[   45.961998][   T10] device veth1_macvtap left promiscuous mode
[   45.968653][   T10] device veth0_macvtap left promiscuous mode
[   45.976250][   T10] device veth1_vlan left promiscuous mode
[   45.982201][   T10] device veth0_vlan left promiscuous mode
[   46.171303][   T10] team0 (unregistering): Port device team_slave_1 removed
[   46.184784][   T10] team0 (unregistering): Port device team_slave_0 removed
[   46.197746][   T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   46.210098][   T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   46.256640][   T10] bond0 (unregistering): Released all slaves
[   48.613655][   T25] audit: type=1400 audit(1645441628.021:189): avc:  denied  { transition } for  pid=3861 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
[   60.019627][   T25] audit: type=1400 audit(1645441639.431:190): avc:  denied  { create } for  pid=4040 comm="syz-executor229" dev="anon_inodefs" ino=29149 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   71.136907][  T140] cfg80211: failed to load regulatory.db
[   74.669399][ T1026] ------------[ cut here ]------------
[   74.676881][ T1026] WARNING: CPU: 1 PID: 1026 at fs/io_uring.c:9459 io_ring_exit_work+0x79d/0xa01
[   74.680285][    C0] ==================================================================
[   74.690123][ T1026] Modules linked in:
[   74.694221][    C0] BUG: KASAN: use-after-free in io_rsrc_node_ref_zero+0x55/0x233
[   74.698537][ T1026] CPU: 1 PID: 1026 Comm: kworker/u4:5 Not tainted 5.17.0-rc1-syzkaller #0
[   74.705811][    C0] Read of size 8 at addr ffff88801df6ee00 by task ksoftirqd/0/13
[   74.705819][    C0] 
[   74.705823][    C0] CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.17.0-rc1-syzkaller #0
[   74.705830][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.705835][    C0] Call Trace:
[   74.705840][    C0]  <TASK>
[   74.705844][    C0]  dump_stack_lvl+0x57/0x7d
[   74.705860][    C0]  print_address_description.constprop.0.cold+0x8d/0x303
[   74.714592][ T1026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.722060][    C0]  ? io_rsrc_node_ref_zero+0x55/0x233
[   74.722079][    C0]  ? io_rsrc_node_ref_zero+0x55/0x233
[   74.722084][    C0]  kasan_report.cold+0x83/0xdf
[   74.722092][    C0]  ? io_rsrc_node_ref_zero+0x55/0x233
[   74.722098][    C0]  io_rsrc_node_ref_zero+0x55/0x233
[   74.722104][    C0]  ? __percpu_ref_exit+0x7d/0xd0
[   74.722111][    C0]  percpu_ref_put_many.constprop.0+0x165/0x1a0
[   74.726136][ T1026] Workqueue: events_unbound io_ring_exit_work
[   74.732653][    C0]  rcu_core+0x7b8/0x1540
[   74.743406][ T1026] 
[   74.745970][    C0]  ? trace_rcu_stall_warning+0x1b0/0x1b0
[   74.745985][    C0]  __do_softirq+0x29b/0x9c2
[   74.745995][    C0]  ? __irq_exit_rcu+0x180/0x180
[   74.746004][    C0]  ? smpboot_thread_fn+0x66/0x8c0
[   74.746013][    C0]  run_ksoftirqd+0x2d/0x60
[   74.749591][ T1026] RIP: 0010:io_ring_exit_work+0x79d/0xa01
[   74.753410][    C0]  smpboot_thread_fn+0x548/0x8c0
[   74.761034][ T1026] Code: 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 d4 06 6b f9 48 8b 83 e0 fe ff ff 49 39 c4 74 02 <0f> 0b 48 8d bb d8 fe ff ff b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48
[   74.770446][    C0]  ? __smpboot_create_thread.part.0+0x2f0/0x2f0
[   74.770460][    C0]  kthread+0x299/0x340
[   74.770468][    C0]  ? kthread_complete_and_exit+0x20/0x20
[   74.770476][    C0]  ret_from_fork+0x1f/0x30
[   74.770486][    C0]  </TASK>
[   74.770490][    C0] 
[   74.770494][    C0] Allocated by task 7371:
[   74.770499][    C0]  kasan_save_stack+0x1e/0x40
[   74.776587][ T1026] RSP: 0018:ffffc9000463fbd0 EFLAGS: 00010202
[   74.781219][    C0]  __kasan_kmalloc+0xa6/0xd0
[   74.781231][    C0]  __kmalloc+0x209/0x4d0
[   74.781237][    C0]  io_rsrc_data_alloc+0x34/0x344
[   74.781244][    C0]  io_sqe_buffers_register.cold+0x19/0x35b
[   74.781251][    C0]  __do_sys_io_uring_register+0xcde/0x1150
[   74.786535][ T1026] 
[   74.791340][    C0]  do_syscall_64+0x35/0xb0
[   74.791350][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.791360][    C0] 
[   74.791363][    C0] Freed by task 7371:
[   74.791368][    C0]  kasan_save_stack+0x1e/0x40
[   74.797072][ T1026] RAX: ffff888019aee510 RBX: ffff8880782d8688 RCX: ffffc9000463f9b0
[   74.801470][    C0]  kasan_set_track+0x21/0x30
[   74.801481][    C0]  kasan_set_free_info+0x20/0x30
[   74.801488][    C0]  __kasan_slab_free+0xee/0x130
[   74.801494][    C0]  kfree+0xf6/0x290
[   74.801500][    C0]  __io_sqe_buffers_unregister+0xd6/0x16d
[   74.808147][ T1026] RDX: 1ffff1100f05b0ad RSI: ffffffff88cb6dc0 RDI: ffffffff8921a5e0
[   74.813665][    C0]  __do_sys_io_uring_register.cold+0xe58/0x11fd
[   74.813676][    C0]  do_syscall_64+0x35/0xb0
[   74.813683][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.813692][    C0] 
[   74.813695][    C0] The buggy address belongs to the object at ffff88801df6ee00
[   74.813695][    C0]  which belongs to the cache kmalloc-192 of size 192
[   74.818483][ T1026] RBP: ffff8880782d8000 R08: 0000000000000000 R09: 0000000000000000
[   74.820221][    C0] The buggy address is located 0 bytes inside of
[   74.820221][    C0]  192-byte region [ffff88801df6ee00, ffff88801df6eec0)
[   74.820228][    C0] The buggy address belongs to the page:
[   74.820233][    C0] page:ffffea000077db80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1df6e
[   74.820241][    C0] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   74.820251][    C0] raw: 00fff00000000200 ffffea0000779908 ffffea000077e1c8 ffff88800fc40000
[   74.820257][    C0] raw: 0000000000000000 ffff88801df6e000 0000000100000010 0000000000000000
[   74.820261][    C0] page dumped because: kasan: bad access detected
[   74.820265][    C0] page_owner tracks the page as allocated
[   74.826680][ T1026] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880782d8568
[   74.830356][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x242000(__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 7, ts 5899183856, free_ts 0
[   74.830367][    C0]  get_page_from_freelist+0xa6f/0x2f10
[   74.830378][    C0]  __alloc_pages+0x1b2/0x500
[   74.830384][    C0]  cache_grow_begin+0x75/0x350
[   74.835795][ T1026] R13: ffff8880782d8010 R14: ffffc9000463fc28 R15: 0000000000000005
[   74.840323][    C0]  cache_alloc_refill+0x27f/0x380
[   74.840333][    C0]  __kmalloc+0x3b3/0x4d0
[   74.840339][    C0]  usb_alloc_urb+0x25/0x60
[   74.840348][    C0]  usb_control_msg+0x1bd/0x460
[   74.844818][ T1026] FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
[   74.850732][    C0]  hub_ext_port_status+0xf8/0x3c0
[   74.850742][    C0]  hub_activate+0x645/0x15d0
[   74.850748][    C0]  process_one_work+0x879/0x1410
[   74.850754][    C0]  worker_thread+0x5a0/0xf60
[   74.850759][    C0]  kthread+0x299/0x340
[   74.850766][    C0]  ret_from_fork+0x1f/0x30
[   74.850775][    C0] page_owner free stack trace missing
[   74.850779][    C0] 
[   74.850782][    C0] Memory state around the buggy address:
[   74.850788][    C0]  ffff88801df6ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.850793][    C0]  ffff88801df6ed80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   74.856960][ T1026] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.875298][    C0] >ffff88801df6ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.875305][    C0]                    ^
[   74.875309][    C0]  ffff88801df6ee80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   74.875313][    C0]  ffff88801df6ef00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.875318][    C0] ==================================================================
[   74.875321][    C0] Disabling lock debugging due to kernel taint
[   74.875404][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   74.882026][ T1026] CR2: 0000000020000140 CR3: 000000007e751000 CR4: 00000000003506e0
[   74.885617][    C0] CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G    B             5.17.0-rc1-syzkaller #0
[   74.885624][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.885629][    C0] Call Trace:
[   74.885632][    C0]  <TASK>
[   74.885634][    C0]  dump_stack_lvl+0x57/0x7d
[   74.885644][    C0]  panic+0x214/0x49f
[   74.885651][    C0]  ? __warn_printk+0xee/0xee
[   74.885658][    C0]  ? io_rsrc_node_ref_zero+0x55/0x233
[   74.885664][    C0]  ? io_rsrc_node_ref_zero+0x55/0x233
[   74.885667][    C0]  end_report.cold+0x63/0x6f
[   74.885674][    C0]  kasan_report.cold+0x71/0xdf
[   74.885680][    C0]  ? io_rsrc_node_ref_zero+0x55/0x233
[   74.885684][    C0]  io_rsrc_node_ref_zero+0x55/0x233
[   74.885689][    C0]  ? __percpu_ref_exit+0x7d/0xd0
[   74.885695][    C0]  percpu_ref_put_many.constprop.0+0x165/0x1a0
[   74.885700][    C0]  rcu_core+0x7b8/0x1540
[   74.885709][    C0]  ? trace_rcu_stall_warning+0x1b0/0x1b0
[   74.885715][    C0]  __do_softirq+0x29b/0x9c2
[   74.885723][    C0]  ? __irq_exit_rcu+0x180/0x180
[   74.885730][    C0]  ? smpboot_thread_fn+0x66/0x8c0
[   74.885737][    C0]  run_ksoftirqd+0x2d/0x60
[   74.885743][    C0]  smpboot_thread_fn+0x548/0x8c0
[   74.885749][    C0]  ? __smpboot_create_thread.part.0+0x2f0/0x2f0
[   74.885755][    C0]  kthread+0x299/0x340
[   75.430218][    C0]  ? kthread_complete_and_exit+0x20/0x20
[   75.435833][    C0]  ret_from_fork+0x1f/0x30
[   75.440227][    C0]  </TASK>
[   75.443380][    C0] Kernel Offset: disabled
[   75.447687][    C0] Rebooting in 86400 seconds..