[ 44.716267][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.724992][ T8] device veth1_macvtap left promiscuous mode
[ 44.731014][ T8] device veth0_macvtap left promiscuous mode
[ 44.737277][ T8] device veth1_vlan left promiscuous mode
[ 44.743075][ T8] device veth0_vlan left promiscuous mode
[ 44.808221][ T8] team0 (unregistering): Port device team_slave_1 removed
[ 44.816981][ T8] team0 (unregistering): Port device team_slave_0 removed
[ 44.826028][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 44.836135][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 44.859444][ T8] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts.
2022/07/16 16:57:15 parsed 1 programs
2022/07/16 16:57:15 executed programs: 0
[ 60.017450][ T3642] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 64.177449][ T3642] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 65.458103][ T1236] ieee802154 phy0 wpan0: encryption failed: -22
[ 65.464346][ T1236] ieee802154 phy1 wpan1: encryption failed: -22
[ 68.337479][ T3642] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 70.577970][ T6] cfg80211: failed to load regulatory.db
[ 72.497504][ T3642] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 76.657476][ T3642] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 80.817576][ T3642] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 84.977444][ T3642] Bluetooth: hci0: Opcode 0x c03 failed: -110
[ 87.059259][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 87.066684][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 87.073831][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 87.081414][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 87.088802][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 87.095913][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 87.128780][ T4122] chnl_net:caif_netlink_parms(): no params data found
[ 87.149700][ T4122] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.156741][ T4122] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.164318][ T4122] device bridge_slave_0 entered promiscuous mode
[ 87.171674][ T4122] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.178799][ T4122] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.186062][ T4122] device bridge_slave_1 entered promiscuous mode
[ 87.198565][ T4122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.208843][ T4122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.222826][ T4122] team0: Port device team_slave_0 added
[ 87.229225][ T4122] team0: Port device team_slave_1 added
[ 87.240128][ T4122] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.247127][ T4122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.273152][ T4122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.284368][ T4122] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.292438][ T4122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.318582][ T4122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.335838][ T4122] device hsr_slave_0 entered promiscuous mode
[ 87.342313][ T4122] device hsr_slave_1 entered promiscuous mode
[ 87.372245][ T4122] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.379295][ T4122] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.386505][ T4122] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.393541][ T4122] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.414690][ T4122] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.424095][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 87.432231][ T6] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.440759][ T6] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.448179][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 87.456967][ T4122] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.465427][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 87.473553][ T6] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.480581][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.489334][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 87.497647][ T22] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.504731][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.516243][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 87.524382][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 87.533676][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 87.544906][ T4122] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 87.555719][ T4122] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 87.567344][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 87.575300][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 87.584130][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 87.595331][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 87.602858][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 87.612258][ T4122] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.701642][ T4122] device veth0_vlan entered promiscuous mode
[ 87.708593][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 87.716946][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 87.725665][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 87.733429][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 87.742879][ T4122] device veth1_vlan entered promiscuous mode
[ 87.754613][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 87.762456][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 87.770574][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 87.779971][ T4122] device veth0_macvtap entered promiscuous mode
[ 87.787670][ T4122] device veth1_macvtap entered promiscuous mode
[ 87.798209][ T4122] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.806856][ T4122] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.814745][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 87.823249][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 87.831577][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 87.854198][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.868290][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.869996][ T1032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.875761][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 87.890825][ T1032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2022/07/16 16:57:46 executed programs: 1
[ 87.898859][ T3650] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 88.053232][ T3650] ==================================================================
[ 88.061298][ T3650] BUG: KASAN: use-after-free in consume_skb+0x23/0xf0
[ 88.068034][ T3650] Read of size 4 at addr ffff88806f0bcadc by task kworker/1:3/3650
[ 88.075894][ T3650]
[ 88.078195][ T3650] CPU: 1 PID: 3650 Comm: kworker/1:3 Not tainted 5.19.0-rc6-syzkaller #0
[ 88.086661][ T3650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 88.096692][ T3650] Workqueue: events bpf_map_free_deferred
[ 88.102383][ T3650] Call Trace:
[ 88.105635][ T3650]
[ 88.108543][ T3650] dump_stack_lvl+0x57/0x7d
[ 88.113022][ T3650] print_address_description.constprop.0.cold+0xeb/0x495
[ 88.120015][ T3650] ? consume_skb+0x23/0xf0
[ 88.124403][ T3650] kasan_report.cold+0xf4/0x1c6
[ 88.129223][ T3650] ? consume_skb+0x23/0xf0
[ 88.133609][ T3650] kasan_check_range+0x13d/0x180
[ 88.138519][ T3650] consume_skb+0x23/0xf0
[ 88.142815][ T3650] __sk_msg_free+0x198/0x340
[ 88.147373][ T3650] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 88.153199][ T3650] sk_psock_stop+0x3f3/0x640
[ 88.157855][ T3650] ? sk_psock_drop+0x145/0x350
[ 88.162592][ T3650] ? trace_hardirqs_on+0x2d/0x120
[ 88.167608][ T3650] sk_psock_drop+0x14f/0x350
[ 88.172167][ T3650] sock_hash_free+0x53f/0x730
[ 88.176837][ T3650] ? sock_map_seq_start+0x2b0/0x2b0
[ 88.182355][ T3650] process_one_work+0x865/0x13d0
[ 88.187262][ T3650] ? lock_release+0x780/0x780
[ 88.191904][ T3650] ? pwq_dec_nr_in_flight+0x230/0x230
[ 88.197242][ T3650] ? rwlock_bug.part.0+0x90/0x90
[ 88.202149][ T3650] worker_thread+0x598/0xec0
[ 88.206705][ T3650] ? __kthread_parkme+0xc1/0x1f0
[ 88.211610][ T3650] ? process_one_work+0x13d0/0x13d0
[ 88.216775][ T3650] kthread+0x299/0x340
[ 88.220810][ T3650] ? kthread_complete_and_exit+0x20/0x20
[ 88.226496][ T3650] ret_from_fork+0x1f/0x30
[ 88.230882][ T3650]
[ 88.233873][ T3650]
[ 88.236167][ T3650] Allocated by task 4151:
[ 88.240460][ T3650] kasan_save_stack+0x1e/0x40
[ 88.245107][ T3650] __kasan_slab_alloc+0x90/0xc0
[ 88.249979][ T3650] kmem_cache_alloc+0x204/0x3b0
[ 88.254828][ T3650] skb_clone+0x11c/0x2f0
[ 88.259058][ T3650] sk_psock_verdict_recv+0x48/0x610
[ 88.264229][ T3650] unix_read_sock+0xc4/0x1e0
[ 88.268786][ T3650] sk_psock_verdict_data_ready+0xf8/0x150
[ 88.274473][ T3650] unix_dgram_sendmsg+0xcc5/0x1790
[ 88.279577][ T3650] sock_sendmsg+0xab/0xe0
[ 88.283883][ T3650] ____sys_sendmsg+0x395/0x7a0
[ 88.288794][ T3650] ___sys_sendmsg+0xd3/0x150
[ 88.293360][ T3650] __sys_sendmmsg+0x141/0x310
[ 88.298007][ T3650] __x64_sys_sendmmsg+0x94/0x100
[ 88.302914][ T3650] do_syscall_64+0x35/0x80
[ 88.307301][ T3650] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 88.313165][ T3650]
[ 88.315462][ T3650] Freed by task 3652:
[ 88.319409][ T3650] kasan_save_stack+0x1e/0x40
[ 88.324057][ T3650] kasan_set_track+0x21/0x30
[ 88.328632][ T3650] kasan_set_free_info+0x20/0x30
[ 88.333541][ T3650] ____kasan_slab_free+0x166/0x1a0
[ 88.338967][ T3650] slab_free_freelist_hook+0x8b/0x1c0
[ 88.344305][ T3650] kmem_cache_free+0xdd/0x5a0
[ 88.348949][ T3650] sk_psock_backlog+0x871/0xd20
[ 88.353792][ T3650] process_one_work+0x865/0x13d0
[ 88.358709][ T3650] worker_thread+0x598/0xec0
[ 88.363289][ T3650] kthread+0x299/0x340
[ 88.367335][ T3650] ret_from_fork+0x1f/0x30
[ 88.371723][ T3650]
[ 88.374021][ T3650] The buggy address belongs to the object at ffff88806f0bca00
[ 88.374021][ T3650] which belongs to the cache skbuff_head_cache of size 232
[ 88.388564][ T3650] The buggy address is located 220 bytes inside of
[ 88.388564][ T3650] 232-byte region [ffff88806f0bca00, ffff88806f0bcae8)
[ 88.401890][ T3650]
[ 88.404187][ T3650] The buggy address belongs to the physical page:
[ 88.410566][ T3650] page:ffffea0001bc2f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6f0bc
[ 88.420682][ T3650] memcg:ffff888073abd981
[ 88.424889][ T3650] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 88.432404][ T3650] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8880150c1140
[ 88.440956][ T3650] raw: 0000000000000000 00000000000c000c 00000001ffffffff ffff888073abd981
[ 88.449509][ T3650] page dumped because: kasan: bad access detected
[ 88.455890][ T3650] page_owner tracks the page as allocated
[ 88.461569][ T3650] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4149, tgid 4148 (syz-executor.0), ts 88028313027, free_ts 59037553842
[ 88.479935][ T3650] get_page_from_freelist+0x19d3/0x3b30
[ 88.485472][ T3650] __alloc_pages+0x1c7/0x510
[ 88.490028][ T3650] allocate_slab+0x26c/0x3c0
[ 88.494587][ T3650] ___slab_alloc+0x9bc/0xe10
[ 88.499142][ T3650] __slab_alloc.constprop.0+0x4d/0xa0
[ 88.504500][ T3650] kmem_cache_alloc_node+0x122/0x3f0
[ 88.509756][ T3650] __alloc_skb+0x151/0x270
[ 88.514579][ T3650] alloc_skb_with_frags+0x73/0x6f0
[ 88.519665][ T3650] sock_alloc_send_pskb+0x636/0x7c0
[ 88.524830][ T3650] unix_dgram_sendmsg+0x36f/0x1790
[ 88.529926][ T3650] sock_sendmsg+0xab/0xe0
[ 88.534226][ T3650] ____sys_sendmsg+0x395/0x7a0
[ 88.538959][ T3650] ___sys_sendmsg+0xd3/0x150
[ 88.543514][ T3650] __sys_sendmmsg+0x141/0x310
[ 88.548159][ T3650] __x64_sys_sendmmsg+0x94/0x100
[ 88.553066][ T3650] do_syscall_64+0x35/0x80
[ 88.557456][ T3650] page last free stack trace:
[ 88.562096][ T3650] free_pcp_prepare+0x549/0xd20
[ 88.567006][ T3650] free_unref_page+0x19/0x6a0
[ 88.571661][ T3650] __vunmap+0x66d/0xb40
[ 88.575921][ T3650] free_work+0x4b/0x70
[ 88.579959][ T3650] process_one_work+0x865/0x13d0
[ 88.584866][ T3650] worker_thread+0x598/0xec0
[ 88.589513][ T3650] kthread+0x299/0x340
[ 88.593639][ T3650] ret_from_fork+0x1f/0x30
[ 88.598048][ T3650]
[ 88.600351][ T3650] Memory state around the buggy address:
[ 88.605947][ T3650] ffff88806f0bc980: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[ 88.614086][ T3650] ffff88806f0bca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.622126][ T3650] >ffff88806f0bca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 88.630159][ T3650] ^
[ 88.637060][ T3650] ffff88806f0bcb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 88.645094][ T3650] ffff88806f0bcb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.653127][ T3650] ==================================================================
[ 88.661222][ T3650] Kernel panic - not syncing: panic_on_warn set ...
[ 88.667794][ T3650] CPU: 1 PID: 3650 Comm: kworker/1:3 Not tainted 5.19.0-rc6-syzkaller #0
[ 88.676229][ T3650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 88.686265][ T3650] Workqueue: events bpf_map_free_deferred
[ 88.692053][ T3650] Call Trace:
[ 88.695312][ T3650]
[ 88.698223][ T3650] dump_stack_lvl+0x57/0x7d
[ 88.702895][ T3650] panic+0x227/0x466
[ 88.706777][ T3650] ? panic_print_sys_info.part.0+0x69/0x69
[ 88.712564][ T3650] ? consume_skb+0x23/0xf0
[ 88.716958][ T3650] end_report.part.0+0x3f/0x7c
[ 88.721786][ T3650] kasan_report.cold+0x93/0x1c6
[ 88.726611][ T3650] ? consume_skb+0x23/0xf0
[ 88.731003][ T3650] kasan_check_range+0x13d/0x180
[ 88.736350][ T3650] consume_skb+0x23/0xf0
[ 88.740567][ T3650] __sk_msg_free+0x198/0x340
[ 88.745244][ T3650] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 88.751031][ T3650] sk_psock_stop+0x3f3/0x640
[ 88.755684][ T3650] ? sk_psock_drop+0x145/0x350
[ 88.760688][ T3650] ? trace_hardirqs_on+0x2d/0x120
[ 88.765679][ T3650] sk_psock_drop+0x14f/0x350
[ 88.770259][ T3650] sock_hash_free+0x53f/0x730
[ 88.774910][ T3650] ? sock_map_seq_start+0x2b0/0x2b0
[ 88.780076][ T3650] process_one_work+0x865/0x13d0
[ 88.784983][ T3650] ? lock_release+0x780/0x780
[ 88.790500][ T3650] ? pwq_dec_nr_in_flight+0x230/0x230
[ 88.795844][ T3650] ? rwlock_bug.part.0+0x90/0x90
[ 88.800846][ T3650] worker_thread+0x598/0xec0
[ 88.805412][ T3650] ? __kthread_parkme+0xc1/0x1f0
[ 88.810323][ T3650] ? process_one_work+0x13d0/0x13d0
[ 88.815499][ T3650] kthread+0x299/0x340
[ 88.819538][ T3650] ? kthread_complete_and_exit+0x20/0x20
[ 88.825147][ T3650] ret_from_fork+0x1f/0x30
[ 88.829541][ T3650]
[ 88.832971][ T3650] Kernel Offset: disabled
[ 88.837270][ T3650] Rebooting in 86400 seconds..