5537] device veth0_macvtap entered promiscuous mode
[   86.338379][ T5537] device veth1_macvtap entered promiscuous mode
[   86.357510][ T5537] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.364888][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   86.374003][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   86.382601][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   86.391614][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.404344][ T5537] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.412793][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   86.423218][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.434362][ T5537] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.445713][ T5537] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.455166][ T5537] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.464816][ T5537] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.540881][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.555311][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.576878][ T5077] Bluetooth: hci0: command 0x0409 tx timeout
[   86.585929][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   86.595172][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.605851][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.617891][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   87.498375][   T29] ==================================================================
[   87.506832][   T29] BUG: KASAN: use-after-free in io_req_caches_free+0x1a8/0x201
[   87.514418][   T29] Read of size 8 at addr ffff88802848f938 by task kworker/u4:2/29
[   87.522331][   T29] 
[   87.524670][   T29] CPU: 0 PID: 29 Comm: kworker/u4:2 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   87.534665][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   87.544842][   T29] Workqueue: events_unbound io_ring_exit_work
[   87.550963][   T29] Call Trace:
[   87.554432][   T29]  <TASK>
[   87.557391][   T29]  dump_stack_lvl+0xd1/0x138
[   87.562108][   T29]  print_report+0x15e/0x45d
[   87.567060][   T29]  ? __phys_addr+0xc8/0x140
[   87.571605][   T29]  ? io_req_caches_free+0x1a8/0x201
[   87.576832][   T29]  kasan_report+0xc0/0xf0
[   87.581363][   T29]  ? io_req_caches_free+0x1a8/0x201
[   87.586607][   T29]  io_req_caches_free+0x1a8/0x201
[   87.591671][   T29]  io_ring_exit_work+0x2e7/0xc80
[   87.596643][   T29]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   87.603002][   T29]  ? lock_release+0x810/0x810
[   87.607973][   T29]  ? process_one_work+0x8a1/0x1750
[   87.613116][   T29]  ? rcu_read_lock_sched_held+0x3e/0x70
[   87.618955][   T29]  ? trace_lock_acquire+0x1f1/0x290
[   87.624190][   T29]  process_one_work+0x9bf/0x1750
[   87.629164][   T29]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   87.634579][   T29]  ? rcu_read_lock_sched_held+0x3e/0x70
[   87.640151][   T29]  ? rwlock_bug.part.0+0x90/0x90
[   87.645478][   T29]  ? lock_acquire+0x32/0xc0
[   87.650025][   T29]  ? worker_thread+0x16d/0x1090
[   87.654908][   T29]  worker_thread+0x669/0x1090
[   87.659618][   T29]  ? process_one_work+0x1750/0x1750
[   87.664938][   T29]  kthread+0x2e8/0x3a0
[   87.669118][   T29]  ? kthread_complete_and_exit+0x40/0x40
[   87.674776][   T29]  ret_from_fork+0x1f/0x30
[   87.679311][   T29]  </TASK>
[   87.682337][   T29] 
[   87.684685][   T29] Allocated by task 5603:
[   87.689106][   T29]  kasan_save_stack+0x22/0x40
[   87.693920][   T29]  kasan_set_track+0x25/0x30
[   87.698529][   T29]  __kasan_slab_alloc+0x7f/0x90
[   87.703400][   T29]  kmem_cache_alloc_bulk+0x3aa/0x730
[   87.708706][   T29]  __io_alloc_req_refill+0xcc/0x40b
[   87.714003][   T29]  io_submit_sqes.cold+0x7c/0xc2
[   87.718980][   T29]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   87.724575][   T29]  do_syscall_64+0x39/0xb0
[   87.729035][   T29]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   87.734964][   T29] 
[   87.737292][   T29] Freed by task 29:
[   87.741105][   T29]  kasan_save_stack+0x22/0x40
[   87.745831][   T29]  kasan_set_track+0x25/0x30
[   87.750614][   T29]  kasan_save_free_info+0x2e/0x40
[   87.755665][   T29]  ____kasan_slab_free+0x160/0x1c0
[   87.760808][   T29]  slab_free_freelist_hook+0x8b/0x1c0
[   87.766198][   T29]  kmem_cache_free+0xec/0x4e0
[   87.770897][   T29]  io_req_caches_free+0x1c4/0x201
[   87.776035][   T29]  io_ring_exit_work+0x2e7/0xc80
[   87.781082][   T29]  process_one_work+0x9bf/0x1750
[   87.786050][   T29]  worker_thread+0x669/0x1090
[   87.790938][   T29]  kthread+0x2e8/0x3a0
[   87.795138][   T29]  ret_from_fork+0x1f/0x30
[   87.799767][   T29] 
[   87.802104][   T29] The buggy address belongs to the object at ffff88802848f8c0
[   87.802104][   T29]  which belongs to the cache io_kiocb of size 224
[   87.816278][   T29] The buggy address is located 120 bytes inside of
[   87.816278][   T29]  224-byte region [ffff88802848f8c0, ffff88802848f9a0)
[   87.829834][   T29] 
[   87.832179][   T29] The buggy address belongs to the physical page:
[   87.838602][   T29] page:ffffea0000a123c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2848f
[   87.848945][   T29] memcg:ffff888028e66b81
[   87.853202][   T29] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   87.860886][   T29] raw: 00fff00000000200 ffff88801bcba780 dead000000000122 0000000000000000
[   87.869582][   T29] raw: 0000000000000000 00000000000c000c 00000001ffffffff ffff888028e66b81
[   87.878262][   T29] page dumped because: kasan: bad access detected
[   87.884681][   T29] page_owner tracks the page as allocated
[   87.890495][   T29] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5603, tgid 5602 (syz-executor.0), ts 86682323238, free_ts 86643623166
[   87.909016][   T29]  get_page_from_freelist+0x11bb/0x2d50
[   87.914597][   T29]  __alloc_pages+0x1cb/0x5c0
[   87.919211][   T29]  alloc_pages+0x1aa/0x270
[   87.923652][   T29]  allocate_slab+0x25f/0x350
[   87.928347][   T29]  ___slab_alloc+0xa91/0x1400
[   87.933132][   T29]  kmem_cache_alloc_bulk+0x23d/0x730
[   87.938522][   T29]  __io_alloc_req_refill+0xcc/0x40b
[   87.943767][   T29]  io_submit_sqes.cold+0x7c/0xc2
[   87.948901][   T29]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   87.954478][   T29]  do_syscall_64+0x39/0xb0
[   87.958917][   T29]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   87.965014][   T29] page last free stack trace:
[   87.969867][   T29]  free_pcp_prepare+0x4d0/0x910
[   87.974741][   T29]  free_unref_page+0x1d/0x490
[   87.979446][   T29]  qlist_free_all+0x6a/0x170
[   87.984087][   T29]  kasan_quarantine_reduce+0x192/0x220
[   87.989579][   T29]  __kasan_slab_alloc+0x63/0x90
[   87.994625][   T29]  __kmem_cache_alloc_node+0x17c/0x330
[   88.000212][   T29]  __kmalloc_node+0x4d/0xd0
[   88.005026][   T29]  kvmalloc_node+0xa2/0x1a0
[   88.009560][   T29]  seq_read_iter+0x7fb/0x1280
[   88.014793][   T29]  kernfs_fop_read_iter+0x4ce/0x690
[   88.020019][   T29]  vfs_read+0x681/0x930
[   88.024214][   T29]  ksys_read+0x12b/0x250
[   88.028575][   T29]  do_syscall_64+0x39/0xb0
[   88.033021][   T29]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.039063][   T29] 
[   88.041394][   T29] Memory state around the buggy address:
[   88.047041][   T29]  ffff88802848f800: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   88.055204][   T29]  ffff88802848f880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   88.063286][   T29] >ffff88802848f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.072586][   T29]                                         ^
[   88.078496][   T29]  ffff88802848f980: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   88.086745][   T29]  ffff88802848fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   88.094989][   T29] ==================================================================
[   88.120415][   T29] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   88.127915][   T29] CPU: 0 PID: 29 Comm: kworker/u4:2 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[   88.138008][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   88.148355][   T29] Workqueue: events_unbound io_ring_exit_work
[   88.154556][   T29] Call Trace:
[   88.157854][   T29]  <TASK>
[   88.160801][   T29]  dump_stack_lvl+0xd1/0x138
[   88.165589][   T29]  panic+0x2cc/0x626
[   88.169520][   T29]  ? panic_print_sys_info.part.0+0x112/0x112
[   88.175555][   T29]  ? preempt_schedule_thunk+0x1a/0x20
[   88.181050][   T29]  ? preempt_schedule_common+0x59/0xc0
[   88.186719][   T29]  check_panic_on_warn.cold+0x19/0x35
[   88.192223][   T29]  end_report.part.0+0x36/0x73
[   88.197653][   T29]  ? io_req_caches_free+0x1a8/0x201
[   88.202878][   T29]  kasan_report.cold+0xa/0xf
[   88.207524][   T29]  ? io_req_caches_free+0x1a8/0x201
[   88.212857][   T29]  io_req_caches_free+0x1a8/0x201
[   88.217998][   T29]  io_ring_exit_work+0x2e7/0xc80
[   88.223430][   T29]  ? io_uring_try_cancel_requests+0xa66/0xa66
[   88.229530][   T29]  ? lock_release+0x810/0x810
[   88.234208][   T29]  ? process_one_work+0x8a1/0x1750
[   88.239332][   T29]  ? rcu_read_lock_sched_held+0x3e/0x70
[   88.244873][   T29]  ? trace_lock_acquire+0x1f1/0x290
[   88.250066][   T29]  process_one_work+0x9bf/0x1750
[   88.255004][   T29]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   88.260375][   T29]  ? rcu_read_lock_sched_held+0x3e/0x70
[   88.265928][   T29]  ? rwlock_bug.part.0+0x90/0x90
[   88.270867][   T29]  ? lock_acquire+0x32/0xc0
[   88.275540][   T29]  ? worker_thread+0x16d/0x1090
[   88.280401][   T29]  worker_thread+0x669/0x1090
[   88.285080][   T29]  ? process_one_work+0x1750/0x1750
[   88.290285][   T29]  kthread+0x2e8/0x3a0
[   88.294379][   T29]  ? kthread_complete_and_exit+0x40/0x40
[   88.300190][   T29]  ret_from_fork+0x1f/0x30
[   88.304626][   T29]  </TASK>
[   88.307926][   T29] Kernel Offset: disabled
[   88.312260][   T29] Rebooting in 86400 seconds..