[   38.756543][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.769965][ T1044] device veth1_macvtap left promiscuous mode
[   38.776121][ T1044] device veth0_macvtap left promiscuous mode
[   38.782233][ T1044] device veth1_vlan left promiscuous mode
[   38.788711][ T1044] device veth0_vlan left promiscuous mode
[   38.880397][ T1044] team0 (unregistering): Port device team_slave_1 removed
[   38.890853][ T1044] team0 (unregistering): Port device team_slave_0 removed
[   38.902170][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   38.918635][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   38.957616][ T1044] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts.
2022/07/07 22:55:45 parsed 1 programs
2022/07/07 22:55:45 executed programs: 0
[   50.145648][ T3950] cgroup: Unknown subsys name 'net'
[   50.153962][ T3950] cgroup: Unknown subsys name 'rlimit'
[   53.283223][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   57.443180][ T3607] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   59.527374][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   59.535445][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   59.542986][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   59.550876][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   59.558967][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   59.566414][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   59.617930][ T4069] chnl_net:caif_netlink_parms(): no params data found
[   59.645999][ T4069] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.653221][ T4069] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.660823][ T4069] device bridge_slave_0 entered promiscuous mode
[   59.669309][ T4069] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.676402][ T4069] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.684506][ T4069] device bridge_slave_1 entered promiscuous mode
[   59.698983][ T4069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.710584][ T4069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.728839][ T4069] team0: Port device team_slave_0 added
[   59.735722][ T4069] team0: Port device team_slave_1 added
[   59.749575][ T4069] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.756579][ T4069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.783542][ T4069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.795288][ T4069] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.802415][ T4069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.829040][ T4069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.850074][ T4069] device hsr_slave_0 entered promiscuous mode
[   59.856999][ T4069] device hsr_slave_1 entered promiscuous mode
[   59.898724][ T4069] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.905814][ T4069] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.913183][ T4069] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.920263][ T4069] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.946878][ T4069] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.958108][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.966798][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.975252][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.982730][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   59.994685][ T4069] 8021q: adding VLAN 0 to HW filter on device team0
[   60.004352][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.012677][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.019815][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.029871][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.038445][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.045881][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.064459][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.073320][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.082139][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.090484][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.099257][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.108992][ T4069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.124640][ T4069] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.131813][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   60.139373][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   60.262724][ T4069] device veth0_vlan entered promiscuous mode
[   60.270597][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.279212][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.287873][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   60.295448][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   60.310179][ T4069] device veth1_vlan entered promiscuous mode
[   60.341192][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   60.350480][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   60.358608][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.369131][ T4069] device veth0_macvtap entered promiscuous mode
[   60.377521][ T4069] device veth1_macvtap entered promiscuous mode
[   60.389339][ T4069] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.398001][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.407728][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   60.417432][ T4069] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.425655][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.459551][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.475288][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.480304][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.484679][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   60.498813][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2022/07/07 22:55:55 executed programs: 1
[   60.507977][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   61.604501][   T42] Bluetooth: hci0: command 0x0409 tx timeout
[   63.683722][   T42] Bluetooth: hci0: command 0x041b tx timeout
[   64.521838][ T4706] ==================================================================
[   64.529930][ T4706] BUG: KASAN: use-after-free in __lock_acquire+0x3d73/0x55d0
[   64.537534][ T4706] Read of size 8 at addr ffff88806f1fb8a8 by task syz-executor.0/4706
[   64.545655][ T4706] 
[   64.547949][ T4706] CPU: 0 PID: 4706 Comm: syz-executor.0 Not tainted 5.19.0-rc5-syzkaller #0
[   64.556590][ T4706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   64.566617][ T4706] Call Trace:
[   64.569875][ T4706]  <TASK>
[   64.572778][ T4706]  dump_stack_lvl+0x57/0x7d
[   64.577264][ T4706]  print_address_description.constprop.0.cold+0xeb/0x495
[   64.584264][ T4706]  ? __lock_acquire+0x3d73/0x55d0
[   64.589257][ T4706]  kasan_report.cold+0xf4/0x1c6
[   64.594078][ T4706]  ? __lock_acquire+0x3d73/0x55d0
[   64.599070][ T4706]  __lock_acquire+0x3d73/0x55d0
[   64.603895][ T4706]  ? __lock_acquire+0xbf1/0x55d0
[   64.608800][ T4706]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   64.614750][ T4706]  lock_acquire+0x1ab/0x570
[   64.619262][ T4706]  ? post_one_notification.isra.0+0x4f/0x890
[   64.625211][ T4706]  ? lock_release+0x780/0x780
[   64.629856][ T4706]  ? lock_acquire+0x1ab/0x570
[   64.634504][ T4706]  ? _raw_spin_lock_irq+0x41/0x50
[   64.639496][ T4706]  _raw_spin_lock_irq+0x32/0x50
[   64.644313][ T4706]  ? post_one_notification.isra.0+0x4f/0x890
[   64.650264][ T4706]  post_one_notification.isra.0+0x4f/0x890
[   64.657366][ T4706]  __post_watch_notification+0x419/0x790
[   64.662981][ T4706]  ? user_update+0x1f0/0x2b0
[   64.667553][ T4706]  key_create_or_update+0xa84/0xbe0
[   64.672728][ T4706]  ? key_alloc+0x1020/0x1020
[   64.677290][ T4706]  ? join_session_keyring+0x2b0/0x2b0
[   64.682638][ T4706]  ? find_held_lock+0x2d/0x110
[   64.687381][ T4706]  __do_sys_add_key+0x156/0x300
[   64.692206][ T4706]  ? __do_sys_request_key+0x270/0x270
[   64.697547][ T4706]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   64.703498][ T4706]  ? syscall_enter_from_user_mode+0x21/0x70
[   64.709362][ T4706]  do_syscall_64+0x35/0xb0
[   64.713755][ T4706]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   64.719648][ T4706] RIP: 0033:0x7f7330c89109
[   64.724039][ T4706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   64.743628][ T4706] RSP: 002b:00007f7331ed7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   64.752019][ T4706] RAX: ffffffffffffffda RBX: 00007f7330d9bf60 RCX: 00007f7330c89109
[   64.759968][ T4706] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000020000040
[   64.767915][ T4706] RBP: 00007f7330ce308d R08: fffffffffffffffc R09: 0000000000000000
[   64.775861][ T4706] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000000000
[   64.783802][ T4706] R13: 00007ffdd43c240f R14: 00007f7331ed7300 R15: 0000000000022000
[   64.791859][ T4706]  </TASK>
[   64.794854][ T4706] 
[   64.797151][ T4706] Allocated by task 4703:
[   64.801449][ T4706]  kasan_save_stack+0x1e/0x40
[   64.806104][ T4706]  __kasan_kmalloc+0xa9/0xd0
[   64.810663][ T4706]  alloc_pipe_info+0xd0/0x480
[   64.815309][ T4706]  create_pipe_files+0x85/0x860
[   64.820125][ T4706]  do_pipe2+0x78/0x150
[   64.824160][ T4706]  __x64_sys_pipe2+0x4b/0x70
[   64.828715][ T4706]  do_syscall_64+0x35/0xb0
[   64.833100][ T4706]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   64.838961][ T4706] 
[   64.841259][ T4706] Freed by task 4704:
[   64.845205][ T4706]  kasan_save_stack+0x1e/0x40
[   64.849847][ T4706]  kasan_set_track+0x21/0x30
[   64.854405][ T4706]  kasan_set_free_info+0x20/0x30
[   64.859308][ T4706]  ____kasan_slab_free+0x166/0x1a0
[   64.864385][ T4706]  slab_free_freelist_hook+0x8b/0x1c0
[   64.869982][ T4706]  kfree+0xd6/0x4d0
[   64.873756][ T4706]  pipe_release+0x217/0x270
[   64.878227][ T4706]  __fput+0x1f5/0x8c0
[   64.882172][ T4706]  task_work_run+0xc0/0x160
[   64.886642][ T4706]  exit_to_user_mode_prepare+0x23c/0x250
[   64.892237][ T4706]  syscall_exit_to_user_mode+0x19/0x50
[   64.897663][ T4706]  do_syscall_64+0x42/0xb0
[   64.902046][ T4706]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   64.907909][ T4706] 
[   64.910206][ T4706] The buggy address belongs to the object at ffff88806f1fb800
[   64.910206][ T4706]  which belongs to the cache kmalloc-cg-512 of size 512
[   64.924571][ T4706] The buggy address is located 168 bytes inside of
[   64.924571][ T4706]  512-byte region [ffff88806f1fb800, ffff88806f1fba00)
[   64.937898][ T4706] 
[   64.940196][ T4706] The buggy address belongs to the physical page:
[   64.946574][ T4706] page:ffffea0001bc7e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6f1f8
[   64.956688][ T4706] head:ffffea0001bc7e00 order:2 compound_mapcount:0 compound_pincount:0
[   64.964975][ T4706] memcg:ffff88807a973e01
[   64.969186][ T4706] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   64.977136][ T4706] raw: 00fff00000010200 ffffea0001e01a00 dead000000000002 ffff888010c42dc0
[   64.985688][ T4706] raw: 0000000000000000 0000000080100010 00000001ffffffff ffff88807a973e01
[   64.994232][ T4706] page dumped because: kasan: bad access detected
[   65.000609][ T4706] page_owner tracks the page as allocated
[   65.006293][ T4706] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3880, tgid 3880 (dhcpcd-run-hook), ts 49083586275, free_ts 33327313764
[   65.029267][ T4706]  get_page_from_freelist+0x19d3/0x3b30
[   65.034787][ T4706]  __alloc_pages+0x1c7/0x510
[   65.039343][ T4706]  allocate_slab+0x26c/0x3c0
[   65.043898][ T4706]  ___slab_alloc+0x9bc/0xe10
[   65.048455][ T4706]  __slab_alloc.constprop.0+0x4d/0xa0
[   65.053790][ T4706]  kmem_cache_alloc_trace+0x310/0x3f0
[   65.059125][ T4706]  alloc_pipe_info+0xd0/0x480
[   65.063771][ T4706]  create_pipe_files+0x85/0x860
[   65.068588][ T4706]  do_pipe2+0x78/0x150
[   65.072623][ T4706]  __x64_sys_pipe+0x2a/0x40
[   65.077090][ T4706]  do_syscall_64+0x35/0xb0
[   65.081475][ T4706]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   65.087333][ T4706] page last free stack trace:
[   65.092067][ T4706]  free_pcp_prepare+0x549/0xd20
[   65.096885][ T4706]  free_unref_page+0x19/0x6a0
[   65.101529][ T4706]  release_pages+0x76b/0x1780
[   65.106172][ T4706]  tlb_batch_pages_flush+0x85/0x160
[   65.111338][ T4706]  tlb_finish_mmu+0x110/0x6c0
[   65.115980][ T4706]  exit_mmap+0x19d/0x3f0
[   65.120190][ T4706]  __mmput+0xed/0x430
[   65.124140][ T4706]  do_exit+0x8e9/0x2470
[   65.128261][ T4706]  do_group_exit+0xb2/0x2a0
[   65.132733][ T4706]  get_signal+0x1c76/0x2030
[   65.137207][ T4706]  arch_do_signal_or_restart+0x82/0x2300
[   65.142808][ T4706]  exit_to_user_mode_prepare+0x15f/0x250
[   65.148408][ T4706]  syscall_exit_to_user_mode+0x19/0x50
[   65.153836][ T4706]  do_syscall_64+0x42/0xb0
[   65.158219][ T4706]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   65.165044][ T4706] 
[   65.167348][ T4706] Memory state around the buggy address:
[   65.173813][ T4706]  ffff88806f1fb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.181847][ T4706]  ffff88806f1fb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.189878][ T4706] >ffff88806f1fb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.197908][ T4706]                                   ^
[   65.203248][ T4706]  ffff88806f1fb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.211284][ T4706]  ffff88806f1fb980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.219313][ T4706] ==================================================================
[   65.227345][ T4706] Kernel panic - not syncing: panic_on_warn set ...
[   65.233899][ T4706] CPU: 0 PID: 4706 Comm: syz-executor.0 Not tainted 5.19.0-rc5-syzkaller #0
[   65.242535][ T4706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   65.252661][ T4706] Call Trace:
[   65.255940][ T4706]  <TASK>
[   65.258854][ T4706]  dump_stack_lvl+0x57/0x7d
[   65.263337][ T4706]  panic+0x227/0x466
[   65.267204][ T4706]  ? panic_print_sys_info.part.0+0x69/0x69
[   65.272982][ T4706]  ? __lock_acquire+0x3d73/0x55d0
[   65.277979][ T4706]  end_report.part.0+0x3f/0x7c
[   65.282715][ T4706]  kasan_report.cold+0x93/0x1c6
[   65.287537][ T4706]  ? __lock_acquire+0x3d73/0x55d0
[   65.292534][ T4706]  __lock_acquire+0x3d73/0x55d0
[   65.297361][ T4706]  ? __lock_acquire+0xbf1/0x55d0
[   65.302294][ T4706]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   65.308346][ T4706]  lock_acquire+0x1ab/0x570
[   65.312819][ T4706]  ? post_one_notification.isra.0+0x4f/0x890
[   65.318764][ T4706]  ? lock_release+0x780/0x780
[   65.323405][ T4706]  ? lock_acquire+0x1ab/0x570
[   65.328058][ T4706]  ? _raw_spin_lock_irq+0x41/0x50
[   65.333060][ T4706]  _raw_spin_lock_irq+0x32/0x50
[   65.337884][ T4706]  ? post_one_notification.isra.0+0x4f/0x890
[   65.343832][ T4706]  post_one_notification.isra.0+0x4f/0x890
[   65.349608][ T4706]  __post_watch_notification+0x419/0x790
[   65.355210][ T4706]  ? user_update+0x1f0/0x2b0
[   65.359771][ T4706]  key_create_or_update+0xa84/0xbe0
[   65.364958][ T4706]  ? key_alloc+0x1020/0x1020
[   65.369539][ T4706]  ? join_session_keyring+0x2b0/0x2b0
[   65.374895][ T4706]  ? find_held_lock+0x2d/0x110
[   65.379642][ T4706]  __do_sys_add_key+0x156/0x300
[   65.384817][ T4706]  ? __do_sys_request_key+0x270/0x270
[   65.390157][ T4706]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   65.396106][ T4706]  ? syscall_enter_from_user_mode+0x21/0x70
[   65.401969][ T4706]  do_syscall_64+0x35/0xb0
[   65.406358][ T4706]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   65.412220][ T4706] RIP: 0033:0x7f7330c89109
[   65.416609][ T4706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   65.436629][ T4706] RSP: 002b:00007f7331ed7168 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   65.445016][ T4706] RAX: ffffffffffffffda RBX: 00007f7330d9bf60 RCX: 00007f7330c89109
[   65.453401][ T4706] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000020000040
[   65.461345][ T4706] RBP: 00007f7330ce308d R08: fffffffffffffffc R09: 0000000000000000
[   65.469293][ T4706] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000000000
[   65.477245][ T4706] R13: 00007ffdd43c240f R14: 00007f7331ed7300 R15: 0000000000022000
[   65.485197][ T4706]  </TASK>
[   65.488686][ T4706] Kernel Offset: disabled
[   65.493003][ T4706] Rebooting in 86400 seconds..