[  132.611247][ T1234] ieee802154 phy1 wpan1: encryption failed: -22
[  194.055099][ T1234] ieee802154 phy0 wpan0: encryption failed: -22
[  194.061426][ T1234] ieee802154 phy1 wpan1: encryption failed: -22
[  201.243927][  T145] Bluetooth: hci0: command 0x0406 tx timeout
[  255.485316][ T1234] ieee802154 phy0 wpan0: encryption failed: -22
[  255.491639][ T1234] ieee802154 phy1 wpan1: encryption failed: -22
[  316.925361][ T1234] ieee802154 phy0 wpan0: encryption failed: -22
[  316.931673][ T1234] ieee802154 phy1 wpan1: encryption failed: -22
[  378.374635][ T1234] ieee802154 phy0 wpan0: encryption failed: -22
[  378.380994][ T1234] ieee802154 phy1 wpan1: encryption failed: -22
[  425.049433][   T91] device hsr_slave_0 left promiscuous mode
[  425.055565][   T91] device hsr_slave_1 left promiscuous mode
[  425.061628][   T91] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  425.069120][   T91] batman_adv: batadv0: Removing interface: batadv_slave_0
[  425.076804][   T91] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  425.084615][   T91] batman_adv: batadv0: Removing interface: batadv_slave_1
[  425.092164][   T91] device bridge_slave_1 left promiscuous mode
[  425.098845][   T91] bridge0: port 2(bridge_slave_1) entered disabled state
[  425.106699][   T91] device bridge_slave_0 left promiscuous mode
[  425.112902][   T91] bridge0: port 1(bridge_slave_0) entered disabled state
[  425.121853][   T91] device veth1_macvtap left promiscuous mode
[  425.128013][   T91] device veth0_macvtap left promiscuous mode
[  425.134116][   T91] device veth1_vlan left promiscuous mode
[  425.139862][   T91] device veth0_vlan left promiscuous mode
[  425.198300][   T91] team0 (unregistering): Port device team_slave_1 removed
[  425.210139][   T91] team0 (unregistering): Port device team_slave_0 removed
[  425.220042][   T91] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  425.231528][   T91] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  425.258633][   T91] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.109' (ECDSA) to the list of known hosts.
[  435.177942][T27731] ==================================================================
[  435.186024][T27731] BUG: KASAN: use-after-free in __post_watch_notification+0x1fe/0x900
[  435.194385][T27731] Read of size 8 at addr ffff888021dc5410 by task syz-executor239/27731
[  435.202706][T27731] 
[  435.205011][T27731] CPU: 0 PID: 27731 Comm: syz-executor239 Not tainted 5.19.0-rc8-syzkaller-dirty #0
[  435.214353][T27731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[  435.224388][T27731] Call Trace:
[  435.227649][T27731]  <TASK>
[  435.230578][T27731]  dump_stack_lvl+0x1e3/0x2cb
[  435.235356][T27731]  ? bfq_pos_tree_add_move+0x436/0x436
[  435.240823][T27731]  ? __wake_up_klogd+0xcd/0x100
[  435.245720][T27731]  ? panic+0x76e/0x76e
[  435.249783][T27731]  ? _printk+0xcf/0x10f
[  435.253929][T27731]  print_address_description+0x65/0x4b0
[  435.259517][T27731]  print_report+0xf4/0x210
[  435.263928][T27731]  ? __post_watch_notification+0x1fe/0x900
[  435.269745][T27731]  kasan_report+0xfb/0x130
[  435.274147][T27731]  ? __post_watch_notification+0x1fe/0x900
[  435.280040][T27731]  __post_watch_notification+0x1fe/0x900
[  435.285679][T27731]  ? user_update+0x1ba/0x250
[  435.290303][T27731]  __key_update+0x428/0x4e0
[  435.294829][T27731]  ? __up_read+0x690/0x690
[  435.299269][T27731]  ? key_create_or_update+0xd60/0xd60
[  435.304633][T27731]  ? __key_link_end+0xe0/0x130
[  435.309502][T27731]  key_create_or_update+0xa8f/0xd60
[  435.314723][T27731]  ? key_type_put+0x20/0x20
[  435.319294][T27731]  ? search_process_keyrings_rcu+0x260/0x260
[  435.325267][T27731]  ? __might_fault+0xb2/0x110
[  435.329992][T27731]  __se_sys_add_key+0x338/0x480
[  435.334875][T27731]  ? __x64_sys_add_key+0xc0/0xc0
[  435.339799][T27731]  ? __x64_sys_add_key+0x1c/0xc0
[  435.344724][T27731]  do_syscall_64+0x2b/0x70
[  435.349129][T27731]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  435.355050][T27731] RIP: 0033:0x7f503a6db9f9
[  435.359452][T27731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  435.379214][T27731] RSP: 002b:00007f503a68d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  435.387629][T27731] RAX: ffffffffffffffda RBX: 00007f503a763408 RCX: 00007f503a6db9f9
[  435.395669][T27731] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000020000040
[  435.403620][T27731] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000000
[  435.411572][T27731] R10: 0000000000000048 R11: 0000000000000246 R12: 00007f503a763400
[  435.419523][T27731] R13: 00007f503a76340c R14: 00007f503a731064 R15: 3a74707972637366
[  435.427499][T27731]  </TASK>
[  435.430528][T27731] 
[  435.432852][T27731] Allocated by task 27707:
[  435.437245][T27731]  ____kasan_kmalloc+0xdc/0x110
[  435.442084][T27731]  kmem_cache_alloc_trace+0x94/0x310
[  435.447348][T27731]  watch_queue_init+0x4f/0x140
[  435.452092][T27731]  create_pipe_files+0x478/0x6e0
[  435.457056][T27731]  __do_pipe_flags+0x46/0x200
[  435.461710][T27731]  do_pipe2+0xd0/0x300
[  435.465756][T27731]  __x64_sys_pipe2+0x56/0x60
[  435.470324][T27731]  do_syscall_64+0x2b/0x70
[  435.474737][T27731]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  435.480609][T27731] 
[  435.482921][T27731] Freed by task 22:
[  435.486701][T27731]  kasan_set_track+0x4c/0x70
[  435.491281][T27731]  kasan_set_free_info+0x1f/0x40
[  435.496195][T27731]  ____kasan_slab_free+0xd8/0x110
[  435.501198][T27731]  slab_free_freelist_hook+0x12e/0x1a0
[  435.506658][T27731]  kmem_cache_free_bulk+0x105/0x1d0
[  435.511849][T27731]  kfree_rcu_work+0x35b/0x7c0
[  435.516545][T27731]  process_one_work+0x81c/0xd10
[  435.521473][T27731]  worker_thread+0xb14/0x1330
[  435.526130][T27731]  kthread+0x266/0x300
[  435.530175][T27731]  ret_from_fork+0x1f/0x30
[  435.534690][T27731] 
[  435.537019][T27731] Last potentially related work creation:
[  435.542709][T27731]  kasan_save_stack+0x3b/0x60
[  435.547454][T27731]  __kasan_record_aux_stack+0xaf/0xc0
[  435.552815][T27731]  kvfree_call_rcu+0x118/0x840
[  435.557684][T27731]  keyctl_watch_key+0x3d2/0x450
[  435.562517][T27731]  __se_sys_keyctl+0x635/0xb60
[  435.567265][T27731]  do_syscall_64+0x2b/0x70
[  435.571676][T27731]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  435.577546][T27731] 
[  435.579852][T27731] The buggy address belongs to the object at ffff888021dc5400
[  435.579852][T27731]  which belongs to the cache kmalloc-192 of size 192
[  435.593882][T27731] The buggy address is located 16 bytes inside of
[  435.593882][T27731]  192-byte region [ffff888021dc5400, ffff888021dc54c0)
[  435.607392][T27731] 
[  435.609695][T27731] The buggy address belongs to the physical page:
[  435.616098][T27731] page:ffffea0000877140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21dc5
[  435.626224][T27731] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  435.633758][T27731] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888011c41a00
[  435.642326][T27731] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  435.650883][T27731] page dumped because: kasan: bad access detected
[  435.657271][T27731] page_owner tracks the page as allocated
[  435.662986][T27731] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 27704, tgid 27703 (syz-executor239), ts 435095125439, free_ts 435075154261
[  435.681803][T27731]  get_page_from_freelist+0x72b/0x7a0
[  435.687178][T27731]  __alloc_pages+0x259/0x560
[  435.691790][T27731]  alloc_slab_page+0x70/0xf0
[  435.696359][T27731]  allocate_slab+0x5e/0x520
[  435.700840][T27731]  ___slab_alloc+0x42e/0xce0
[  435.705413][T27731]  kmem_cache_alloc_trace+0x25c/0x310
[  435.710776][T27731]  loopback_open+0x120/0xa20
[  435.715392][T27731]  snd_pcm_open_substream+0xd8b/0x1b70
[  435.720858][T27731]  snd_pcm_oss_open+0x1185/0x2060
[  435.725915][T27731]  chrdev_open+0x5fb/0x680
[  435.730353][T27731]  do_dentry_open+0x789/0x1040
[  435.735101][T27731]  path_openat+0x26c0/0x2ec0
[  435.739700][T27731]  do_filp_open+0x277/0x4f0
[  435.744178][T27731]  do_sys_openat2+0x13b/0x500
[  435.748930][T27731]  __x64_sys_openat+0x243/0x290
[  435.753760][T27731]  do_syscall_64+0x2b/0x70
[  435.758157][T27731] page last free stack trace:
[  435.762808][T27731]  free_pcp_prepare+0x812/0x900
[  435.767656][T27731]  free_unref_page+0x7d/0x390
[  435.772311][T27731]  __vunmap+0x867/0x9d0
[  435.776469][T27731]  snd_pcm_lib_free_pages+0x213/0x2e0
[  435.781836][T27731]  snd_pcm_release_substream+0x2cd/0x490
[  435.787545][T27731]  snd_pcm_oss_release+0x1a3/0x270
[  435.792635][T27731]  __fput+0x3b9/0x820
[  435.796621][T27731]  task_work_run+0x146/0x1c0
[  435.801193][T27731]  exit_to_user_mode_loop+0x134/0x160
[  435.806543][T27731]  exit_to_user_mode_prepare+0xad/0x110
[  435.812068][T27731]  syscall_exit_to_user_mode+0x2e/0x60
[  435.817522][T27731]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  435.823396][T27731] 
[  435.825718][T27731] Memory state around the buggy address:
[  435.831326][T27731]  ffff888021dc5300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  435.839715][T27731]  ffff888021dc5380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  435.847767][T27731] >ffff888021dc5400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  435.855802][T27731]                          ^
[  435.860366][T27731]  ffff888021dc5480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  435.868420][T27731]  ffff888021dc5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  435.876472][T27731] ==================================================================
[  435.884683][T27731] Kernel panic - not syncing: panic_on_warn set ...
[  435.891360][T27731] CPU: 1 PID: 27731 Comm: syz-executor239 Not tainted 5.19.0-rc8-syzkaller-dirty #0
[  435.900714][T27731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[  435.910755][T27731] Call Trace:
[  435.914023][T27731]  <TASK>
[  435.916944][T27731]  dump_stack_lvl+0x1e3/0x2cb
[  435.921616][T27731]  ? bfq_pos_tree_add_move+0x436/0x436
[  435.927068][T27731]  ? panic+0x76e/0x76e
[  435.931123][T27731]  ? preempt_schedule_common+0xb7/0xe0
[  435.936622][T27731]  ? preempt_schedule+0xd9/0xe0
[  435.941464][T27731]  ? vscnprintf+0x59/0x80
[  435.945823][T27731]  panic+0x312/0x76e
[  435.949714][T27731]  ? fb_is_primary_device+0xcc/0xcc
[  435.954899][T27731]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  435.960952][T27731]  ? print_report+0x1d0/0x210
[  435.965641][T27731]  ? __post_watch_notification+0x1fe/0x900
[  435.971436][T27731]  end_report+0x91/0xa0
[  435.975583][T27731]  kasan_report+0x108/0x130
[  435.980088][T27731]  ? __post_watch_notification+0x1fe/0x900
[  435.985893][T27731]  __post_watch_notification+0x1fe/0x900
[  435.991605][T27731]  ? user_update+0x1ba/0x250
[  435.996185][T27731]  __key_update+0x428/0x4e0
[  436.000677][T27731]  ? __up_read+0x690/0x690
[  436.005084][T27731]  ? key_create_or_update+0xd60/0xd60
[  436.010447][T27731]  ? __key_link_end+0xe0/0x130
[  436.015199][T27731]  key_create_or_update+0xa8f/0xd60
[  436.020391][T27731]  ? key_type_put+0x20/0x20
[  436.024884][T27731]  ? search_process_keyrings_rcu+0x260/0x260
[  436.030855][T27731]  ? __might_fault+0xb2/0x110
[  436.035524][T27731]  __se_sys_add_key+0x338/0x480
[  436.040390][T27731]  ? __x64_sys_add_key+0xc0/0xc0
[  436.045353][T27731]  ? __x64_sys_add_key+0x1c/0xc0
[  436.050291][T27731]  do_syscall_64+0x2b/0x70
[  436.054716][T27731]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  436.060605][T27731] RIP: 0033:0x7f503a6db9f9
[  436.065016][T27731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  436.084613][T27731] RSP: 002b:00007f503a68d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  436.093036][T27731] RAX: ffffffffffffffda RBX: 00007f503a763408 RCX: 00007f503a6db9f9
[  436.101008][T27731] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000020000040
[  436.108986][T27731] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000000
[  436.116977][T27731] R10: 0000000000000048 R11: 0000000000000246 R12: 00007f503a763400
[  436.124943][T27731] R13: 00007f503a76340c R14: 00007f503a731064 R15: 3a74707972637366
[  436.132919][T27731]  </TASK>
[  436.136135][T27731] Kernel Offset: disabled
[  436.140460][T27731] Rebooting in 86400 seconds..