[ 132.585524][ T1231] ieee802154 phy1 wpan1: encryption failed: -22
[ 194.021320][ T1231] ieee802154 phy0 wpan0: encryption failed: -22
[ 194.030050][ T1231] ieee802154 phy1 wpan1: encryption failed: -22
[ 196.099259][ T49] Bluetooth: hci0: command 0x0406 tx timeout
[ 255.458859][ T1231] ieee802154 phy0 wpan0: encryption failed: -22
[ 255.465839][ T1231] ieee802154 phy1 wpan1: encryption failed: -22
[ 316.911910][ T1231] ieee802154 phy0 wpan0: encryption failed: -22
[ 316.918873][ T1231] ieee802154 phy1 wpan1: encryption failed: -22
[ 378.340048][ T1231] ieee802154 phy0 wpan0: encryption failed: -22
[ 378.346399][ T1231] ieee802154 phy1 wpan1: encryption failed: -22
[ 431.041199][ T47] device hsr_slave_0 left promiscuous mode
[ 431.047750][ T47] device hsr_slave_1 left promiscuous mode
[ 431.054246][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 431.061997][ T47] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 431.071451][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 431.079037][ T47] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 431.087812][ T47] device bridge_slave_1 left promiscuous mode
[ 431.094442][ T47] bridge0: port 2(bridge_slave_1) entered disabled state
[ 431.102914][ T47] device bridge_slave_0 left promiscuous mode
[ 431.109902][ T47] bridge0: port 1(bridge_slave_0) entered disabled state
[ 431.120854][ T47] device veth1_macvtap left promiscuous mode
[ 431.126925][ T47] device veth0_macvtap left promiscuous mode
[ 431.134202][ T47] device veth1_vlan left promiscuous mode
[ 431.140584][ T47] device veth0_vlan left promiscuous mode
[ 431.264778][ T47] team0 (unregistering): Port device team_slave_1 removed
[ 431.276951][ T47] team0 (unregistering): Port device team_slave_0 removed
[ 431.292789][ T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 431.306796][ T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 431.354831][ T47] bond0 (unregistering): Released all slaves
[ 432.417313][ C1] ==================================================================
[ 432.425423][ C1] BUG: KASAN: use-after-free in tcp_write_timer_handler+0x998/0x9f0
[ 432.433808][ C1] Read of size 1 at addr ffff8880215d2385 by task swapper/1/0
[ 432.441453][ C1]
[ 432.444112][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc7-syzkaller-01949-g62c07983bef9 #0
[ 432.453914][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 432.463954][ C1] Call Trace:
[ 432.467311][ C1]
[ 432.470146][ C1] dump_stack_lvl+0xcd/0x134
[ 432.474794][ C1] print_report.cold+0x2ba/0x719
[ 432.479728][ C1] ? tcp_write_timer_handler+0x998/0x9f0
[ 432.485351][ C1] kasan_report+0xb1/0x1e0
[ 432.489783][ C1] ? tcp_write_timer_handler+0x998/0x9f0
[ 432.495441][ C1] tcp_write_timer_handler+0x998/0x9f0
[ 432.500996][ C1] tcp_write_timer+0xa2/0x2b0
[ 432.505747][ C1] ? tcp_write_timer_handler+0x9f0/0x9f0
[ 432.511542][ C1] call_timer_fn+0x1a0/0x6b0
[ 432.516129][ C1] ? timer_fixup_activate+0x350/0x350
[ 432.521491][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 432.526425][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 432.531667][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 432.536861][ C1] ? tcp_write_timer_handler+0x9f0/0x9f0
[ 432.542483][ C1] __run_timers.part.0+0x674/0xa80
[ 432.547671][ C1] ? call_timer_fn+0x6b0/0x6b0
[ 432.552432][ C1] ? cpuacct_all_seq_show+0x520/0x520
[ 432.557790][ C1] ? kvm_sched_clock_read+0x14/0x40
[ 432.563150][ C1] ? sched_clock_cpu+0x69/0x2b0
[ 432.568013][ C1] run_timer_softirq+0xb3/0x1d0
[ 432.572939][ C1] __do_softirq+0x1d3/0x9c6
[ 432.577488][ C1] __irq_exit_rcu+0x123/0x180
[ 432.582154][ C1] irq_exit_rcu+0x5/0x20
[ 432.586474][ C1] sysvec_apic_timer_interrupt+0x93/0xc0
[ 432.592112][ C1]
[ 432.595035][ C1]
[ 432.597978][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 432.604092][ C1] RIP: 0010:acpi_idle_do_entry+0x1fd/0x2a0
[ 432.610090][ C1] Code: 89 de e8 56 0d f6 f7 84 db 75 ac e8 cd 10 f6 f7 e8 f8 87 fc f7 66 90 e8 c1 10 f6 f7 0f 00 2d 3a e6 ce 00 e8 b5 10 f6 f7 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 80 0d f6 f7 48 85 db
[ 432.629852][ C1] RSP: 0018:ffffc90000187d18 EFLAGS: 00000293
[ 432.635915][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 432.643914][ C1] RDX: ffff888011a23b00 RSI: ffffffff8985f54b RDI: 0000000000000000
[ 432.652582][ C1] RBP: ffff888145223064 R08: 0000000000000001 R09: 0000000000000001
[ 432.660905][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 432.669047][ C1] R13: ffff888145223000 R14: ffff888145223064 R15: ffff888146405804
[ 432.677120][ C1] ? acpi_idle_do_entry+0x1fb/0x2a0
[ 432.682400][ C1] ? acpi_idle_do_entry+0x1fb/0x2a0
[ 432.687599][ C1] acpi_idle_enter+0x364/0x500
[ 432.692352][ C1] cpuidle_enter_state+0x1ab/0xd30
[ 432.697539][ C1] ? tick_nohz_idle_stop_tick+0x5b1/0xbf0
[ 432.704046][ C1] cpuidle_enter+0x4a/0xa0
[ 432.708654][ C1] do_idle+0x3e8/0x590
[ 432.712744][ C1] ? arch_cpu_idle_exit+0x30/0x30
[ 432.717804][ C1] ? do_idle+0x13/0x590
[ 432.722011][ C1] cpu_startup_entry+0x14/0x20
[ 432.726791][ C1] start_secondary+0x21d/0x2b0
[ 432.731551][ C1] ? set_cpu_sibling_map+0x2270/0x2270
[ 432.737074][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 432.742989][ C1]
[ 432.746005][ C1]
[ 432.748314][ C1] Allocated by task 4074:
[ 432.752640][ C1] kasan_save_stack+0x1e/0x40
[ 432.757330][ C1] __kasan_slab_alloc+0x90/0xc0
[ 432.762195][ C1] kmem_cache_alloc+0x267/0x3b0
[ 432.767035][ C1] copy_net_ns+0x125/0x760
[ 432.771489][ C1] create_new_namespaces+0x3f6/0xb20
[ 432.776851][ C1] unshare_nsproxy_namespaces+0xc1/0x1f0
[ 432.782482][ C1] ksys_unshare+0x445/0x920
[ 432.787060][ C1] __x64_sys_unshare+0x2d/0x40
[ 432.791813][ C1] do_syscall_64+0x35/0xb0
[ 432.796231][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 432.802134][ C1]
[ 432.804445][ C1] Freed by task 47:
[ 432.808235][ C1] kasan_save_stack+0x1e/0x40
[ 432.812913][ C1] kasan_set_track+0x21/0x30
[ 432.817497][ C1] kasan_set_free_info+0x20/0x30
[ 432.822446][ C1] ____kasan_slab_free+0x166/0x1c0
[ 432.827544][ C1] slab_free_freelist_hook+0x8b/0x1c0
[ 432.833073][ C1] kmem_cache_free+0xeb/0x5b0
[ 432.837831][ C1] cleanup_net+0x8ba/0xb00
[ 432.842234][ C1] process_one_work+0x991/0x1610
[ 432.847178][ C1] worker_thread+0x665/0x1080
[ 432.851840][ C1] kthread+0x2e4/0x3a0
[ 432.855893][ C1] ret_from_fork+0x1f/0x30
[ 432.860479][ C1]
[ 432.862794][ C1] Last potentially related work creation:
[ 432.868487][ C1] kasan_save_stack+0x1e/0x40
[ 432.873173][ C1] __kasan_record_aux_stack+0xbe/0xd0
[ 432.878535][ C1] insert_work+0x48/0x350
[ 432.882854][ C1] __queue_work+0x625/0x1210
[ 432.887517][ C1] call_timer_fn+0x1a0/0x6b0
[ 432.892187][ C1] __run_timers.part.0+0x4a3/0xa80
[ 432.897289][ C1] run_timer_softirq+0x152/0x1d0
[ 432.902224][ C1] __do_softirq+0x1d3/0x9c6
[ 432.906722][ C1]
[ 432.909031][ C1] Second to last potentially related work creation:
[ 432.915680][ C1] kasan_save_stack+0x1e/0x40
[ 432.920346][ C1] __kasan_record_aux_stack+0xbe/0xd0
[ 432.925709][ C1] insert_work+0x48/0x350
[ 432.930200][ C1] __queue_work+0x625/0x1210
[ 432.935217][ C1] call_timer_fn+0x1a0/0x6b0
[ 432.939805][ C1] __run_timers.part.0+0x4a3/0xa80
[ 432.944900][ C1] run_timer_softirq+0x152/0x1d0
[ 432.949820][ C1] __do_softirq+0x1d3/0x9c6
[ 432.954333][ C1]
[ 432.956727][ C1] The buggy address belongs to the object at ffff8880215d1c40
[ 432.956727][ C1] which belongs to the cache net_namespace of size 6976
[ 432.971031][ C1] The buggy address is located 1861 bytes inside of
[ 432.971031][ C1] 6976-byte region [ffff8880215d1c40, ffff8880215d3780)
[ 432.984464][ C1]
[ 432.986882][ C1] The buggy address belongs to the physical page:
[ 432.993273][ C1] page:ffffea0000857400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x215d0
[ 433.003405][ C1] head:ffffea0000857400 order:3 compound_mapcount:0 compound_pincount:0
[ 433.011890][ C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 433.019970][ C1] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8880119db3c0
[ 433.028649][ C1] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 433.037238][ C1] page dumped because: kasan: bad access detected
[ 433.043838][ C1] page_owner tracks the page as allocated
[ 433.049551][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3617, tgid 3617 (syz-executor.0), ts 43544909169, free_ts 42387548041
[ 433.071175][ C1] get_page_from_freelist+0x109b/0x2ce0
[ 433.076723][ C1] __alloc_pages+0x1c7/0x510
[ 433.081329][ C1] alloc_pages+0x1a6/0x270
[ 433.085750][ C1] allocate_slab+0x27e/0x3d0
[ 433.090327][ C1] ___slab_alloc+0x7f1/0xe10
[ 433.094903][ C1] __slab_alloc.constprop.0+0x4d/0xa0
[ 433.100258][ C1] kmem_cache_alloc+0x38c/0x3b0
[ 433.105091][ C1] copy_net_ns+0x125/0x760
[ 433.109493][ C1] create_new_namespaces+0x3f6/0xb20
[ 433.114796][ C1] unshare_nsproxy_namespaces+0xc1/0x1f0
[ 433.120425][ C1] ksys_unshare+0x445/0x920
[ 433.124916][ C1] __x64_sys_unshare+0x2d/0x40
[ 433.129750][ C1] do_syscall_64+0x35/0xb0
[ 433.134242][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 433.140301][ C1] page last free stack trace:
[ 433.145002][ C1] free_pcp_prepare+0x5e4/0xd20
[ 433.149934][ C1] free_unref_page+0x19/0x4d0
[ 433.155036][ C1] __unfreeze_partials+0x17c/0x1a0
[ 433.160130][ C1] qlist_free_all+0x6a/0x170
[ 433.164711][ C1] kasan_quarantine_reduce+0x180/0x200
[ 433.170151][ C1] __kasan_slab_alloc+0xa2/0xc0
[ 433.174987][ C1] kmem_cache_alloc_node_trace+0x303/0x410
[ 433.180800][ C1] __get_vm_area_node+0xed/0x3f0
[ 433.185726][ C1] __vmalloc_node_range+0x250/0x13a0
[ 433.190997][ C1] vmalloc_user+0x67/0x80
[ 433.195315][ C1] kcov_ioctl+0x4b/0x6f0
[ 433.199544][ C1] __x64_sys_ioctl+0x193/0x200
[ 433.204291][ C1] do_syscall_64+0x35/0xb0
[ 433.208696][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 433.214575][ C1]
[ 433.216880][ C1] Memory state around the buggy address:
[ 433.222495][ C1] ffff8880215d2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 433.230551][ C1] ffff8880215d2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 433.238596][ C1] >ffff8880215d2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 433.246638][ C1] ^
[ 433.250694][ C1] ffff8880215d2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 433.258739][ C1] ffff8880215d2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 433.266781][ C1] ==================================================================
[ 433.274989][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 433.281660][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc7-syzkaller-01949-g62c07983bef9 #0
[ 433.291332][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 433.301393][ C1] Call Trace:
[ 433.304668][ C1]
[ 433.307508][ C1] dump_stack_lvl+0xcd/0x134
[ 433.312102][ C1] panic+0x2c8/0x627
[ 433.316025][ C1] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 433.322176][ C1] ? asm_common_interrupt+0x22/0x40
[ 433.327387][ C1] ? tcp_write_timer_handler+0x998/0x9f0
[ 433.333025][ C1] end_report.part.0+0x3f/0x7c
[ 433.337791][ C1] kasan_report.cold+0xa/0xf
[ 433.342381][ C1] ? tcp_write_timer_handler+0x998/0x9f0
[ 433.348027][ C1] tcp_write_timer_handler+0x998/0x9f0
[ 433.353489][ C1] tcp_write_timer+0xa2/0x2b0
[ 433.358252][ C1] ? tcp_write_timer_handler+0x9f0/0x9f0
[ 433.363933][ C1] call_timer_fn+0x1a0/0x6b0
[ 433.368551][ C1] ? timer_fixup_activate+0x350/0x350
[ 433.373926][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 433.378780][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 433.383988][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 433.389218][ C1] ? tcp_write_timer_handler+0x9f0/0x9f0
[ 433.394884][ C1] __run_timers.part.0+0x674/0xa80
[ 433.400007][ C1] ? call_timer_fn+0x6b0/0x6b0
[ 433.404774][ C1] ? cpuacct_all_seq_show+0x520/0x520
[ 433.410145][ C1] ? kvm_sched_clock_read+0x14/0x40
[ 433.415344][ C1] ? sched_clock_cpu+0x69/0x2b0
[ 433.420205][ C1] run_timer_softirq+0xb3/0x1d0
[ 433.425140][ C1] __do_softirq+0x1d3/0x9c6
[ 433.429732][ C1] __irq_exit_rcu+0x123/0x180
[ 433.434411][ C1] irq_exit_rcu+0x5/0x20
[ 433.438749][ C1] sysvec_apic_timer_interrupt+0x93/0xc0
[ 433.444387][ C1]
[ 433.447320][ C1]
[ 433.450247][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 433.456232][ C1] RIP: 0010:acpi_idle_do_entry+0x1fd/0x2a0
[ 433.462130][ C1] Code: 89 de e8 56 0d f6 f7 84 db 75 ac e8 cd 10 f6 f7 e8 f8 87 fc f7 66 90 e8 c1 10 f6 f7 0f 00 2d 3a e6 ce 00 e8 b5 10 f6 f7 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 80 0d f6 f7 48 85 db
[ 433.482087][ C1] RSP: 0018:ffffc90000187d18 EFLAGS: 00000293
[ 433.488416][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 433.496386][ C1] RDX: ffff888011a23b00 RSI: ffffffff8985f54b RDI: 0000000000000000
[ 433.504372][ C1] RBP: ffff888145223064 R08: 0000000000000001 R09: 0000000000000001
[ 433.512560][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 433.520638][ C1] R13: ffff888145223000 R14: ffff888145223064 R15: ffff888146405804
[ 433.528626][ C1] ? acpi_idle_do_entry+0x1fb/0x2a0
[ 433.533936][ C1] ? acpi_idle_do_entry+0x1fb/0x2a0
[ 433.539140][ C1] acpi_idle_enter+0x364/0x500
[ 433.543919][ C1] cpuidle_enter_state+0x1ab/0xd30
[ 433.549037][ C1] ? tick_nohz_idle_stop_tick+0x5b1/0xbf0
[ 433.554849][ C1] cpuidle_enter+0x4a/0xa0
[ 433.559336][ C1] do_idle+0x3e8/0x590
[ 433.563416][ C1] ? arch_cpu_idle_exit+0x30/0x30
[ 433.568445][ C1] ? do_idle+0x13/0x590
[ 433.572603][ C1] cpu_startup_entry+0x14/0x20
[ 433.577369][ C1] start_secondary+0x21d/0x2b0
[ 433.582139][ C1] ? set_cpu_sibling_map+0x2270/0x2270
[ 433.587687][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 433.593591][ C1]
[ 433.596764][ C1] Kernel Offset: disabled
[ 433.601082][ C1] Rebooting in 86400 seconds..