[   53.133991][ T1410] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.169452][ T1410] device veth1_macvtap left promiscuous mode
[   53.169564][ T1410] device veth0_macvtap left promiscuous mode
[   53.169670][ T1410] device veth1_vlan left promiscuous mode
[   53.169807][ T1410] device veth0_vlan left promiscuous mode
[   53.410751][ T1410] team0 (unregistering): Port device team_slave_1 removed
[   53.428379][ T1410] team0 (unregistering): Port device team_slave_0 removed
[   53.447575][ T1410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   53.464830][ T1410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   53.537801][ T1410] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts.
2022/10/09 07:06:46 ignoring optional flag "sandboxArg"="0"
2022/10/09 07:06:46 parsed 1 programs
2022/10/09 07:06:47 executed programs: 0
[   70.522512][ T3609] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   71.164797][   T14] cfg80211: failed to load regulatory.db
[   74.682560][ T3609] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   78.842517][ T3609] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   83.002580][ T3609] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   87.162576][ T3609] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   91.322533][ T3609] Bluetooth: hci0: Opcode 0x c03 failed: -110
[   93.410481][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   93.411274][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   93.411765][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   93.413405][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   93.413857][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   93.414064][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   93.500830][ T4087] chnl_net:caif_netlink_parms(): no params data found
[   93.532212][ T4087] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.532283][ T4087] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.533464][ T4087] device bridge_slave_0 entered promiscuous mode
[   93.535749][ T4087] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.535854][ T4087] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.536764][ T4087] device bridge_slave_1 entered promiscuous mode
[   93.574018][ T4087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.575399][ T4087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.604829][ T4087] team0: Port device team_slave_0 added
[   93.605999][ T4087] team0: Port device team_slave_1 added
[   93.624817][ T4087] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.624825][ T4087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.624830][ T4087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.626399][ T4087] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.626403][ T4087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.626407][ T4087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.722238][ T4087] device hsr_slave_0 entered promiscuous mode
[   93.723091][ T4087] device hsr_slave_1 entered promiscuous mode
[   94.116484][ T4087] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.119155][ T4087] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.121745][ T4087] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.142724][ T4087] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   94.166721][ T4087] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.167107][ T4087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.167258][ T4087] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.167321][ T4087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.254140][ T4087] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.260788][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   94.261577][   T14] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.261984][   T14] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.276677][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   94.303292][ T4087] 8021q: adding VLAN 0 to HW filter on device team0
[   94.319540][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   94.319976][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.320023][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.320261][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   94.320603][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.320645][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.340662][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   94.341231][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   94.341615][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   94.342103][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   94.348221][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   94.351371][ T4087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   94.473005][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   94.473100][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   94.496643][ T4087] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.519517][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   94.520014][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   94.549633][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.550497][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   94.551111][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   94.551535][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   94.555880][ T4087] device veth0_vlan entered promiscuous mode
[   94.570116][ T4087] device veth1_vlan entered promiscuous mode
[   94.595414][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   94.595944][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   94.596402][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   94.596903][ T3627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   94.608208][ T4087] device veth0_macvtap entered promiscuous mode
[   94.618045][ T4087] device veth1_macvtap entered promiscuous mode
[   94.662291][ T4087] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.662701][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   94.663170][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   94.663580][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   94.664023][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   94.668348][ T4087] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.668422][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   94.668842][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   94.671768][ T4087] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.671782][ T4087] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.671790][ T4087] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.671798][ T4087] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.797296][ T1410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.797309][ T1410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.799019][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2022/10/09 07:07:14 executed programs: 1
[   94.849458][ T1410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.849470][ T1410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.851105][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   95.483870][   T14] Bluetooth: hci0: command 0x0409 tx timeout
[   96.986868][ T1519] ==================================================================
[   96.986875][ T1519] BUG: KASAN: use-after-free in nf_tables_trans_destroy_work+0xd32/0xdb0
[   96.986889][ T1519] Read of size 1 at addr ffff88806acae054 by task kworker/1:2/1519
[   96.986895][ T1519] 
[   96.986906][ T1519] CPU: 1 PID: 1519 Comm: kworker/1:2 Not tainted 5.18.0-syzkaller #0
[   96.986914][ T1519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   96.986918][ T1519] Workqueue: events nf_tables_trans_destroy_work
[   96.986928][ T1519] Call Trace:
[   96.986932][ T1519]  <TASK>
[   96.986935][ T1519]  dump_stack_lvl+0x163/0x213
[   96.986947][ T1519]  ? bfq_pos_tree_add_move+0x3bd/0x3bd
[   96.986954][ T1519]  ? _printk+0xca/0x10a
[   96.986963][ T1519]  ? panic+0x53e/0x53e
[   96.986969][ T1519]  ? _printk+0xca/0x10a
[   96.986976][ T1519]  print_address_description+0x65/0x4b0
[   96.986985][ T1519]  print_report+0xf4/0x210
[   96.986990][ T1519]  ? __lock_acquire+0x1f80/0x1f80
[   96.986996][ T1519]  ? do_raw_spin_lock+0x148/0x360
[   96.987005][ T1519]  ? nf_tables_trans_destroy_work+0xd32/0xdb0
[   96.987011][ T1519]  kasan_report+0xfb/0x130
[   96.987017][ T1519]  ? nf_tables_trans_destroy_work+0xd32/0xdb0
[   96.987024][ T1519]  nf_tables_trans_destroy_work+0xd32/0xdb0
[   96.987031][ T1519]  ? rcu_read_lock_sched_held+0x89/0x130
[   96.987041][ T1519]  ? nft_object_dump+0x1b0/0x1b0
[   96.987050][ T1519]  process_one_work+0x794/0xc10
[   96.987063][ T1519]  ? worker_detach_from_pool+0x240/0x240
[   96.987070][ T1519]  ? _raw_spin_lock_irqsave+0x120/0x120
[   96.987080][ T1519]  ? wq_worker_sleeping+0x19/0x200
[   96.987088][ T1519]  worker_thread+0x8ff/0xfe0
[   96.987102][ T1519]  kthread+0x228/0x2a0
[   96.987108][ T1519]  ? rcu_lock_release+0x20/0x20
[   96.987113][ T1519]  ? kthread_blkcg+0xa0/0xa0
[   96.987119][ T1519]  ret_from_fork+0x1f/0x30
[   96.987132][ T1519]  </TASK>
[   96.987135][ T1519] 
[   96.987137][ T1519] Allocated by task 4360:
[   96.987140][ T1519]  ____kasan_kmalloc+0xdc/0x110
[   96.987146][ T1519]  kmem_cache_alloc_trace+0x94/0x310
[   96.987154][ T1519]  nf_tables_newchain+0x1098/0x2920
[   96.987159][ T1519]  nfnetlink_rcv+0xc5a/0x1fa0
[   96.987165][ T1519]  netlink_unicast+0x5d8/0x850
[   96.987171][ T1519]  netlink_sendmsg+0x752/0xb00
[   96.987176][ T1519]  ____sys_sendmsg+0x487/0x780
[   96.987182][ T1519]  __sys_sendmsg+0x1f5/0x2b0
[   96.987187][ T1519]  do_syscall_64+0x2b/0x70
[   96.987192][ T1519]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   96.987197][ T1519] 
[   96.987198][ T1519] Freed by task 4359:
[   96.987201][ T1519]  kasan_set_track+0x4c/0x70
[   96.987205][ T1519]  kasan_set_free_info+0x1f/0x40
[   96.987210][ T1519]  ____kasan_slab_free+0xd8/0x110
[   96.987215][ T1519]  slab_free_freelist_hook+0x12e/0x1a0
[   96.987221][ T1519]  kfree+0xc6/0x210
[   96.987225][ T1519]  __nft_release_table+0xbb4/0xd90
[   96.987233][ T1519]  nft_rcv_nl_event+0x3cd/0x480
[   96.987238][ T1519]  blocking_notifier_call_chain+0xff/0x140
[   96.987245][ T1519]  netlink_release+0xce2/0x13c0
[   96.987250][ T1519]  sock_close+0xcc/0x230
[   96.987255][ T1519]  __fput+0x2de/0x650
[   96.987261][ T1519]  task_work_run+0xd6/0x160
[   96.987267][ T1519]  exit_to_user_mode_loop+0x134/0x160
[   96.987273][ T1519]  exit_to_user_mode_prepare+0xad/0x110
[   96.987278][ T1519]  syscall_exit_to_user_mode+0x2e/0x60
[   96.987284][ T1519]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   96.987288][ T1519] 
[   96.987290][ T1519] The buggy address belongs to the object at ffff88806acae000
[   96.987290][ T1519]  which belongs to the cache kmalloc-cg-128 of size 128
[   96.987294][ T1519] The buggy address is located 84 bytes inside of
[   96.987294][ T1519]  128-byte region [ffff88806acae000, ffff88806acae080)
[   96.987300][ T1519] 
[   96.987301][ T1519] The buggy address belongs to the physical page:
[   96.987304][ T1519] page:ffffea0001ab2b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6acae
[   96.987311][ T1519] memcg:ffff888074a84a01
[   96.987314][ T1519] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   96.987324][ T1519] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888010c42a00
[   96.987329][ T1519] raw: 0000000000000000 0000000080100010 00000001ffffffff ffff888074a84a01
[   96.987332][ T1519] page dumped because: kasan: bad access detected
[   96.987335][ T1519] page_owner tracks the page as allocated
[   96.987337][ T1519] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4360, tgid 4359 (syz-executor.0), ts 96984445763, free_ts 96958463163
[   96.987348][ T1519]  get_page_from_freelist+0x72e/0x7a0
[   96.987356][ T1519]  __alloc_pages+0x26c/0x5f0
[   96.987361][ T1519]  alloc_slab_page+0x70/0xf0
[   96.987367][ T1519]  allocate_slab+0x5e/0x520
[   96.987373][ T1519]  ___slab_alloc+0x41e/0xcd0
[   96.987378][ T1519]  kmem_cache_alloc_trace+0x25c/0x310
[   96.987383][ T1519]  nf_tables_newchain+0x1098/0x2920
[   96.987388][ T1519]  nfnetlink_rcv+0xc5a/0x1fa0
[   96.987393][ T1519]  netlink_unicast+0x5d8/0x850
[   96.987398][ T1519]  netlink_sendmsg+0x752/0xb00
[   96.987402][ T1519]  ____sys_sendmsg+0x487/0x780
[   96.987407][ T1519]  __sys_sendmsg+0x1f5/0x2b0
[   96.987411][ T1519]  do_syscall_64+0x2b/0x70
[   96.987416][ T1519]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   96.987421][ T1519] page last free stack trace:
[   96.987423][ T1519]  free_pcp_prepare+0x812/0x900
[   96.987429][ T1519]  free_unref_page_list+0x12c/0x890
[   96.987435][ T1519]  release_pages+0x1cfc/0x1ed0
[   96.987442][ T1519]  tlb_flush_mmu+0x58e/0x700
[   96.987449][ T1519]  tlb_finish_mmu+0xad/0x1c0
[   96.987454][ T1519]  exit_mmap+0x1b0/0x480
[   96.987460][ T1519]  __mmput+0xc7/0x2f0
[   96.987466][ T1519]  exit_mm+0x1e5/0x290
[   96.987472][ T1519]  do_exit+0x427/0x1ae0
[   96.987477][ T1519]  do_group_exit+0x104/0x2b0
[   96.987482][ T1519]  get_signal+0x11f4/0x1240
[   96.987488][ T1519]  arch_do_signal_or_restart+0x8d/0x750
[   96.987494][ T1519]  exit_to_user_mode_loop+0x74/0x160
[   96.987499][ T1519]  exit_to_user_mode_prepare+0xad/0x110
[   96.987504][ T1519]  syscall_exit_to_user_mode+0x2e/0x60
[   96.987509][ T1519]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   96.987513][ T1519] 
[   96.987514][ T1519] Memory state around the buggy address:
[   96.987517][ T1519]  ffff88806acadf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.987520][ T1519]  ffff88806acadf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.987523][ T1519] >ffff88806acae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   96.987525][ T1519]                                                  ^
[   96.987528][ T1519]  ffff88806acae080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.987531][ T1519]  ffff88806acae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   96.987534][ T1519] ==================================================================
[   96.987538][ T1519] Kernel panic - not syncing: panic_on_warn set ...
[   97.635538][ T1519] CPU: 1 PID: 1519 Comm: kworker/1:2 Not tainted 5.18.0-syzkaller #0
[   97.643604][ T1519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   97.653647][ T1519] Workqueue: events nf_tables_trans_destroy_work
[   97.659971][ T1519] Call Trace:
[   97.663235][ T1519]  <TASK>
[   97.666158][ T1519]  dump_stack_lvl+0x163/0x213
[   97.670832][ T1519]  ? bfq_pos_tree_add_move+0x3bd/0x3bd
[   97.676422][ T1519]  ? panic+0x53e/0x53e
[   97.680467][ T1519]  ? panic+0xfc/0x53e
[   97.684425][ T1519]  panic+0x228/0x53e
[   97.688297][ T1519]  ? fb_is_primary_device+0xb8/0xb8
[   97.693468][ T1519]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   97.699340][ T1519]  ? nf_tables_trans_destroy_work+0xd32/0xdb0
[   97.705471][ T1519]  end_report+0x91/0xa0
[   97.709640][ T1519]  kasan_report+0x108/0x130
[   97.714202][ T1519]  ? nf_tables_trans_destroy_work+0xd32/0xdb0
[   97.720243][ T1519]  nf_tables_trans_destroy_work+0xd32/0xdb0
[   97.726114][ T1519]  ? rcu_read_lock_sched_held+0x89/0x130
[   97.731726][ T1519]  ? nft_object_dump+0x1b0/0x1b0
[   97.736641][ T1519]  process_one_work+0x794/0xc10
[   97.741473][ T1519]  ? worker_detach_from_pool+0x240/0x240
[   97.747086][ T1519]  ? _raw_spin_lock_irqsave+0x120/0x120
[   97.752610][ T1519]  ? wq_worker_sleeping+0x19/0x200
[   97.757705][ T1519]  worker_thread+0x8ff/0xfe0
[   97.762368][ T1519]  kthread+0x228/0x2a0
[   97.766421][ T1519]  ? rcu_lock_release+0x20/0x20
[   97.771444][ T1519]  ? kthread_blkcg+0xa0/0xa0
[   97.776008][ T1519]  ret_from_fork+0x1f/0x30
[   97.780409][ T1519]  </TASK>
[   97.783594][ T1519] Kernel Offset: disabled
[   97.787904][ T1519] Rebooting in 86400 seconds..