[   53.852669][ T1051] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.867606][ T1051] veth1_macvtap: left promiscuous mode
[   53.875528][ T1051] veth0_macvtap: left promiscuous mode
[   53.882203][ T1051] veth1_vlan: left promiscuous mode
[   53.888223][ T1051] veth0_vlan: left promiscuous mode
[   54.059643][ T1051] team0 (unregistering): Port device team_slave_1 removed
[   54.073216][ T1051] team0 (unregistering): Port device team_slave_0 removed
[   54.086496][ T1051] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   54.100548][ T1051] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   54.146270][ T1051] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.15.214' (ECDSA) to the list of known hosts.
2023/06/17 11:24:35 ignoring optional flag "sandboxArg"="0"
2023/06/17 11:24:35 parsed 1 programs
2023/06/17 11:24:37 executed programs: 0
[   70.654345][ T5350] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   70.695757][ T4410] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.705614][ T4410] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.714042][ T4410] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.723205][ T4410] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.731514][ T4410] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   70.739870][ T4410] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.837777][ T5358] chnl_net:caif_netlink_parms(): no params data found
[   70.879784][ T5358] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.887620][ T5358] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.896390][ T5358] bridge_slave_0: entered allmulticast mode
[   70.903700][ T5358] bridge_slave_0: entered promiscuous mode
[   70.912528][ T5358] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.920175][ T5358] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.927955][ T5358] bridge_slave_1: entered allmulticast mode
[   70.935207][ T5358] bridge_slave_1: entered promiscuous mode
[   70.953772][ T5358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.966107][ T5358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.991862][ T5358] team0: Port device team_slave_0 added
[   70.999427][ T5358] team0: Port device team_slave_1 added
[   71.018356][ T5358] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.027257][ T5358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.065666][ T5358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.083743][ T5358] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.093027][ T5358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.124011][ T5358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.155448][ T5358] hsr_slave_0: entered promiscuous mode
[   71.162723][ T5358] hsr_slave_1: entered promiscuous mode
[   71.874604][ T5358] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   71.885588][ T5358] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   71.897285][ T5358] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.057208][ T5358] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.129134][ T5358] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.153771][ T5358] 8021q: adding VLAN 0 to HW filter on device team0
[   72.167687][  T758] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.175128][  T758] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.195129][ T5018] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.202952][ T5018] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.356120][ T5358] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.392851][ T5358] veth0_vlan: entered promiscuous mode
[   72.405929][ T5358] veth1_vlan: entered promiscuous mode
[   72.433933][ T5358] veth0_macvtap: entered promiscuous mode
[   72.443646][ T5358] veth1_macvtap: entered promiscuous mode
[   72.462779][ T5358] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.477498][ T5358] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.491018][ T5358] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.502235][ T5358] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.513313][ T5358] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.523985][ T5358] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.593314][ T4805] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.611659][ T4805] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.640999][ T4805] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.649625][ T4805] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.682683][ T5428] ==================================================================
[   72.691437][ T5428] BUG: KASAN: stack-out-of-bounds in ipmr_ioctl+0x8ef/0x9b0
[   72.698715][ T5428] Read of size 4 at addr ffffc90004dffafc by task syz-executor.0/5428
[   72.707203][ T5428] 
[   72.709522][ T5428] CPU: 1 PID: 5428 Comm: syz-executor.0 Not tainted 6.4.0-rc6-syzkaller #0
[   72.718182][ T5428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   72.728845][ T5428] Call Trace:
[   72.732662][ T5428]  <TASK>
[   72.735939][ T5428]  dump_stack_lvl+0x64/0xb0
[   72.740763][ T5428]  print_address_description.constprop.0+0x2c/0x3c0
[   72.747978][ T5428]  ? ipmr_ioctl+0x8ef/0x9b0
[   72.752550][ T5428]  kasan_report+0x11c/0x130
[   72.757127][ T5428]  ? ipmr_ioctl+0x8ef/0x9b0
[   72.762135][ T5428]  ipmr_ioctl+0x8ef/0x9b0
[   72.768267][ T5428]  ? ip_mroute_getsockopt+0x530/0x530
[   72.773816][ T5428]  ? debug_check_no_obj_freed+0x210/0x420
[   72.779600][ T5428]  ? lock_downgrade+0x690/0x690
[   72.784422][ T5428]  sk_ioctl+0x10e/0x340
[   72.788748][ T5428]  ? sock_ioctl_inout+0xf0/0xf0
[   72.793757][ T5428]  ? mark_held_locks+0x9f/0xe0
[   72.798580][ T5428]  ? find_held_lock+0x2d/0x110
[   72.803325][ T5428]  inet_ioctl+0x171/0x300
[   72.807827][ T5428]  ? ipip_gro_complete+0x120/0x120
[   72.813283][ T5428]  ? lock_downgrade+0x690/0x690
[   72.818564][ T5428]  ? __kmem_cache_free+0xaf/0x2d0
[   72.824384][ T5428]  ? tomoyo_check_path2_acl+0x250/0x250
[   72.830736][ T5428]  ? tomoyo_path_number_perm+0x23b/0x4b0
[   72.836612][ T5428]  ? tomoyo_execute_permission+0x470/0x470
[   72.842738][ T5428]  sock_do_ioctl+0xc9/0x1c0
[   72.848375][ T5428]  ? get_user_ifreq+0x1e0/0x1e0
[   72.853657][ T5428]  ? vfs_fileattr_set+0xa30/0xa30
[   72.859035][ T5428]  sock_ioctl+0x1b1/0x550
[   72.863614][ T5428]  ? br_ioctl_call+0x90/0x90
[   72.868178][ T5428]  ? __fget_files+0x1bf/0x3c0
[   72.872916][ T5428]  __x64_sys_ioctl+0x123/0x190
[   72.877963][ T5428]  do_syscall_64+0x39/0xb0
[   72.882445][ T5428]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.888396][ T5428] RIP: 0033:0x7f8a83e8c389
[   72.892801][ T5428] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.912998][ T5428] RSP: 002b:00007f8a84b29168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.921730][ T5428] RAX: ffffffffffffffda RBX: 00007f8a83fabf80 RCX: 00007f8a83e8c389
[   72.929832][ T5428] RDX: 0000000000000000 RSI: 00000000000089e1 RDI: 0000000000000003
[   72.938484][ T5428] RBP: 00007f8a83ed7493 R08: 0000000000000000 R09: 0000000000000000
[   72.946582][ T5428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.954979][ T5428] R13: 00007fff15e5935f R14: 00007f8a84b29300 R15: 0000000000022000
[   72.963457][ T5428]  </TASK>
[   72.966505][ T5428] 
[   72.968813][ T5428] The buggy address belongs to stack of task syz-executor.0/5428
[   72.977025][ T5428]  and is located at offset 36 in frame:
[   72.982819][ T5428]  sk_ioctl+0x0/0x340
[   72.986823][ T5428] 
[   72.989223][ T5428] This frame has 2 objects:
[   72.993866][ T5428]  [32, 36) 'karg'
[   72.993870][ T5428]  [48, 88) 'buffer'
[   72.997835][ T5428] 
[   73.004410][ T5428] The buggy address belongs to the virtual mapping at
[   73.004410][ T5428]  [ffffc90004df8000, ffffc90004e01000) created by:
[   73.004410][ T5428]  kernel_clone+0xbc/0x640
[   73.022454][ T5428] 
[   73.024766][ T5428] The buggy address belongs to the physical page:
[   73.031499][ T5428] page:ffffea0000808a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2022a
[   73.041882][ T5428] memcg:ffff88801eb62602
[   73.046504][ T5428] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   73.053592][ T5428] page_type: 0xffffffff()
[   73.057897][ T5428] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   73.066457][ T5428] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88801eb62602
[   73.075529][ T5428] page dumped because: kasan: bad access detected
[   73.081912][ T5428] page_owner tracks the page as allocated
[   73.089072][ T5428] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5427, tgid 5427 (syz-executor.0), ts 72682059050, free_ts 72613482273
[   73.108241][ T5428]  post_alloc_hook+0x2db/0x350
[   73.113275][ T5428]  get_page_from_freelist+0xf41/0x2c00
[   73.119576][ T5428]  __alloc_pages+0x1cb/0x4a0
[   73.124396][ T5428]  __vmalloc_node_range+0x7ff/0x1070
[   73.129826][ T5428]  copy_process+0x1181/0x6bf0
[   73.134956][ T5428]  kernel_clone+0xbc/0x640
[   73.139653][ T5428]  __do_sys_clone+0xa1/0xe0
[   73.144330][ T5428]  do_syscall_64+0x39/0xb0
[   73.148716][ T5428]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.154581][ T5428] page last free stack trace:
[   73.159521][ T5428]  free_unref_page_prepare+0x62e/0xcb0
[   73.165140][ T5428]  free_unref_page+0x33/0x370
[   73.170478][ T5428]  __unfreeze_partials+0x17c/0x1a0
[   73.176121][ T5428]  qlist_free_all+0x6a/0x170
[   73.180981][ T5428]  kasan_quarantine_reduce+0x195/0x220
[   73.187469][ T5428]  __kasan_slab_alloc+0x63/0x90
[   73.193248][ T5428]  kmem_cache_alloc_bulk+0x424/0x860
[   73.198835][ T5428]  mas_alloc_nodes+0x27c/0x700
[   73.203657][ T5428]  mas_preallocate+0x236/0x300
[   73.208498][ T5428]  __split_vma+0x16e/0x710
[   73.212972][ T5428]  do_vmi_align_munmap+0x364/0x1230
[   73.218225][ T5428]  do_vmi_munmap+0x1ba/0x210
[   73.228867][ T5428]  mmap_region+0x1b5/0x24b0
[   73.233690][ T5428]  do_mmap+0x5a4/0xd60
[   73.237824][ T5428]  vm_mmap_pgoff+0x164/0x350
[   73.242572][ T5428]  ksys_mmap_pgoff+0x2eb/0x4a0
[   73.247404][ T5428] 
[   73.249717][ T5428] Memory state around the buggy address:
[   73.255388][ T5428]  ffffc90004dff980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   73.263671][ T5428]  ffffc90004dffa00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3
[   73.272253][ T5428] >ffffc90004dffa80: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04
[   73.280839][ T5428]                                                                 ^
[   73.289164][ T5428]  ffffc90004dffb00: f2 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00
[   73.297562][ T5428]  ffffc90004dffb80: 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00
[   73.306293][ T5428] ==================================================================
[   73.322154][ T4410] Bluetooth: hci0: command 0x0409 tx timeout
[   73.331315][ T5428] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   73.338866][ T5428] CPU: 0 PID: 5428 Comm: syz-executor.0 Not tainted 6.4.0-rc6-syzkaller #0
[   73.347803][ T5428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   73.357852][ T5428] Call Trace:
[   73.361133][ T5428]  <TASK>
[   73.364342][ T5428]  dump_stack_lvl+0x64/0xb0
[   73.369290][ T5428]  panic+0x24f/0x540
[   73.373191][ T5428]  ? panic_smp_self_stop+0x70/0x70
[   73.378499][ T5428]  ? preempt_schedule_thunk+0x1a/0x20
[   73.384305][ T5428]  ? preempt_schedule_common+0x45/0xb0
[   73.390308][ T5428]  ? preempt_schedule_thunk+0x1a/0x20
[   73.396205][ T5428]  check_panic_on_warn+0x75/0x80
[   73.401590][ T5428]  end_report+0xe9/0x120
[   73.405932][ T5428]  ? ipmr_ioctl+0x8ef/0x9b0
[   73.410690][ T5428]  kasan_report+0xf9/0x130
[   73.415455][ T5428]  ? ipmr_ioctl+0x8ef/0x9b0
[   73.420385][ T5428]  ipmr_ioctl+0x8ef/0x9b0
[   73.424782][ T5428]  ? ip_mroute_getsockopt+0x530/0x530
[   73.430213][ T5428]  ? debug_check_no_obj_freed+0x210/0x420
[   73.436081][ T5428]  ? lock_downgrade+0x690/0x690
[   73.440997][ T5428]  sk_ioctl+0x10e/0x340
[   73.445387][ T5428]  ? sock_ioctl_inout+0xf0/0xf0
[   73.450428][ T5428]  ? mark_held_locks+0x9f/0xe0
[   73.455438][ T5428]  ? find_held_lock+0x2d/0x110
[   73.460355][ T5428]  inet_ioctl+0x171/0x300
[   73.464957][ T5428]  ? ipip_gro_complete+0x120/0x120
[   73.470227][ T5428]  ? lock_downgrade+0x690/0x690
[   73.475162][ T5428]  ? __kmem_cache_free+0xaf/0x2d0
[   73.480433][ T5428]  ? tomoyo_check_path2_acl+0x250/0x250
[   73.486146][ T5428]  ? tomoyo_path_number_perm+0x23b/0x4b0
[   73.491773][ T5428]  ? tomoyo_execute_permission+0x470/0x470
[   73.497814][ T5428]  sock_do_ioctl+0xc9/0x1c0
[   73.502375][ T5428]  ? get_user_ifreq+0x1e0/0x1e0
[   73.507193][ T5428]  ? vfs_fileattr_set+0xa30/0xa30
[   73.512636][ T5428]  sock_ioctl+0x1b1/0x550
[   73.517031][ T5428]  ? br_ioctl_call+0x90/0x90
[   73.521876][ T5428]  ? __fget_files+0x1bf/0x3c0
[   73.526570][ T5428]  __x64_sys_ioctl+0x123/0x190
[   73.531308][ T5428]  do_syscall_64+0x39/0xb0
[   73.536131][ T5428]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.542342][ T5428] RIP: 0033:0x7f8a83e8c389
[   73.546832][ T5428] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   73.566610][ T5428] RSP: 002b:00007f8a84b29168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.575011][ T5428] RAX: ffffffffffffffda RBX: 00007f8a83fabf80 RCX: 00007f8a83e8c389
[   73.583061][ T5428] RDX: 0000000000000000 RSI: 00000000000089e1 RDI: 0000000000000003
[   73.591011][ T5428] RBP: 00007f8a83ed7493 R08: 0000000000000000 R09: 0000000000000000
[   73.599083][ T5428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.607302][ T5428] R13: 00007fff15e5935f R14: 00007f8a84b29300 R15: 0000000000022000
[   73.615514][ T5428]  </TASK>
[   73.618867][ T5428] Kernel Offset: disabled
[   73.623521][ T5428] Rebooting in 86400 seconds..