ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
==================================================================
BUG: KASAN: slab-use-after-free in tty_write_room+0x3c/0x8c drivers/tty/tty_ioctl.c:68
Read of size 8 at addr ffff0001380e9020 by task aoe_tx0/2251

CPU: 1 PID: 2251 Comm: aoe_tx0 Tainted: G    B              6.8.0-rc4-syzkaller-g905b00721763 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x178/0x518 mm/kasan/report.c:488
 kasan_report+0xd8/0x138 mm/kasan/report.c:601
 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381
 tty_write_room+0x3c/0x8c drivers/tty/tty_ioctl.c:68
 handle_tx+0x120/0x604 drivers/net/caif/caif_serial.c:226
 caif_xmit+0x108/0x150 drivers/net/caif/caif_serial.c:282
 __netdev_start_xmit include/linux/netdevice.h:4989 [inline]
 netdev_start_xmit include/linux/netdevice.h:5003 [inline]
 xmit_one net/core/dev.c:3547 [inline]
 dev_hard_start_xmit+0x240/0x8ac net/core/dev.c:3563
 __dev_queue_xmit+0x15b0/0x329c net/core/dev.c:4351
 dev_queue_xmit include/linux/netdevice.h:3171 [inline]
 tx+0x90/0x138 drivers/block/aoe/aoenet.c:62
 kthread+0x1ac/0x374 drivers/block/aoe/aoecmd.c:1229
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

The buggy address belongs to the object at ffff0001380e9000
 which belongs to the cache kmalloc-cg-2k of size 2048
The buggy address is located 32 bytes inside of
 freed 2048-byte region [ffff0001380e9000, ffff0001380e9800)

The buggy address belongs to the physical page:
page:000000005b3841b7 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0001380e9000 pfn:0x1780e8
head:000000005b3841b7 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff0000c9d500c1
flags: 0x5ffc00000000a40(workingset|slab|head|node=0|zone=2|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 05ffc00000000a40 ffff0000c000f3c0 fffffdffc3609810 fffffdffc460b010
raw: ffff0001380e9000 0000000000080006 00000001ffffffff ffff0000c9d500c1
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0001380e8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0001380e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0001380e9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                               ^
 ffff0001380e9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0001380e9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================