[  249.815342][ T1206] ieee802154 phy0 wpan0: encryption failed: -22
[  249.822102][ T1206] ieee802154 phy1 wpan1: encryption failed: -22
[  311.264781][ T1206] ieee802154 phy0 wpan0: encryption failed: -22
[  311.271117][ T1206] ieee802154 phy1 wpan1: encryption failed: -22
[  372.695230][ T1206] ieee802154 phy0 wpan0: encryption failed: -22
[  372.702082][ T1206] ieee802154 phy1 wpan1: encryption failed: -22
[  434.135433][ T1206] ieee802154 phy0 wpan0: encryption failed: -22
[  434.141745][ T1206] ieee802154 phy1 wpan1: encryption failed: -22
[  435.332491][   T64] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.421376][   T64] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.509700][   T64] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.599395][   T64] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  436.406782][   T64] device hsr_slave_0 left promiscuous mode
[  436.417125][   T64] device hsr_slave_1 left promiscuous mode
[  436.423502][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  436.431548][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  436.440774][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  436.449265][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  436.463199][   T64] device bridge_slave_1 left promiscuous mode
[  436.469618][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  436.478226][   T64] device bridge_slave_0 left promiscuous mode
[  436.487491][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  436.500226][   T64] device veth1_macvtap left promiscuous mode
[  436.510662][   T64] device veth0_macvtap left promiscuous mode
[  436.516859][   T64] device veth1_vlan left promiscuous mode
[  436.522656][   T64] device veth0_vlan left promiscuous mode
[  436.745751][   T64] team0 (unregistering): Port device team_slave_1 removed
[  436.758533][   T64] team0 (unregistering): Port device team_slave_0 removed
[  436.772595][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  436.809247][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  436.891678][   T64] bond0 (unregistering): Released all slaves
[  438.157127][   T64] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.274795][   T64] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.368279][   T64] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.440957][   T64] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.596294][   T64] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.650879][   T64] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.719693][   T64] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.800105][   T64] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.957424][   T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.057120][   T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.140049][   T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.200984][   T64] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.542026][   T64] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.634593][   T64] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.751494][   T64] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.915828][   T64] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Warning: Permanently added '10.128.1.170' (ECDSA) to the list of known hosts.
[  442.942178][   T64] device hsr_slave_0 left promiscuous mode
[  442.994774][   T64] device hsr_slave_1 left promiscuous mode
[  443.048220][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  443.078801][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  443.137578][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  443.155267][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  443.196274][   T64] device bridge_slave_1 left promiscuous mode
[  443.231671][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.271466][   T64] device bridge_slave_0 left promiscuous mode
[  443.295543][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  443.383036][   T64] device hsr_slave_0 left promiscuous mode
[  443.457122][   T64] device hsr_slave_1 left promiscuous mode
[  443.509664][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  443.589457][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  443.730822][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  443.770180][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  443.876917][   T64] device bridge_slave_1 left promiscuous mode
[  443.883124][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.042329][   T64] device bridge_slave_0 left promiscuous mode
[  444.109537][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.211878][   T64] device hsr_slave_0 left promiscuous mode
[  444.270376][   T64] device hsr_slave_1 left promiscuous mode
[  444.337806][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  444.397120][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  444.456294][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  444.495277][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  444.562886][   T64] device bridge_slave_1 left promiscuous mode
[  444.579058][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.636300][   T64] device bridge_slave_0 left promiscuous mode
[  444.671804][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.762613][   T64] device hsr_slave_0 left promiscuous mode
[  444.779998][   T64] device hsr_slave_1 left promiscuous mode
[  444.790696][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  444.832709][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  444.884858][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  444.932738][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  444.968371][   T64] device bridge_slave_1 left promiscuous mode
[  445.001457][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.050055][   T64] device bridge_slave_0 left promiscuous mode
[  445.081960][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.165925][   T64] device hsr_slave_0 left promiscuous mode
[  445.186594][   T64] device hsr_slave_1 left promiscuous mode
[  445.221883][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  445.260382][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  445.315958][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  445.356970][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  445.406343][   T64] device bridge_slave_1 left promiscuous mode
[  445.438995][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.498708][   T64] device bridge_slave_0 left promiscuous mode
[  445.534589][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.670321][   T64] device veth1_macvtap left promiscuous mode
[  445.711641][   T64] device veth0_macvtap left promiscuous mode
[  445.738103][   T64] device veth1_vlan left promiscuous mode
[  445.766677][   T64] device veth0_vlan left promiscuous mode
[  445.836108][   T64] device veth1_macvtap left promiscuous mode
[  445.861215][   T64] device veth0_macvtap left promiscuous mode
[  445.895748][   T64] device veth1_vlan left promiscuous mode
[  445.926752][   T64] device veth0_vlan left promiscuous mode
[  445.966915][   T64] device veth1_macvtap left promiscuous mode
[  446.005094][   T64] device veth0_macvtap left promiscuous mode
[  446.039860][   T64] device veth1_vlan left promiscuous mode
[  446.079929][   T64] device veth0_vlan left promiscuous mode
[  446.147909][   T64] device veth1_macvtap left promiscuous mode
[  446.191475][   T64] device veth0_macvtap left promiscuous mode
[  446.256709][   T64] device veth1_vlan left promiscuous mode
[  446.299043][   T64] device veth0_vlan left promiscuous mode
[  446.352204][   T64] device veth1_macvtap left promiscuous mode
[  446.409817][   T64] device veth0_macvtap left promiscuous mode
[  446.490926][   T64] device veth1_vlan left promiscuous mode
[  446.563225][   T64] device veth0_vlan left promiscuous mode
[  450.264116][   T64] team0 (unregistering): Port device team_slave_1 removed
[  450.336225][   T64] team0 (unregistering): Port device team_slave_0 removed
[  450.365599][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  450.510313][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  451.022881][   T64] bond0 (unregistering): Released all slaves
[  451.887371][   T64] team0 (unregistering): Port device team_slave_1 removed
[  451.983856][   T64] team0 (unregistering): Port device team_slave_0 removed
[  452.125469][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  452.238186][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  452.772348][   T64] bond0 (unregistering): Released all slaves
[  453.432278][   T64] team0 (unregistering): Port device team_slave_1 removed
[  453.514198][   T64] team0 (unregistering): Port device team_slave_0 removed
[  453.620309][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  453.741786][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  454.069869][   T64] bond0 (unregistering): Released all slaves
[  454.781868][   T64] team0 (unregistering): Port device team_slave_1 removed
[  454.910088][   T64] team0 (unregistering): Port device team_slave_0 removed
[  454.953032][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  455.023737][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  455.481995][   T64] bond0 (unregistering): Released all slaves
[  456.025288][   T64] team0 (unregistering): Port device team_slave_1 removed
[  456.110359][   T64] team0 (unregistering): Port device team_slave_0 removed
[  456.174584][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  456.266280][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  456.647802][   T64] bond0 (unregistering): Released all slaves
[  490.758163][T23630] ==================================================================
[  490.766284][T23630] BUG: KASAN: stack-out-of-bounds in post_one_notification.isra.0+0x3db/0x850
[  490.775106][T23630] Read of size 80 at addr ffffc90004d17d40 by task syz-executor170/23630
[  490.783482][T23630] 
[  490.785774][T23630] CPU: 1 PID: 23630 Comm: syz-executor170 Not tainted 6.2.0-rc6-syzkaller #0
[  490.794492][T23630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  490.804519][T23630] Call Trace:
[  490.807772][T23630]  <TASK>
[  490.810672][T23630]  dump_stack_lvl+0x57/0x7d
[  490.815143][T23630]  print_report+0x15e/0x45d
[  490.819609][T23630]  ? post_one_notification.isra.0+0x3db/0x850
[  490.825658][T23630]  kasan_report+0xbb/0x1f0
[  490.830039][T23630]  ? post_one_notification.isra.0+0x3db/0x850
[  490.836090][T23630]  kasan_check_range+0x13d/0x180
[  490.840994][T23630]  memcpy+0x20/0x60
[  490.844761][T23630]  post_one_notification.isra.0+0x3db/0x850
[  490.850614][T23630]  __post_watch_notification+0x459/0x800
[  490.856210][T23630]  ? user_update+0x1f0/0x2b0
[  490.860765][T23630]  key_create_or_update+0xa84/0xbe0
[  490.865947][T23630]  ? key_alloc+0x10b0/0x10b0
[  490.870499][T23630]  ? join_session_keyring+0x2b0/0x2b0
[  490.875920][T23630]  ? find_held_lock+0x2d/0x110
[  490.880654][T23630]  __do_sys_add_key+0x156/0x300
[  490.885470][T23630]  ? get_instantiation_keyring+0x180/0x180
[  490.891238][T23630]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[  490.897180][T23630]  ? syscall_enter_from_user_mode+0x22/0xb0
[  490.903070][T23630]  do_syscall_64+0x35/0xb0
[  490.907547][T23630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  490.913405][T23630] RIP: 0033:0x7fe6418caf39
[  490.917823][T23630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  490.937426][T23630] RSP: 002b:00007ffcae40c668 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  490.945822][T23630] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fe6418caf39
[  490.953775][T23630] RDX: 0000000020000280 RSI: 0000000020000100 RDI: 00000000200000c0
[  490.961731][T23630] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000001
[  490.969681][T23630] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000077cd9
[  490.977620][T23630] R13: 00007ffcae40c67c R14: 00007ffcae40c690 R15: 00007ffcae40c680
[  490.985569][T23630]  </TASK>
[  490.988565][T23630] 
[  490.990873][T23630] The buggy address belongs to stack of task syz-executor170/23630
[  490.998727][T23630]  and is located at offset 64 in frame:
[  491.004341][T23630]  key_create_or_update+0x0/0xbe0
[  491.009346][T23630] 
[  491.011646][T23630] This frame has 4 objects:
[  491.016114][T23630]  [32, 40) 'edit'
[  491.016117][T23630]  [64, 80) 'n'
[  491.019801][T23630]  [96, 136) 'index_key'
[  491.023226][T23630]  [176, 256) 'prep'
[  491.027447][T23630] 
[  491.033598][T23630] The buggy address belongs to the virtual mapping at
[  491.033598][T23630]  [ffffc90004d10000, ffffc90004d19000) created by:
[  491.033598][T23630]  kernel_clone+0xb8/0x720
[  491.051019][T23630] 
[  491.053316][T23630] The buggy address belongs to the physical page:
[  491.059707][T23630] page:ffffea0000a3edc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28fb7
[  491.069838][T23630] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  491.076918][T23630] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  491.085485][T23630] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  491.094038][T23630] page dumped because: kasan: bad access detected
[  491.100430][T23630] page_owner tracks the page as allocated
[  491.106134][T23630] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 11, tgid 11 (kworker/u4:1), ts 8088437124, free_ts 6714803854
[  491.124780][T23630]  get_page_from_freelist+0x119c/0x2ce0
[  491.130317][T23630]  __alloc_pages+0x1c7/0x5a0
[  491.134881][T23630]  __vmalloc_node_range+0x712/0x1010
[  491.140142][T23630]  copy_process+0x10a9/0x6bb0
[  491.144809][T23630]  kernel_clone+0xb8/0x720
[  491.149207][T23630]  user_mode_thread+0x9b/0xd0
[  491.153864][T23630]  call_usermodehelper_exec_work+0xa4/0x140
[  491.159736][T23630]  process_one_work+0x8ba/0x14b0
[  491.164650][T23630]  worker_thread+0x598/0xec0
[  491.169209][T23630]  kthread+0x294/0x330
[  491.173247][T23630]  ret_from_fork+0x1f/0x30
[  491.177726][T23630] page last free stack trace:
[  491.182466][T23630]  free_pcp_prepare+0x65c/0xc00
[  491.187288][T23630]  free_unref_page+0x19/0x480
[  491.191946][T23630]  __vunmap+0x66e/0xb40
[  491.196066][T23630]  free_work+0x4b/0x70
[  491.200115][T23630]  process_one_work+0x8ba/0x14b0
[  491.205018][T23630]  worker_thread+0x598/0xec0
[  491.209585][T23630]  kthread+0x294/0x330
[  491.213618][T23630]  ret_from_fork+0x1f/0x30
[  491.218017][T23630] 
[  491.220312][T23630] Memory state around the buggy address:
[  491.225920][T23630]  ffffc90004d17c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  491.233952][T23630]  ffffc90004d17c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  491.242001][T23630] >ffffc90004d17d00: f1 f1 f1 f1 00 f2 f2 f2 00 00 f2 f2 00 00 00 00
[  491.250044][T23630]                                                  ^
[  491.256688][T23630]  ffffc90004d17d80: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[  491.264786][T23630]  ffffc90004d17e00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[  491.272818][T23630] ==================================================================
[  491.281020][T23630] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  491.288187][T23630] CPU: 1 PID: 23630 Comm: syz-executor170 Not tainted 6.2.0-rc6-syzkaller #0
[  491.296914][T23630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  491.306939][T23630] Call Trace:
[  491.310203][T23630]  <TASK>
[  491.313104][T23630]  dump_stack_lvl+0x57/0x7d
[  491.317575][T23630]  panic+0x219/0x453
[  491.321435][T23630]  ? panic_print_sys_info.part.0+0x6e/0x6e
[  491.327558][T23630]  ? lock_downgrade+0x6e0/0x6e0
[  491.332387][T23630]  ? record_print_text.cold+0x11/0x11
[  491.337720][T23630]  ? dump_page.cold+0x62/0x152
[  491.342446][T23630]  check_panic_on_warn.cold+0x14/0x2b
[  491.347791][T23630]  end_report.part.0+0x36/0x73
[  491.352520][T23630]  ? post_one_notification.isra.0+0x3db/0x850
[  491.358548][T23630]  kasan_report.cold+0xa/0xf
[  491.363105][T23630]  ? post_one_notification.isra.0+0x3db/0x850
[  491.369135][T23630]  kasan_check_range+0x13d/0x180
[  491.374039][T23630]  memcpy+0x20/0x60
[  491.377812][T23630]  post_one_notification.isra.0+0x3db/0x850
[  491.383671][T23630]  __post_watch_notification+0x459/0x800
[  491.389265][T23630]  ? user_update+0x1f0/0x2b0
[  491.393818][T23630]  key_create_or_update+0xa84/0xbe0
[  491.398981][T23630]  ? key_alloc+0x10b0/0x10b0
[  491.403536][T23630]  ? join_session_keyring+0x2b0/0x2b0
[  491.408887][T23630]  ? find_held_lock+0x2d/0x110
[  491.413617][T23630]  __do_sys_add_key+0x156/0x300
[  491.418515][T23630]  ? get_instantiation_keyring+0x180/0x180
[  491.424282][T23630]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[  491.430242][T23630]  ? syscall_enter_from_user_mode+0x22/0xb0
[  491.436104][T23630]  do_syscall_64+0x35/0xb0
[  491.440481][T23630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  491.446332][T23630] RIP: 0033:0x7fe6418caf39
[  491.450705][T23630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  491.470277][T23630] RSP: 002b:00007ffcae40c668 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  491.478647][T23630] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fe6418caf39
[  491.486579][T23630] RDX: 0000000020000280 RSI: 0000000020000100 RDI: 00000000200000c0
[  491.494513][T23630] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000001
[  491.502450][T23630] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000077cd9
[  491.510381][T23630] R13: 00007ffcae40c67c R14: 00007ffcae40c690 R15: 00007ffcae40c680
[  491.518318][T23630]  </TASK>
[  492.605975][T23630] Shutting down cpus with NMI
[  492.611433][T23630] Kernel Offset: disabled
[  492.615733][T23630] Rebooting in 86400 seconds..