[  128.234761][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  189.668720][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  189.675132][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  191.746425][ T4442] Bluetooth: hci0: command 0x0406 tx timeout
[  251.108008][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  251.114341][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  312.548126][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  312.554444][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  373.990418][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  373.998646][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  430.767197][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.810675][   T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.852376][   T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.915326][   T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.739833][   T46] device hsr_slave_0 left promiscuous mode
[  431.752460][   T46] device hsr_slave_1 left promiscuous mode
[  431.760115][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  431.769368][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  431.778504][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  431.785999][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  431.794510][   T46] device bridge_slave_1 left promiscuous mode
[  431.801044][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.809843][   T46] device bridge_slave_0 left promiscuous mode
[  431.816059][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  431.825929][   T46] device veth1_macvtap left promiscuous mode
[  431.832898][   T46] device veth0_macvtap left promiscuous mode
[  431.839219][   T46] device veth1_vlan left promiscuous mode
[  431.844973][   T46] device veth0_vlan left promiscuous mode
[  431.964555][   T46] team0 (unregistering): Port device team_slave_1 removed
[  431.975140][   T46] team0 (unregistering): Port device team_slave_0 removed
[  431.991062][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  432.002705][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  432.039490][   T46] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts.
[  435.438322][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  435.445027][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  496.867970][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  496.874531][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  558.307923][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  558.314256][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  567.796548][T28594] ==================================================================
[  567.804667][T28594] BUG: KASAN: use-after-free in io_wq_worker_running+0xc7/0xe0
[  567.812205][T28594] Read of size 4 at addr ffff888026ae3c04 by task iou-wrk-28592/28594
[  567.820420][T28594] 
[  567.822721][T28594] CPU: 1 PID: 28594 Comm: iou-wrk-28592 Not tainted 6.1.0-syzkaller #0
[  567.830921][T28594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  567.840946][T28594] Call Trace:
[  567.844213][T28594]  <TASK>
[  567.847125][T28594]  dump_stack_lvl+0x5b/0x81
[  567.851631][T28594]  print_report+0x15e/0x45d
[  567.856117][T28594]  ? io_wq_worker_running+0xc7/0xe0
[  567.861288][T28594]  kasan_report+0xbf/0x1f0
[  567.865684][T28594]  ? io_wq_worker_running+0xc7/0xe0
[  567.870867][T28594]  io_wq_worker_running+0xc7/0xe0
[  567.875863][T28594]  schedule_preempt_disabled+0x13/0x20
[  567.881372][T28594]  __mutex_lock+0xa48/0x1360
[  567.885941][T28594]  ? do_raw_spin_unlock+0x175/0x230
[  567.891104][T28594]  ? io_wq_submit_work+0x4d9/0xd30
[  567.896279][T28594]  ? mutex_lock_io_nested+0x11a0/0x11a0
[  567.901893][T28594]  ? find_held_lock+0x2d/0x110
[  567.906633][T28594]  ? io_worker_handle_work+0x4dd/0x1880
[  567.912142][T28594]  ? lock_downgrade+0x6e0/0x6e0
[  567.916957][T28594]  ? do_raw_spin_lock+0x124/0x2b0
[  567.922206][T28594]  io_wq_submit_work+0x4d9/0xd30
[  567.927117][T28594]  io_worker_handle_work+0x70f/0x1880
[  567.932473][T28594]  io_wqe_worker+0x8c4/0xc60
[  567.937133][T28594]  ? io_worker_handle_work+0x1880/0x1880
[  567.942736][T28594]  ? ret_from_fork+0x8/0x30
[  567.947206][T28594]  ? lock_downgrade+0x6e0/0x6e0
[  567.952118][T28594]  ? do_raw_spin_lock+0x124/0x2b0
[  567.957106][T28594]  ? rwlock_bug.part.0+0x90/0x90
[  567.962016][T28594]  ? lockdep_hardirqs_on_prepare+0x17f/0x410
[  567.967966][T28594]  ? io_worker_handle_work+0x1880/0x1880
[  567.973658][T28594]  ret_from_fork+0x1f/0x30
[  567.978042][T28594]  </TASK>
[  567.981038][T28594] 
[  567.983330][T28594] Allocated by task 28592:
[  567.987720][T28594]  kasan_save_stack+0x22/0x40
[  567.992360][T28594]  kasan_set_track+0x25/0x30
[  567.996913][T28594]  __kasan_kmalloc+0xa5/0xb0
[  568.001466][T28594]  create_io_worker+0x102/0x590
[  568.006405][T28594]  io_wqe_enqueue+0x5bf/0xb10
[  568.011052][T28594]  io_queue_iowq+0x226/0x490
[  568.015601][T28594]  io_submit_sqes+0xe6f/0x1bc0
[  568.020327][T28594]  __do_sys_io_uring_enter+0x8f3/0x1d00
[  568.025862][T28594]  do_syscall_64+0x39/0xb0
[  568.030254][T28594]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  568.036127][T28594] 
[  568.038510][T28594] Freed by task 28594:
[  568.042642][T28594]  kasan_save_stack+0x22/0x40
[  568.047356][T28594]  kasan_set_track+0x25/0x30
[  568.051909][T28594]  kasan_save_free_info+0x2e/0x40
[  568.056905][T28594]  ____kasan_slab_free+0x160/0x1c0
[  568.061991][T28594]  slab_free_freelist_hook+0x8b/0x1c0
[  568.067341][T28594]  __kmem_cache_free+0xaf/0x3b0
[  568.072255][T28594]  io_queue_worker_create+0x408/0x4d0
[  568.077684][T28594]  schedule+0x16e/0x1b0
[  568.081816][T28594]  schedule_preempt_disabled+0x13/0x20
[  568.087258][T28594]  __mutex_lock+0xa48/0x1360
[  568.091811][T28594]  io_wq_submit_work+0x4d9/0xd30
[  568.096742][T28594]  io_worker_handle_work+0x70f/0x1880
[  568.102104][T28594]  io_wqe_worker+0x8c4/0xc60
[  568.106677][T28594]  ret_from_fork+0x1f/0x30
[  568.111090][T28594] 
[  568.113391][T28594] Last potentially related work creation:
[  568.119096][T28594]  kasan_save_stack+0x22/0x40
[  568.123775][T28594]  __kasan_record_aux_stack+0xbc/0xd0
[  568.129524][T28594]  task_work_add+0x71/0x220
[  568.134017][T28594]  io_queue_worker_create+0x320/0x4d0
[  568.139377][T28594]  schedule+0x16e/0x1b0
[  568.143525][T28594]  schedule_preempt_disabled+0x13/0x20
[  568.148987][T28594]  __mutex_lock+0xa48/0x1360
[  568.153822][T28594]  io_wq_submit_work+0x4d9/0xd30
[  568.158737][T28594]  io_worker_handle_work+0x70f/0x1880
[  568.164072][T28594]  io_wqe_worker+0x8c4/0xc60
[  568.168628][T28594]  ret_from_fork+0x1f/0x30
[  568.173010][T28594] 
[  568.175301][T28594] Second to last potentially related work creation:
[  568.181848][T28594]  kasan_save_stack+0x22/0x40
[  568.186664][T28594]  __kasan_record_aux_stack+0xbc/0xd0
[  568.191997][T28594]  kvfree_call_rcu+0x78/0x8f0
[  568.196646][T28594]  io_wqe_worker+0x871/0xc60
[  568.201206][T28594]  ret_from_fork+0x1f/0x30
[  568.205599][T28594] 
[  568.207894][T28594] The buggy address belongs to the object at ffff888026ae3c00
[  568.207894][T28594]  which belongs to the cache kmalloc-512 of size 512
[  568.221945][T28594] The buggy address is located 4 bytes inside of
[  568.221945][T28594]  512-byte region [ffff888026ae3c00, ffff888026ae3e00)
[  568.235112][T28594] 
[  568.237405][T28594] The buggy address belongs to the physical page:
[  568.243790][T28594] page:ffffea00009ab800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888026ae0800 pfn:0x26ae0
[  568.255317][T28594] head:ffffea00009ab800 order:2 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[  568.265364][T28594] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  568.273313][T28594] raw: 00fff00000010200 ffff888011441c80 ffff8880114407c8 ffffea00009c9d10
[  568.281872][T28594] raw: ffff888026ae0800 000000000010000f 00000001ffffffff 0000000000000000
[  568.290414][T28594] page dumped because: kasan: bad access detected
[  568.296795][T28594] page_owner tracks the page as allocated
[  568.302481][T28594] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 31229, tgid 31229 (dhcpcd-run-hook), ts 436319338832, free_ts 435795124146
[  568.323720][T28594]  get_page_from_freelist+0x119c/0x2ce0
[  568.329246][T28594]  __alloc_pages+0x1cb/0x5b0
[  568.333798][T28594]  allocate_slab+0xa7/0x350
[  568.338272][T28594]  ___slab_alloc+0xa91/0x1400
[  568.342912][T28594]  __slab_alloc.constprop.0+0x56/0xa0
[  568.348351][T28594]  __kmem_cache_alloc_node+0x1a4/0x430
[  568.353780][T28594]  __kmalloc_node+0x4d/0xd0
[  568.358247][T28594]  memcg_alloc_slab_cgroups+0x8f/0x150
[  568.363678][T28594]  allocate_slab+0x2a4/0x350
[  568.368245][T28594]  ___slab_alloc+0xa91/0x1400
[  568.372906][T28594]  __slab_alloc.constprop.0+0x56/0xa0
[  568.378240][T28594]  kmem_cache_alloc+0x379/0x430
[  568.383062][T28594]  anon_vma_clone+0xbf/0x520
[  568.387631][T28594]  anon_vma_fork+0x70/0x630
[  568.392183][T28594]  dup_mmap+0x922/0xe30
[  568.396307][T28594]  dup_mm+0x86/0x330
[  568.400169][T28594] page last free stack trace:
[  568.404913][T28594]  free_pcp_prepare+0x65c/0xc00
[  568.409727][T28594]  free_unref_page+0x1d/0x490
[  568.414381][T28594]  __vunmap+0x66e/0xb40
[  568.418504][T28594]  free_work+0x4f/0x70
[  568.422540][T28594]  process_one_work+0x8ba/0x14c0
[  568.427443][T28594]  worker_thread+0x59c/0xec0
[  568.431996][T28594]  kthread+0x298/0x340
[  568.436026][T28594]  ret_from_fork+0x1f/0x30
[  568.440444][T28594] 
[  568.442756][T28594] Memory state around the buggy address:
[  568.448708][T28594]  ffff888026ae3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  568.457094][T28594]  ffff888026ae3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  568.465123][T28594] >ffff888026ae3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  568.473250][T28594]                    ^
[  568.477379][T28594]  ffff888026ae3c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  568.485531][T28594]  ffff888026ae3d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  568.493569][T28594] ==================================================================
[  568.546408][T28594] Kernel panic - not syncing: panic_on_warn set ...
[  568.553008][T28594] CPU: 1 PID: 28594 Comm: iou-wrk-28592 Not tainted 6.1.0-syzkaller #0
[  568.561218][T28594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  568.571248][T28594] Call Trace:
[  568.574592][T28594]  <TASK>
[  568.577498][T28594]  dump_stack_lvl+0x5b/0x81
[  568.581985][T28594]  panic+0x21d/0x457
[  568.585849][T28594]  ? panic_print_sys_info.part.0+0x6e/0x6e
[  568.591633][T28594]  ? preempt_schedule_common+0x59/0xc0
[  568.597071][T28594]  ? preempt_schedule_thunk+0x1a/0x1c
[  568.602535][T28594]  end_report.part.0+0x3f/0x7c
[  568.607268][T28594]  ? io_wq_worker_running+0xc7/0xe0
[  568.612616][T28594]  kasan_report.cold+0xa/0xf
[  568.617175][T28594]  ? io_wq_worker_running+0xc7/0xe0
[  568.622342][T28594]  io_wq_worker_running+0xc7/0xe0
[  568.627365][T28594]  schedule_preempt_disabled+0x13/0x20
[  568.632790][T28594]  __mutex_lock+0xa48/0x1360
[  568.637355][T28594]  ? do_raw_spin_unlock+0x175/0x230
[  568.642521][T28594]  ? io_wq_submit_work+0x4d9/0xd30
[  568.647613][T28594]  ? mutex_lock_io_nested+0x11a0/0x11a0
[  568.653125][T28594]  ? find_held_lock+0x2d/0x110
[  568.657868][T28594]  ? io_worker_handle_work+0x4dd/0x1880
[  568.663392][T28594]  ? lock_downgrade+0x6e0/0x6e0
[  568.668211][T28594]  ? do_raw_spin_lock+0x124/0x2b0
[  568.673204][T28594]  io_wq_submit_work+0x4d9/0xd30
[  568.678144][T28594]  io_worker_handle_work+0x70f/0x1880
[  568.683797][T28594]  io_wqe_worker+0x8c4/0xc60
[  568.688379][T28594]  ? io_worker_handle_work+0x1880/0x1880
[  568.693983][T28594]  ? ret_from_fork+0x8/0x30
[  568.698487][T28594]  ? lock_downgrade+0x6e0/0x6e0
[  568.703305][T28594]  ? do_raw_spin_lock+0x124/0x2b0
[  568.708298][T28594]  ? rwlock_bug.part.0+0x90/0x90
[  568.713203][T28594]  ? lockdep_hardirqs_on_prepare+0x17f/0x410
[  568.719238][T28594]  ? io_worker_handle_work+0x1880/0x1880
[  568.724842][T28594]  ret_from_fork+0x1f/0x30
[  568.729239][T28594]  </TASK>
[  568.732376][T28594] Kernel Offset: disabled
[  568.736759][T28594] Rebooting in 86400 seconds..