[ 63.920719][ T1020] device veth1_macvtap left promiscuous mode
[ 63.928746][ T1020] device veth0_macvtap left promiscuous mode
[ 63.935387][ T1020] device veth1_vlan left promiscuous mode
[ 63.941639][ T1020] device veth0_vlan left promiscuous mode
[ 64.197339][ T1020] team0 (unregistering): Port device team_slave_1 removed
[ 64.219854][ T1020] team0 (unregistering): Port device team_slave_0 removed
[ 64.237608][ T1020] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 64.256086][ T1020] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 64.334951][ T1020] bond0 (unregistering): Released all slaves
[ 76.455234][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.104' (ECDSA) to the list of known hosts.
2023/01/19 01:12:10 ignoring optional flag "sandboxArg"="0"
2023/01/19 01:12:10 parsed 1 programs
2023/01/19 01:12:10 executed programs: 0
[ 86.190413][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 86.198699][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 86.207331][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 86.216871][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 86.224786][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 86.232037][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 86.340699][ T5542] chnl_net:caif_netlink_parms(): no params data found
[ 86.381165][ T5542] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.388626][ T5542] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.396929][ T5542] device bridge_slave_0 entered promiscuous mode
[ 86.405490][ T5542] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.413123][ T5542] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.421213][ T5542] device bridge_slave_1 entered promiscuous mode
[ 86.442505][ T5542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.456622][ T5542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.479717][ T5542] team0: Port device team_slave_0 added
[ 86.487823][ T5542] team0: Port device team_slave_1 added
[ 86.506653][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.513838][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.540620][ T5542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.553011][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.560076][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.586553][ T5542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 86.617752][ T5542] device hsr_slave_0 entered promiscuous mode
[ 86.625656][ T5542] device hsr_slave_1 entered promiscuous mode
[ 87.403157][ T5542] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 87.415206][ T5542] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 87.428770][ T5542] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 87.439965][ T5542] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 87.529755][ T5542] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.545546][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 87.557105][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 87.568727][ T5542] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.584876][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 87.596277][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 87.605527][ T22] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.612738][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.634514][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 87.643770][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 87.652734][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 87.661904][ T22] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.669324][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.678021][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 87.687204][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 87.704692][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 87.715782][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 87.732091][ T5542] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 87.745464][ T5542] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 87.760724][ T5574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 87.770147][ T5574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 87.779345][ T5574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 87.788762][ T5574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 87.799514][ T5574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 87.812606][ T5574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 88.046536][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 88.054913][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 88.065537][ T5542] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 88.090902][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 88.102217][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 88.124013][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 88.133174][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 88.147368][ T5542] device veth0_vlan entered promiscuous mode
[ 88.155811][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 88.165648][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 88.179792][ T5542] device veth1_vlan entered promiscuous mode
[ 88.207913][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 88.216981][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 88.225346][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 88.235229][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 88.246533][ T5542] device veth0_macvtap entered promiscuous mode
[ 88.260554][ T5542] device veth1_macvtap entered promiscuous mode
[ 88.282168][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 88.290990][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 88.299605][ T48] Bluetooth: hci0: command 0x0409 tx timeout
[ 88.310072][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 88.318497][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 88.329301][ T5090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 88.341705][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 88.351916][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 88.361855][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 88.372862][ T5542] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.383007][ T5542] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.392670][ T5542] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.401928][ T5542] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.484244][ T1020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.492339][ T1020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.511058][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.513115][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 88.527995][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.540975][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 89.433369][ T5090] ==================================================================
[ 89.441576][ T5090] BUG: KASAN: use-after-free in io_fallback_req_func+0xc7/0x204
[ 89.449429][ T5090] Read of size 8 at addr ffff888070652948 by task kworker/0:4/5090
[ 89.457441][ T5090]
[ 89.459781][ T5090] CPU: 0 PID: 5090 Comm: kworker/0:4 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[ 89.470225][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 89.480324][ T5090] Workqueue: events io_fallback_req_func
[ 89.486012][ T5090] Call Trace:
[ 89.489496][ T5090]
[ 89.492451][ T5090] dump_stack_lvl+0xd1/0x138
[ 89.497169][ T5090] print_report+0x15e/0x45d
[ 89.501691][ T5090] ? __phys_addr+0xc8/0x140
[ 89.506420][ T5090] ? io_fallback_req_func+0xc7/0x204
[ 89.511986][ T5090] kasan_report+0xc0/0xf0
[ 89.516333][ T5090] ? io_fallback_req_func+0xc7/0x204
[ 89.521656][ T5090] io_fallback_req_func+0xc7/0x204
[ 89.527395][ T5090] ? __io_commit_cqring_flush.cold+0x42/0x42
[ 89.533424][ T5090] process_one_work+0x9bf/0x1750
[ 89.538419][ T5090] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 89.543908][ T5090] ? rcu_read_lock_sched_held+0x3e/0x70
[ 89.549492][ T5090] ? rwlock_bug.part.0+0x90/0x90
[ 89.554457][ T5090] ? lock_acquire+0x32/0xc0
[ 89.559064][ T5090] ? worker_thread+0x16d/0x1090
[ 89.563937][ T5090] worker_thread+0x669/0x1090
[ 89.568636][ T5090] ? __kthread_parkme+0x163/0x220
[ 89.573672][ T5090] ? process_one_work+0x1750/0x1750
[ 89.578893][ T5090] kthread+0x2e8/0x3a0
[ 89.583230][ T5090] ? kthread_complete_and_exit+0x40/0x40
[ 89.588972][ T5090] ret_from_fork+0x1f/0x30
[ 89.593590][ T5090]
[ 89.596610][ T5090]
[ 89.598931][ T5090] Allocated by task 5603:
[ 89.603364][ T5090] kasan_save_stack+0x22/0x40
[ 89.608152][ T5090] kasan_set_track+0x25/0x30
[ 89.612783][ T5090] __kasan_slab_alloc+0x7f/0x90
[ 89.617645][ T5090] kmem_cache_alloc_bulk+0x3aa/0x730
[ 89.623115][ T5090] __io_alloc_req_refill+0xcc/0x40b
[ 89.628364][ T5090] io_submit_sqes.cold+0x7c/0xc2
[ 89.633388][ T5090] __do_sys_io_uring_enter+0x9e4/0x2c10
[ 89.638952][ T5090] do_syscall_64+0x39/0xb0
[ 89.643389][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.649395][ T5090]
[ 89.651719][ T5090] Freed by task 9:
[ 89.655444][ T5090] kasan_save_stack+0x22/0x40
[ 89.660338][ T5090] kasan_set_track+0x25/0x30
[ 89.664961][ T5090] kasan_save_free_info+0x2e/0x40
[ 89.670012][ T5090] ____kasan_slab_free+0x160/0x1c0
[ 89.675167][ T5090] slab_free_freelist_hook+0x8b/0x1c0
[ 89.680785][ T5090] kmem_cache_free+0xec/0x4e0
[ 89.685575][ T5090] io_req_caches_free+0x1a9/0x1e6
[ 89.690702][ T5090] io_ring_exit_work+0x2e7/0xc80
[ 89.695828][ T5090] process_one_work+0x9bf/0x1750
[ 89.700878][ T5090] worker_thread+0x669/0x1090
[ 89.705687][ T5090] kthread+0x2e8/0x3a0
[ 89.709763][ T5090] ret_from_fork+0x1f/0x30
[ 89.714332][ T5090]
[ 89.716658][ T5090] The buggy address belongs to the object at ffff8880706528c0
[ 89.716658][ T5090] which belongs to the cache io_kiocb of size 224
[ 89.730659][ T5090] The buggy address is located 136 bytes inside of
[ 89.730659][ T5090] 224-byte region [ffff8880706528c0, ffff8880706529a0)
[ 89.744031][ T5090]
[ 89.746370][ T5090] The buggy address belongs to the physical page:
[ 89.752870][ T5090] page:ffffea0001c19480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x70652
[ 89.763085][ T5090] memcg:ffff888026aa6301
[ 89.767346][ T5090] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 89.774909][ T5090] raw: 00fff00000000200 ffff888146499780 dead000000000122 0000000000000000
[ 89.783529][ T5090] raw: 0000000000000000 00000000800c000c 00000001ffffffff ffff888026aa6301
[ 89.792121][ T5090] page dumped because: kasan: bad access detected
[ 89.799098][ T5090] page_owner tracks the page as allocated
[ 89.804816][ T5090] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5603, tgid 5602 (syz-executor.0), ts 88591275349, free_ts 64543666654
[ 89.823807][ T5090] get_page_from_freelist+0x11bb/0x2d50
[ 89.829524][ T5090] __alloc_pages+0x1cb/0x5c0
[ 89.834142][ T5090] alloc_pages+0x1aa/0x270
[ 89.838662][ T5090] allocate_slab+0x25f/0x350
[ 89.843263][ T5090] ___slab_alloc+0xa91/0x1400
[ 89.847954][ T5090] kmem_cache_alloc_bulk+0x23d/0x730
[ 89.853254][ T5090] __io_alloc_req_refill+0xcc/0x40b
[ 89.858499][ T5090] io_submit_sqes.cold+0x7c/0xc2
[ 89.863537][ T5090] __do_sys_io_uring_enter+0x9e4/0x2c10
[ 89.869279][ T5090] do_syscall_64+0x39/0xb0
[ 89.873932][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.880199][ T5090] page last free stack trace:
[ 89.884870][ T5090] __free_pages_ok+0x6ac/0xdc0
[ 89.889741][ T5090] kvfree+0x46/0x50
[ 89.893661][ T5090] wg_destruct+0x2f4/0x400
[ 89.898091][ T5090] netdev_run_todo+0x6bf/0x1100
[ 89.902960][ T5090] default_device_exit_batch+0x456/0x590
[ 89.908738][ T5090] ops_exit_list+0x125/0x170
[ 89.913365][ T5090] cleanup_net+0x4ee/0xb10
[ 89.917850][ T5090] process_one_work+0x9bf/0x1750
[ 89.922823][ T5090] worker_thread+0x669/0x1090
[ 89.927741][ T5090] kthread+0x2e8/0x3a0
[ 89.931823][ T5090] ret_from_fork+0x1f/0x30
[ 89.936372][ T5090]
[ 89.938701][ T5090] Memory state around the buggy address:
[ 89.944524][ T5090] ffff888070652800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 89.952621][ T5090] ffff888070652880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 89.960782][ T5090] >ffff888070652900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.969200][ T5090] ^
[ 89.975781][ T5090] ffff888070652980: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.983851][ T5090] ffff888070652a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.992789][ T5090] ==================================================================
[ 90.018482][ T5090] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.025736][ T5090] CPU: 0 PID: 5090 Comm: kworker/0:4 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0
[ 90.035839][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 90.045927][ T5090] Workqueue: events io_fallback_req_func
[ 90.051633][ T5090] Call Trace:
[ 90.054938][ T5090]
[ 90.057894][ T5090] dump_stack_lvl+0xd1/0x138
[ 90.062521][ T5090] panic+0x2cc/0x626
[ 90.066565][ T5090] ? panic_print_sys_info.part.0+0x112/0x112
[ 90.072688][ T5090] ? preempt_schedule_thunk+0x1a/0x20
[ 90.078252][ T5090] ? preempt_schedule_common+0x59/0xc0
[ 90.083760][ T5090] check_panic_on_warn.cold+0x19/0x35
[ 90.089369][ T5090] end_report.part.0+0x36/0x73
[ 90.094170][ T5090] ? io_fallback_req_func+0xc7/0x204
[ 90.099496][ T5090] kasan_report.cold+0xa/0xf
[ 90.104130][ T5090] ? io_fallback_req_func+0xc7/0x204
[ 90.109518][ T5090] io_fallback_req_func+0xc7/0x204
[ 90.114678][ T5090] ? __io_commit_cqring_flush.cold+0x42/0x42
[ 90.120719][ T5090] process_one_work+0x9bf/0x1750
[ 90.126402][ T5090] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 90.131814][ T5090] ? rcu_read_lock_sched_held+0x3e/0x70
[ 90.137381][ T5090] ? rwlock_bug.part.0+0x90/0x90
[ 90.142426][ T5090] ? lock_acquire+0x32/0xc0
[ 90.146965][ T5090] ? worker_thread+0x16d/0x1090
[ 90.151922][ T5090] worker_thread+0x669/0x1090
[ 90.156640][ T5090] ? __kthread_parkme+0x163/0x220
[ 90.161682][ T5090] ? process_one_work+0x1750/0x1750
[ 90.166932][ T5090] kthread+0x2e8/0x3a0
[ 90.171083][ T5090] ? kthread_complete_and_exit+0x40/0x40
[ 90.176825][ T5090] ret_from_fork+0x1f/0x30
[ 90.181272][ T5090]
[ 90.184526][ T5090] Kernel Offset: disabled
[ 90.189032][ T5090] Rebooting in 86400 seconds..