[   54.894522][  T957] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.909999][  T957] veth1_macvtap: left promiscuous mode
[   54.915982][  T957] veth0_macvtap: left promiscuous mode
[   54.921581][  T957] veth1_vlan: left promiscuous mode
[   54.927994][  T957] veth0_vlan: left promiscuous mode
[   55.044788][  T957] team0 (unregistering): Port device team_slave_1 removed
[   55.056033][  T957] team0 (unregistering): Port device team_slave_0 removed
[   55.070417][  T957] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   55.082924][  T957] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   55.125635][  T957] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts.
2023/06/21 15:51:29 ignoring optional flag "sandboxArg"="0"
2023/06/21 15:51:29 parsed 1 programs
2023/06/21 15:51:30 executed programs: 0
[   71.051591][ T5350] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   71.084819][ T4413] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   71.092518][ T4413] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   71.100385][ T4413] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   71.108814][ T4413] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   71.117097][ T4413] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   71.124359][ T4413] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.201242][ T5359] chnl_net:caif_netlink_parms(): no params data found
[   71.235535][ T5359] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.242635][ T5359] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.250100][ T5359] bridge_slave_0: entered allmulticast mode
[   71.256659][ T5359] bridge_slave_0: entered promiscuous mode
[   71.264067][ T5359] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.271147][ T5359] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.279776][    T7] cfg80211: failed to load regulatory.db
[   71.284513][ T5359] bridge_slave_1: entered allmulticast mode
[   71.292198][ T5359] bridge_slave_1: entered promiscuous mode
[   71.319694][ T5359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.331991][ T5359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.361832][ T5359] team0: Port device team_slave_0 added
[   71.371618][ T5359] team0: Port device team_slave_1 added
[   71.395949][ T5359] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.402891][ T5359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.430843][ T5359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.444733][ T5359] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.451692][ T5359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.479143][ T5359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.518231][ T5359] hsr_slave_0: entered promiscuous mode
[   71.524447][ T5359] hsr_slave_1: entered promiscuous mode
[   72.096124][ T5359] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.105818][ T5359] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.116411][ T5359] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.125993][ T5359] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.148339][ T5359] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.155743][ T5359] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.163186][ T5359] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.170925][ T5359] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.221116][ T5359] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.235770][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.244033][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.264111][ T5359] 8021q: adding VLAN 0 to HW filter on device team0
[   72.276724][  T903] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.283843][  T903] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.302404][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.309543][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.464053][ T5359] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.499492][ T5359] veth0_vlan: entered promiscuous mode
[   72.511513][ T5359] veth1_vlan: entered promiscuous mode
[   72.542107][ T5359] veth0_macvtap: entered promiscuous mode
[   72.551681][ T5359] veth1_macvtap: entered promiscuous mode
[   72.570339][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.584228][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.596961][ T5359] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.606489][ T5359] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.619588][ T5359] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.629331][ T5359] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.694869][    T7] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.702681][    T7] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.724151][ T5018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.732065][ T5018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.771519][ T5426] ==================================================================
[   72.779605][ T5426] BUG: KASAN: stack-out-of-bounds in ip6mr_ioctl+0x9a5/0xab0
[   72.786985][ T5426] Read of size 16 at addr ffffc90004c07b80 by task syz-executor.0/5426
[   72.795221][ T5426] 
[   72.797547][ T5426] CPU: 0 PID: 5426 Comm: syz-executor.0 Not tainted 6.4.0-rc6-syzkaller #0
[   72.806123][ T5426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   72.816161][ T5426] Call Trace:
[   72.819427][ T5426]  <TASK>
[   72.822436][ T5426]  dump_stack_lvl+0x64/0xb0
[   72.826933][ T5426]  print_address_description.constprop.0+0x2c/0x3c0
[   72.833517][ T5426]  ? ip6mr_ioctl+0x9a5/0xab0
[   72.838094][ T5426]  kasan_report+0x11c/0x130
[   72.842598][ T5426]  ? ip6mr_ioctl+0x9a5/0xab0
[   72.847189][ T5426]  ip6mr_ioctl+0x9a5/0xab0
[   72.851590][ T5426]  ? lock_downgrade+0x690/0x690
[   72.856428][ T5426]  ? ip6_mroute_getsockopt+0x540/0x540
[   72.861902][ T5426]  ? mark_held_locks+0x9f/0xe0
[   72.866656][ T5426]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   72.872450][ T5426]  ? sk_ioctl+0x10e/0x340
[   72.876771][ T5426]  sk_ioctl+0x10e/0x340
[   72.880914][ T5426]  ? sock_ioctl_inout+0xf0/0xf0
[   72.885753][ T5426]  ? tomoyo_path_number_perm+0x206/0x4b0
[   72.891379][ T5426]  ? lock_downgrade+0x690/0x690
[   72.896303][ T5426]  inet6_ioctl+0x185/0x220
[   72.900706][ T5426]  ? inet6_release+0x60/0x60
[   72.905368][ T5426]  ? tomoyo_path_number_perm+0x23b/0x4b0
[   72.910988][ T5426]  ? tomoyo_execute_permission+0x470/0x470
[   72.916785][ T5426]  sock_do_ioctl+0xc9/0x1c0
[   72.921272][ T5426]  ? get_user_ifreq+0x1e0/0x1e0
[   72.926113][ T5426]  ? vfs_fileattr_set+0xa30/0xa30
[   72.931217][ T5426]  sock_ioctl+0x1b1/0x550
[   72.935531][ T5426]  ? br_ioctl_call+0x90/0x90
[   72.940107][ T5426]  ? __fget_files+0x1bf/0x3c0
[   72.944861][ T5426]  __x64_sys_ioctl+0x123/0x190
[   72.949614][ T5426]  do_syscall_64+0x39/0xb0
[   72.954015][ T5426]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.959986][ T5426] RIP: 0033:0x7f84b408c389
[   72.964387][ T5426] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.983980][ T5426] RSP: 002b:00007f84b4e07168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.992382][ T5426] RAX: ffffffffffffffda RBX: 00007f84b41abf80 RCX: 00007f84b408c389
[   73.000355][ T5426] RDX: 0000000000000000 RSI: 00000000000089e1 RDI: 0000000000000003
[   73.008324][ T5426] RBP: 00007f84b40d7493 R08: 0000000000000000 R09: 0000000000000000
[   73.016287][ T5426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.024254][ T5426] R13: 00007ffcd4b12baf R14: 00007f84b4e07300 R15: 0000000000022000
[   73.032225][ T5426]  </TASK>
[   73.035238][ T5426] 
[   73.037550][ T5426] The buggy address belongs to stack of task syz-executor.0/5426
[   73.045248][ T5426]  and is located at offset 40 in frame:
[   73.050873][ T5426]  sk_ioctl+0x0/0x340
[   73.054849][ T5426] 
[   73.057158][ T5426] This frame has 2 objects:
[   73.061650][ T5426]  [32, 36) 'karg'
[   73.061656][ T5426]  [48, 88) 'buffer'
[   73.065358][ T5426] 
[   73.071537][ T5426] The buggy address belongs to the virtual mapping at
[   73.071537][ T5426]  [ffffc90004c00000, ffffc90004c09000) created by:
[   73.071537][ T5426]  kernel_clone+0xbc/0x640
[   73.089060][ T5426] 
[   73.091371][ T5426] The buggy address belongs to the physical page:
[   73.097767][ T5426] page:ffffea0000743240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d0c9
[   73.107901][ T5426] memcg:ffff88802b4ff682
[   73.112131][ T5426] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   73.119229][ T5426] page_type: 0xffffffff()
[   73.123552][ T5426] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   73.132217][ T5426] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88802b4ff682
[   73.140873][ T5426] page dumped because: kasan: bad access detected
[   73.147272][ T5426] page_owner tracks the page as allocated
[   73.153058][ T5426] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5425, tgid 5425 (syz-executor.0), ts 72770934376, free_ts 72756787104
[   73.171617][ T5426]  post_alloc_hook+0x2db/0x350
[   73.176373][ T5426]  get_page_from_freelist+0xf41/0x2c00
[   73.181845][ T5426]  __alloc_pages+0x1cb/0x4a0
[   73.186425][ T5426]  __vmalloc_node_range+0x7ff/0x1070
[   73.191707][ T5426]  copy_process+0x1181/0x6bf0
[   73.196368][ T5426]  kernel_clone+0xbc/0x640
[   73.200788][ T5426]  __do_sys_clone+0xa1/0xe0
[   73.205281][ T5426]  do_syscall_64+0x39/0xb0
[   73.209773][ T5426]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.216619][ T5426] page last free stack trace:
[   73.221364][ T5426]  free_unref_page_prepare+0x62e/0xcb0
[   73.226813][ T5426]  free_unref_page+0x33/0x370
[   73.231470][ T5426]  __unfreeze_partials+0x17c/0x1a0
[   73.236551][ T5426]  qlist_free_all+0x6a/0x170
[   73.241107][ T5426]  kasan_quarantine_reduce+0x195/0x220
[   73.246537][ T5426]  __kasan_slab_alloc+0x63/0x90
[   73.251357][ T5426]  __kmem_cache_alloc_node+0x17c/0x320
[   73.256834][ T5426]  __kmalloc_node+0x51/0x1a0
[   73.261401][ T5426]  translate_table+0x396/0x17f0
[   73.266219][ T5426]  ip6t_register_table+0x100/0x410
[   73.271296][ T5426]  ip6table_security_table_init+0x37/0x60
[   73.276985][ T5426]  xt_find_table_lock+0x22f/0x380
[   73.281977][ T5426]  xt_request_find_table_lock+0x1b/0xb0
[   73.287490][ T5426]  get_info+0x129/0x610
[   73.291741][ T5426]  do_ip6t_get_ctl+0x129/0x800
[   73.296479][ T5426]  nf_getsockopt+0x5b/0xb0
[   73.300878][ T5426] 
[   73.303182][ T5426] Memory state around the buggy address:
[   73.308784][ T5426]  ffffc90004c07a80: 00 00 f1 f1 f1 f1 00 00 00 00 f3 f3 f3 f3 00 00
[   73.316820][ T5426]  ffffc90004c07b00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04
[   73.324856][ T5426] >ffffc90004c07b80: f2 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00
[   73.332884][ T5426]                    ^
[   73.336920][ T5426]  ffffc90004c07c00: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00
[   73.344947][ T5426]  ffffc90004c07c80: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
[   73.352974][ T5426] ==================================================================
[   73.363376][ T4413] Bluetooth: hci0: command 0x0409 tx timeout
[   73.375751][ T5426] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   73.382961][ T5426] CPU: 1 PID: 5426 Comm: syz-executor.0 Not tainted 6.4.0-rc6-syzkaller #0
[   73.391543][ T5426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   73.401589][ T5426] Call Trace:
[   73.404857][ T5426]  <TASK>
[   73.407861][ T5426]  dump_stack_lvl+0x64/0xb0
[   73.412357][ T5426]  panic+0x24f/0x540
[   73.416260][ T5426]  ? panic_smp_self_stop+0x70/0x70
[   73.421364][ T5426]  ? lockdep_hardirqs_on+0x7d/0x100
[   73.426563][ T5426]  ? preempt_schedule_thunk+0x1a/0x20
[   73.431930][ T5426]  ? preempt_schedule_common+0x45/0xb0
[   73.437401][ T5426]  ? preempt_schedule_thunk+0x1a/0x20
[   73.442771][ T5426]  check_panic_on_warn+0x75/0x80
[   73.447880][ T5426]  end_report+0xe9/0x120
[   73.452111][ T5426]  ? ip6mr_ioctl+0x9a5/0xab0
[   73.456699][ T5426]  kasan_report+0xf9/0x130
[   73.461106][ T5426]  ? ip6mr_ioctl+0x9a5/0xab0
[   73.465693][ T5426]  ip6mr_ioctl+0x9a5/0xab0
[   73.470099][ T5426]  ? lock_downgrade+0x690/0x690
[   73.474942][ T5426]  ? ip6_mroute_getsockopt+0x540/0x540
[   73.480650][ T5426]  ? mark_held_locks+0x9f/0xe0
[   73.485842][ T5426]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   73.491642][ T5426]  ? sk_ioctl+0x10e/0x340
[   73.495970][ T5426]  sk_ioctl+0x10e/0x340
[   73.500125][ T5426]  ? sock_ioctl_inout+0xf0/0xf0
[   73.504964][ T5426]  ? tomoyo_path_number_perm+0x206/0x4b0
[   73.510585][ T5426]  ? lock_downgrade+0x690/0x690
[   73.515414][ T5426]  inet6_ioctl+0x185/0x220
[   73.519800][ T5426]  ? inet6_release+0x60/0x60
[   73.524530][ T5426]  ? tomoyo_path_number_perm+0x23b/0x4b0
[   73.530129][ T5426]  ? tomoyo_execute_permission+0x470/0x470
[   73.535905][ T5426]  sock_do_ioctl+0xc9/0x1c0
[   73.540389][ T5426]  ? get_user_ifreq+0x1e0/0x1e0
[   73.545313][ T5426]  ? vfs_fileattr_set+0xa30/0xa30
[   73.550316][ T5426]  sock_ioctl+0x1b1/0x550
[   73.554661][ T5426]  ? br_ioctl_call+0x90/0x90
[   73.559231][ T5426]  ? __fget_files+0x1bf/0x3c0
[   73.563880][ T5426]  __x64_sys_ioctl+0x123/0x190
[   73.568721][ T5426]  do_syscall_64+0x39/0xb0
[   73.573120][ T5426]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.578991][ T5426] RIP: 0033:0x7f84b408c389
[   73.583386][ T5426] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   73.602973][ T5426] RSP: 002b:00007f84b4e07168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.611362][ T5426] RAX: ffffffffffffffda RBX: 00007f84b41abf80 RCX: 00007f84b408c389
[   73.619313][ T5426] RDX: 0000000000000000 RSI: 00000000000089e1 RDI: 0000000000000003
[   73.627258][ T5426] RBP: 00007f84b40d7493 R08: 0000000000000000 R09: 0000000000000000
[   73.635220][ T5426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.643166][ T5426] R13: 00007ffcd4b12baf R14: 00007f84b4e07300 R15: 0000000000022000
[   73.651114][ T5426]  </TASK>
[   73.654190][ T5426] Kernel Offset: disabled
[   73.658500][ T5426] Rebooting in 86400 seconds..