[   18.218055][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   18.227123][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   18.238131][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   18.253650][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   18.262552][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   18.398523][  T307] syz-executor.0 (307) used greatest stack depth: 19864 bytes left
[   18.805556][   T92] device bridge_slave_1 left promiscuous mode
[   18.812085][   T92] bridge0: port 2(bridge_slave_1) entered disabled state
[   18.819883][   T92] device bridge_slave_0 left promiscuous mode
[   18.826299][   T92] bridge0: port 1(bridge_slave_0) entered disabled state
Warning: Permanently added '10.128.1.158' (ECDSA) to the list of known hosts.
2023/04/22 19:12:31 ignoring optional flag "sandboxArg"="0"
2023/04/22 19:12:31 parsed 1 programs
2023/04/22 19:12:31 executed programs: 0
[   35.818856][   T22] kauditd_printk_skb: 62 callbacks suppressed
[   35.818865][   T22] audit: type=1400 audit(1682190751.159:145): avc:  denied  { mounton } for  pid=333 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   35.856891][  T339] cgroup1: Unknown subsys name 'perf_event'
[   35.865441][  T339] cgroup1: Unknown subsys name 'net_cls'
[   35.885132][   T22] audit: type=1400 audit(1682190751.159:146): avc:  denied  { mount } for  pid=333 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   35.885355][  T342] cgroup1: Unknown subsys name 'perf_event'
[   35.910742][  T343] cgroup1: Unknown subsys name 'perf_event'
[   35.916044][  T346] cgroup1: Unknown subsys name 'perf_event'
[   35.930217][  T343] cgroup1: Unknown subsys name 'net_cls'
[   35.936041][  T345] cgroup1: Unknown subsys name 'perf_event'
[   35.936925][  T347] cgroup1: Unknown subsys name 'perf_event'
[   35.942565][  T345] cgroup1: Unknown subsys name 'net_cls'
[   35.949835][   T22] audit: type=1400 audit(1682190751.199:147): avc:  denied  { mounton } for  pid=339 comm="syz-executor.1" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   35.961457][  T346] cgroup1: Unknown subsys name 'net_cls'
[   35.978767][  T347] cgroup1: Unknown subsys name 'net_cls'
[   35.987834][   T22] audit: type=1400 audit(1682190751.199:148): avc:  denied  { mount } for  pid=339 comm="syz-executor.1" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   36.005604][  T342] cgroup1: Unknown subsys name 'net_cls'
[   36.013640][   T22] audit: type=1400 audit(1682190751.329:149): avc:  denied  { module_request } for  pid=345 comm="syz-executor.2" kmod="netdev-nr2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   36.140535][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.147888][  T339] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.155411][  T339] device bridge_slave_0 entered promiscuous mode
[   36.174393][  T339] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.181782][  T339] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.189346][  T339] device bridge_slave_1 entered promiscuous mode
[   36.217858][  T343] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.224885][  T343] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.232414][  T343] device bridge_slave_0 entered promiscuous mode
[   36.241143][  T343] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.248277][  T343] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.255616][  T343] device bridge_slave_1 entered promiscuous mode
[   36.262272][  T345] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.269523][  T345] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.276957][  T345] device bridge_slave_0 entered promiscuous mode
[   36.306930][  T345] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.313960][  T345] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.321443][  T345] device bridge_slave_1 entered promiscuous mode
[   36.384336][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.392255][  T342] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.400007][  T342] device bridge_slave_0 entered promiscuous mode
[   36.412771][  T347] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.419982][  T347] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.427450][  T347] device bridge_slave_0 entered promiscuous mode
[   36.437678][  T347] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.444701][  T347] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.452117][  T347] device bridge_slave_1 entered promiscuous mode
[   36.458780][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.466022][  T346] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.473463][  T346] device bridge_slave_0 entered promiscuous mode
[   36.480304][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.488084][  T342] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.495568][  T342] device bridge_slave_1 entered promiscuous mode
[   36.514261][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.521671][  T346] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.529392][  T346] device bridge_slave_1 entered promiscuous mode
[   36.691276][  T343] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.700320][  T343] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.707643][  T343] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.714741][  T343] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.744968][  T339] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.752115][  T339] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.759556][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.766681][  T339] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.786504][  T345] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.793541][  T345] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.800842][  T345] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.808098][  T345] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.833041][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.840199][  T346] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.848281][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.855382][  T346] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.872751][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.879926][  T342] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.887270][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.894308][  T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.910074][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   36.918136][  T312] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.925731][  T312] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.932869][  T312] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.940425][  T312] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.947708][  T312] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.954840][  T312] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.962339][  T312] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.969605][  T312] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.976903][  T312] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.984230][  T312] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.004100][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.012405][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.019517][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.056044][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.064599][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.071659][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.079670][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   37.087408][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   37.094804][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.103123][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.110582][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.118277][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.126678][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.133702][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.168563][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   37.176991][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   37.185723][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   37.193758][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   37.202661][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   37.210445][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   37.218221][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   37.225741][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   37.233200][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.241991][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.250400][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.257717][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.266113][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.275460][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.283957][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.291566][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.299801][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   37.307846][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   37.319101][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.327587][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.336427][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.348517][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.376022][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.384487][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.395042][  T101] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.404574][  T101] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.413463][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.423221][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.431557][  T101] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.439582][  T101] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.447570][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   37.456056][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   37.464538][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.473228][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.481934][  T101] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.489166][  T101] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.496875][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   37.504284][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   37.512158][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.520694][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.528880][  T101] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.536217][  T101] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.543676][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   37.552090][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.560614][  T101] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.567651][  T101] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.575240][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   37.595447][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   37.603887][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   37.612924][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   37.630403][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   37.639098][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   37.647437][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   37.655741][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   37.663874][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   37.672146][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   37.680722][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   37.688950][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   37.706187][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   37.715393][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   37.723470][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   37.759181][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   37.768111][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   37.776511][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   37.797172][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   37.806767][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   37.815467][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   37.855422][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   37.863692][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   37.872107][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   37.880685][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   37.889972][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   37.898575][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   37.907316][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   37.916322][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   37.924746][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   37.933748][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   37.942414][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   37.951030][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   37.959677][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   37.968457][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   37.976976][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   37.985579][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   37.993804][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   38.002454][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   38.011094][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   38.035358][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   38.043322][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   38.051984][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   38.060863][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   38.088463][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   38.102978][    C0] hrtimer: interrupt took 63026 ns
[   38.141780][  T374] ==================================================================
[   38.149962][  T374] BUG: KASAN: use-after-free in __io_queue_sqe+0x194/0xd00
[   38.155402][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   38.157598][  T374] Write of size 4 at addr ffff8881ec04ae14 by task io_uring-sq/374
[   38.171632][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   38.173780][  T374] 
[   38.173793][  T374] CPU: 0 PID: 374 Comm: io_uring-sq Not tainted 5.4.233-syzkaller-00011-g0108362f3305 #0
[   38.173797][  T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   38.173807][  T374] Call Trace:
[   38.204801][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   38.207873][  T374]  dump_stack+0x1d8/0x241
[   38.207883][  T374]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   38.207891][  T374]  ? printk+0xd1/0x111
[   38.207907][  T374]  ? __io_queue_sqe+0x194/0xd00
[   38.207916][  T374]  print_address_description+0x8c/0x600
[   38.207925][  T374]  ? percpu_ref_tryget+0xdc/0x270
[   38.207933][  T374]  ? __io_queue_sqe+0x194/0xd00
[   38.207940][  T374]  __kasan_report+0xf3/0x120
[   38.207948][  T374]  ? __io_queue_sqe+0x194/0xd00
[   38.207956][  T374]  kasan_report+0x30/0x60
[   38.207964][  T374]  check_memory_region+0x272/0x280
[   38.207972][  T374]  __io_queue_sqe+0x194/0xd00
[   38.207983][  T374]  io_sq_thread+0xe17/0x1be0
[   38.207999][  T374]  ? io_ring_ctx_ref_free+0x20/0x20
[   38.208012][  T374]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   38.208021][  T374]  ? _raw_spin_lock+0x1b0/0x1b0
[   38.208029][  T374]  ? init_wait_entry+0xd0/0xd0
[   38.208037][  T374]  ? __wake_up_locked+0xb7/0x110
[   38.208046][  T374]  ? __kthread_parkme+0xb0/0x1b0
[   38.208053][  T374]  kthread+0x2da/0x360
[   38.208059][  T374]  ? io_ring_ctx_ref_free+0x20/0x20
[   38.208067][  T374]  ? kthread_destroy_worker+0x200/0x200
[   38.208075][  T374]  ret_from_fork+0x1f/0x30
[   38.208081][  T374] 
[   38.208085][  T374] Allocated by task 374:
[   38.208093][  T374]  __kasan_kmalloc+0x130/0x1d0
[   38.208100][  T374]  kmem_cache_alloc_bulk+0x162/0x260
[   38.208107][  T374]  io_get_req+0x181/0x5c0
[   38.208113][  T374]  io_submit_sqe+0x84/0xe90
[   38.208119][  T374]  io_sq_thread+0xe17/0x1be0
[   38.208127][  T374]  kthread+0x2da/0x360
[   38.208133][  T374]  ret_from_fork+0x1f/0x30
[   38.208135][  T374] 
[   38.208138][  T374] Freed by task 373:
[   38.208145][  T374]  __kasan_slab_free+0x178/0x230
[   38.208152][  T374]  kmem_cache_free+0xd5/0x290
[   38.208159][  T374]  io_ring_ctx_wait_and_kill+0x22a/0xd30
[   38.208166][  T374]  io_uring_release+0x57/0x70
[   38.208173][  T374]  __fput+0x262/0x680
[   38.208179][  T374]  task_work_run+0x140/0x170
[   38.208187][  T374]  exit_to_usermode_loop+0x18b/0x1a0
[   38.208194][  T374]  prepare_exit_to_usermode+0x199/0x200
[   38.208201][  T374]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   38.208203][  T374] 
[   38.208209][  T374] The buggy address belongs to the object at ffff8881ec04ad80
[   38.208209][  T374]  which belongs to the cache io_kiocb of size 264
[   38.208216][  T374] The buggy address is located 148 bytes inside of
[   38.208216][  T374]  264-byte region [ffff8881ec04ad80, ffff8881ec04ae88)
[   38.208218][  T374] The buggy address belongs to the page:
[   38.208227][  T374] page:ffffea0007b01280 refcount:1 mapcount:0 mapping:ffff8881f0ee9b80 index:0x0 compound_mapcount: 0
[   38.208234][  T374] flags: 0x8000000000010200(slab|head)
[   38.208245][  T374] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f0ee9b80
[   38.208254][  T374] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
[   38.208258][  T374] page dumped because: kasan: bad access detected
[   38.208261][  T374] page_owner tracks the page as allocated
[   38.208269][  T374] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[   38.208277][  T374]  prep_new_page+0x18f/0x370
[   38.208285][  T374]  get_page_from_freelist+0x2ce8/0x2d70
[   38.208292][  T374]  __alloc_pages_nodemask+0x393/0x840
[   38.208298][  T374]  alloc_slab_page+0x39/0x3c0
[   38.208305][  T374]  new_slab+0x97/0x440
[   38.208311][  T374]  ___slab_alloc+0x2fe/0x490
[   38.208318][  T374]  kmem_cache_alloc_bulk+0xb9/0x260
[   38.208324][  T374]  io_get_req+0x181/0x5c0
[   38.208330][  T374]  io_submit_sqe+0x84/0xe90
[   38.208337][  T374]  io_sq_thread+0xe17/0x1be0
[   38.208343][  T374]  kthread+0x2da/0x360
[   38.208350][  T374]  ret_from_fork+0x1f/0x30
[   38.208353][  T374] page last free stack trace:
[   38.208360][  T374]  __free_pages_ok+0x83d/0x940
[   38.208366][  T374]  __free_pages+0x91/0x140
[   38.208373][  T374]  __free_slab+0x221/0x2e0
[   38.208380][  T374]  unfreeze_partials+0x14e/0x180
[   38.208386][  T374]  put_cpu_partial+0xb4/0x150
[   38.208393][  T374]  __slab_free+0x288/0x350
[   38.208399][  T374]  qlist_free_all+0x43/0xb0
[   38.208405][  T374]  quarantine_reduce+0x174/0x190
[   38.208411][  T374]  __kasan_kmalloc+0x43/0x1d0
[   38.208418][  T374]  kmem_cache_alloc_bulk+0x162/0x260
[   38.208424][  T374]  io_get_req+0x181/0x5c0
[   38.208430][  T374]  io_submit_sqe+0x84/0xe90
[   38.208437][  T374]  io_sq_thread+0xe17/0x1be0
[   38.208443][  T374]  kthread+0x2da/0x360
[   38.208450][  T374]  ret_from_fork+0x1f/0x30
[   38.208452][  T374] 
[   38.208454][  T374] Memory state around the buggy address:
[   38.208460][  T374]  ffff8881ec04ad00: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.208466][  T374]  ffff8881ec04ad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.208472][  T374] >ffff8881ec04ae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.208474][  T374]                          ^
[   38.208480][  T374]  ffff8881ec04ae80: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.208485][  T374]  ffff8881ec04af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.208488][  T374] ==================================================================
[   38.208491][  T374] Disabling lock debugging due to kernel taint
[   38.219965][  T382] kasan: CONFIG_KASAN_INLINE enabled
[   38.247787][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   38.252415][  T382] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   38.252427][  T382] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   38.252438][  T382] CPU: 0 PID: 382 Comm: syz-executor.3 Tainted: G    B             5.4.233-syzkaller-00011-g0108362f3305 #0
[   38.252443][  T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   38.252457][  T382] RIP: 0010:hrtimer_try_to_cancel+0x7b/0x380
[   38.252466][  T382] Code: 8b 0c 24 80 3c 01 00 74 08 4c 89 e7 e8 9e 9d 3c 00 4d 8b 3c 24 4d 8d 77 10 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 44 05 00 84 c0 0f 85 e0 00 00 00 41 8b 2e 89 ee 83 e6 01
[   38.252471][  T382] RSP: 0018:ffff8881eb967c58 EFLAGS: 00010002
[   38.252478][  T382] RAX: dffffc0000000000 RBX: ffff8881eba30188 RCX: 1ffff1103d746037
[   38.252483][  T382] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881eba30188
[   38.252487][  T382] RBP: ffff8881eb967e00 R08: ffffffff8225fa51 R09: 0000000000000009
[   38.252492][  T382] R10: ffffffff84600000 R11: dffffc0000000000 R12: ffff8881eba301b8
[   38.252496][  T382] R13: 0000000000000002 R14: 0000000000000010 R15: 0000000000000000
[   38.252503][  T382] FS:  00007f018b9a0700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   38.252508][  T382] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.252513][  T382] CR2: 00000000005231f0 CR3: 00000001ec546000 CR4: 00000000003406f0
[   38.252521][  T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   38.252526][  T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   38.252528][  T382] Call Trace:
[   38.252541][  T382]  io_kill_timeout+0x1f/0x4b0
[   38.252551][  T382]  ? kmem_cache_free+0xd5/0x290
[   38.252559][  T382]  ? io_ring_ctx_wait_and_kill+0x22a/0xd30
[   38.252568][  T382]  io_ring_ctx_wait_and_kill+0x22a/0xd30
[   38.252576][  T382]  ? __get_user_pages+0x13b0/0x13b0
[   38.252585][  T382]  ? io_cancel_async_work+0x1a0/0x1a0
[   38.252593][  T382]  ? __fsnotify_parent+0x310/0x310
[   38.252603][  T382]  io_uring_release+0x57/0x70
[   38.252610][  T382]  ? io_uring_flush+0x140/0x140
[   38.252619][  T382]  __fput+0x262/0x680
[   38.252629][  T382]  task_work_run+0x140/0x170
[   38.252639][  T382]  exit_to_usermode_loop+0x18b/0x1a0
[   38.252648][  T382]  prepare_exit_to_usermode+0x199/0x200
[   38.252659][  T382]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   38.252665][  T382] Modules linked in:
[   38.252673][  T382] ---[ end trace a5f9ad188142aaec ]---
[   38.252682][  T382] RIP: 0010:hrtimer_try_to_cancel+0x7b/0x380
[   38.252689][  T382] Code: 8b 0c 24 80 3c 01 00 74 08 4c 89 e7 e8 9e 9d 3c 00 4d 8b 3c 24 4d 8d 77 10 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 44 05 00 84 c0 0f 85 e0 00 00 00 41 8b 2e 89 ee 83 e6 01
[   38.252693][  T382] RSP: 0018:ffff8881eb967c58 EFLAGS: 00010002
[   38.252699][  T382] RAX: dffffc0000000000 RBX: ffff8881eba30188 RCX: 1ffff1103d746037
[   38.252703][  T382] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881eba30188
[   38.252708][  T382] RBP: ffff8881eb967e00 R08: ffffffff8225fa51 R09: 0000000000000009
[   38.252713][  T382] R10: ffffffff84600000 R11: dffffc0000000000 R12: ffff8881eba301b8
[   38.252718][  T382] R13: 0000000000000002 R14: 0000000000000010 R15: 0000000000000000
[   38.252725][  T382] FS:  00007f018b9a0700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   38.252730][  T382] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.252735][  T382] CR2: 00000000005231f0 CR3: 00000001ec546000 CR4: 00000000003406f0
[   38.252739][  T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   38.252744][  T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   38.252748][  T382] Kernel panic - not syncing: Fatal exception
[   38.254641][  T382] Kernel Offset: disabled
[   39.092385][  T382] Rebooting in 86400 seconds..