[   50.803562][   T90] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.826206][   T90] device veth1_macvtap left promiscuous mode
[   50.832850][   T90] device veth0_macvtap left promiscuous mode
[   50.839055][   T90] device veth1_vlan left promiscuous mode
[   50.847487][   T90] device veth0_vlan left promiscuous mode
[   51.037263][   T90] team0 (unregistering): Port device team_slave_1 removed
[   51.052778][   T90] team0 (unregistering): Port device team_slave_0 removed
[   51.068235][   T90] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   51.085412][   T90] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   51.137497][   T90] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
[   65.333603][ T4058] ==================================================================
[   65.342082][ T4058] BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x77b/0x1b70
[   65.350233][ T4058] Read of size 16 at addr ffff88801c9b7840 by task syz-executor285/4058
[   65.358587][ T4058] 
[   65.360902][ T4058] CPU: 0 PID: 4058 Comm: syz-executor285 Not tainted 5.17.0-rc3-syzkaller #0
[   65.369908][ T4058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.379975][ T4058] Call Trace:
[   65.383380][ T4058]  <TASK>
[   65.386743][ T4058]  dump_stack_lvl+0x57/0x7d
[   65.391243][ T4058]  print_address_description.constprop.0.cold+0x8d/0x336
[   65.398249][ T4058]  ? decrypt_internal+0x77b/0x1b70
[   65.403356][ T4058]  ? decrypt_internal+0x77b/0x1b70
[   65.408475][ T4058]  kasan_report.cold+0x83/0xdf
[   65.413285][ T4058]  ? decrypt_internal+0x77b/0x1b70
[   65.418383][ T4058]  kasan_check_range+0x13d/0x180
[   65.423388][ T4058]  memcpy+0x20/0x60
[   65.427247][ T4058]  decrypt_internal+0x77b/0x1b70
[   65.432178][ T4058]  ? tls_get_rec+0x520/0x520
[   65.436771][ T4058]  ? sk_psock_get+0x2c0/0x2c0
[   65.441429][ T4058]  decrypt_skb_update+0xf9/0xa90
[   65.446341][ T4058]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   65.452324][ T4058]  tls_sw_recvmsg+0x496/0x1270
[   65.457251][ T4058]  ? decrypt_skb+0xa0/0xa0
[   65.461645][ T4058]  ? aa_sk_perm+0x1ab/0x820
[   65.466124][ T4058]  inet6_recvmsg+0xf2/0x490
[   65.470765][ T4058]  ? inet6_sk_rebuild_header+0x9d0/0x9d0
[   65.476590][ T4058]  ____sys_recvmsg+0x25e/0x620
[   65.481613][ T4058]  ? kernel_recvmsg+0x160/0x160
[   65.486462][ T4058]  ? iovec_from_user+0x142/0x290
[   65.491396][ T4058]  ? __copy_msghdr_from_user+0x86/0x3e0
[   65.497075][ T4058]  ? __import_iovec+0x50/0x540
[   65.501834][ T4058]  ? import_iovec+0xa4/0x150
[   65.506409][ T4058]  ___sys_recvmsg+0xe2/0x1a0
[   65.511072][ T4058]  ? __copy_msghdr_from_user+0x3e0/0x3e0
[   65.516778][ T4058]  ? lock_chain_count+0x20/0x20
[   65.521609][ T4058]  ? lock_chain_count+0x20/0x20
[   65.526432][ T4058]  ? ___sys_sendmsg+0xe0/0x150
[   65.531173][ T4058]  ? kfree+0xcb/0x280
[   65.535141][ T4058]  ? ___sys_sendmsg+0xe0/0x150
[   65.540147][ T4058]  ? __fget_light+0x4c/0x220
[   65.544752][ T4058]  do_recvmmsg+0x1c8/0x550
[   65.549149][ T4058]  ? ___sys_recvmsg+0x1a0/0x1a0
[   65.553971][ T4058]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   65.560122][ T4058]  ? 0xffffffff81000000
[   65.564371][ T4058]  ? lock_downgrade+0x6e0/0x6e0
[   65.569249][ T4058]  ? __context_tracking_enter+0x93/0xa0
[   65.574797][ T4058]  __x64_sys_recvmmsg+0x19a/0x200
[   65.579818][ T4058]  ? __do_sys_socketcall+0x450/0x450
[   65.585252][ T4058]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   65.591383][ T4058]  ? syscall_enter_from_user_mode+0x21/0x70
[   65.597273][ T4058]  do_syscall_64+0x35/0xb0
[   65.602070][ T4058]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   65.607947][ T4058] RIP: 0033:0x7fb60f8eff29
[   65.612379][ T4058] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   65.632458][ T4058] RSP: 002b:00007ffc362332e8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   65.641149][ T4058] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb60f8eff29
[   65.649196][ T4058] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[   65.657239][ T4058] RBP: 00007fb60f8b40d0 R08: 0000000000000000 R09: 0000000000000000
[   65.665212][ T4058] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb60f8b4160
[   65.673170][ T4058] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   65.681136][ T4058]  </TASK>
[   65.684160][ T4058] 
[   65.686482][ T4058] Allocated by task 4058:
[   65.690800][ T4058]  kasan_save_stack+0x1e/0x40
[   65.695472][ T4058]  __kasan_kmalloc+0xa9/0xd0
[   65.700038][ T4058]  tls_set_sw_offload+0x78f/0x13e0
[   65.705212][ T4058]  tls_setsockopt+0x921/0xda0
[   65.709860][ T4058]  __sys_setsockopt+0x1fd/0x4e0
[   65.714693][ T4058]  __x64_sys_setsockopt+0xb5/0x150
[   65.719777][ T4058]  do_syscall_64+0x35/0xb0
[   65.724179][ T4058]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   65.730052][ T4058] 
[   65.732355][ T4058] The buggy address belongs to the object at ffff88801c9b7840
[   65.732355][ T4058]  which belongs to the cache kmalloc-16 of size 16
[   65.746401][ T4058] The buggy address is located 0 bytes inside of
[   65.746401][ T4058]  16-byte region [ffff88801c9b7840, ffff88801c9b7850)
[   65.759661][ T4058] The buggy address belongs to the page:
[   65.765356][ T4058] page:ffffea0000726dc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801c9b7ea0 pfn:0x1c9b7
[   65.776860][ T4058] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   65.784466][ T4058] raw: 00fff00000000200 ffffea00006beb00 dead000000000002 ffff88800fc413c0
[   65.793017][ T4058] raw: ffff88801c9b7ea0 000000008080006f 00000001ffffffff 0000000000000000
[   65.801926][ T4058] page dumped because: kasan: bad access detected
[   65.808403][ T4058] page_owner tracks the page as allocated
[   65.814133][ T4058] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 7, ts 6128593379, free_ts 6072223341
[   65.830154][ T4058]  get_page_from_freelist+0xa6f/0x2f10
[   65.835711][ T4058]  __alloc_pages+0x1b2/0x500
[   65.840739][ T4058]  new_slab+0x28a/0x3b0
[   65.845297][ T4058]  ___slab_alloc+0x87e/0xe80
[   65.849973][ T4058]  __slab_alloc.constprop.0+0x4d/0xa0
[   65.855345][ T4058]  __kmalloc+0x2fb/0x340
[   65.859653][ T4058]  usb_hcd_submit_urb+0x5d8/0x1f90
[   65.864829][ T4058]  usb_start_wait_urb+0xf9/0x450
[   65.869937][ T4058]  usb_control_msg+0x306/0x460
[   65.875032][ T4058]  hub_ext_port_status+0xf8/0x3c0
[   65.880311][ T4058]  hub_activate+0x645/0x15d0
[   65.884930][ T4058]  process_one_work+0x879/0x1410
[   65.890034][ T4058]  worker_thread+0x5a0/0xf60
[   65.894698][ T4058]  kthread+0x299/0x340
[   65.899029][ T4058]  ret_from_fork+0x1f/0x30
[   65.903604][ T4058] page last free stack trace:
[   65.908311][ T4058]  free_pcp_prepare+0x374/0x870
[   65.913158][ T4058]  free_unref_page_list+0x1a9/0xfa0
[   65.918784][ T4058]  release_pages+0x223/0xee0
[   65.923363][ T4058]  tlb_finish_mmu+0x127/0x790
[   65.928189][ T4058]  exit_mmap+0x1d1/0x580
[   65.932400][ T4058]  __mmput+0xed/0x430
[   65.936367][ T4058]  free_bprm+0x5b/0x290
[   65.940510][ T4058]  kernel_execve+0x2cc/0x3e0
[   65.945068][ T4058]  call_usermodehelper_exec_async+0x2c1/0x500
[   65.951115][ T4058]  ret_from_fork+0x1f/0x30
[   65.956094][ T4058] 
[   65.958401][ T4058] Memory state around the buggy address:
[   65.964024][ T4058]  ffff88801c9b7700: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[   65.972120][ T4058]  ffff88801c9b7780: fb fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   65.980701][ T4058] >ffff88801c9b7800: fa fb fc fc fa fb fc fc 00 04 fc fc 00 00 fc fc
[   65.988847][ T4058]                                               ^
[   65.995509][ T4058]  ffff88801c9b7880: 00 00 fc fc 00 00 fc fc 00 03 fc fc 00 07 fc fc
[   66.003543][ T4058]  ffff88801c9b7900: fb fb fc fc fb fb fc fc fb fb fc fc 00 00 fc fc
[   66.011572][ T4058] ==================================================================
[   66.019791][ T4058] Disabling lock debugging due to kernel taint
[   66.026595][ T4058] Kernel panic - not syncing: panic_on_warn set ...
[   66.033350][ T4058] CPU: 0 PID: 4058 Comm: syz-executor285 Tainted: G    B             5.17.0-rc3-syzkaller #0
[   66.043479][ T4058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.053605][ T4058] Call Trace:
[   66.057326][ T4058]  <TASK>
[   66.060421][ T4058]  dump_stack_lvl+0x57/0x7d
[   66.064904][ T4058]  panic+0x214/0x49f
[   66.068868][ T4058]  ? __warn_printk+0xee/0xee
[   66.073516][ T4058]  ? preempt_schedule_common+0x59/0xc0
[   66.078972][ T4058]  ? decrypt_internal+0x77b/0x1b70
[   66.084056][ T4058]  ? preempt_schedule_thunk+0x16/0x18
[   66.089416][ T4058]  ? decrypt_internal+0x77b/0x1b70
[   66.094505][ T4058]  ? decrypt_internal+0x77b/0x1b70
[   66.099591][ T4058]  end_report.cold+0x63/0x6f
[   66.104155][ T4058]  kasan_report.cold+0x71/0xdf
[   66.108977][ T4058]  ? decrypt_internal+0x77b/0x1b70
[   66.115281][ T4058]  kasan_check_range+0x13d/0x180
[   66.120194][ T4058]  memcpy+0x20/0x60
[   66.123983][ T4058]  decrypt_internal+0x77b/0x1b70
[   66.128907][ T4058]  ? tls_get_rec+0x520/0x520
[   66.133486][ T4058]  ? sk_psock_get+0x2c0/0x2c0
[   66.138154][ T4058]  decrypt_skb_update+0xf9/0xa90
[   66.143069][ T4058]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   66.149129][ T4058]  tls_sw_recvmsg+0x496/0x1270
[   66.154058][ T4058]  ? decrypt_skb+0xa0/0xa0
[   66.158445][ T4058]  ? aa_sk_perm+0x1ab/0x820
[   66.163267][ T4058]  inet6_recvmsg+0xf2/0x490
[   66.167948][ T4058]  ? inet6_sk_rebuild_header+0x9d0/0x9d0
[   66.173592][ T4058]  ____sys_recvmsg+0x25e/0x620
[   66.178378][ T4058]  ? kernel_recvmsg+0x160/0x160
[   66.183379][ T4058]  ? iovec_from_user+0x142/0x290
[   66.188292][ T4058]  ? __copy_msghdr_from_user+0x86/0x3e0
[   66.193898][ T4058]  ? __import_iovec+0x50/0x540
[   66.199089][ T4058]  ? import_iovec+0xa4/0x150
[   66.203651][ T4058]  ___sys_recvmsg+0xe2/0x1a0
[   66.208299][ T4058]  ? __copy_msghdr_from_user+0x3e0/0x3e0
[   66.213916][ T4058]  ? lock_chain_count+0x20/0x20
[   66.218756][ T4058]  ? lock_chain_count+0x20/0x20
[   66.223661][ T4058]  ? ___sys_sendmsg+0xe0/0x150
[   66.228398][ T4058]  ? kfree+0xcb/0x280
[   66.232357][ T4058]  ? ___sys_sendmsg+0xe0/0x150
[   66.237267][ T4058]  ? __fget_light+0x4c/0x220
[   66.242016][ T4058]  do_recvmmsg+0x1c8/0x550
[   66.246494][ T4058]  ? ___sys_recvmsg+0x1a0/0x1a0
[   66.251318][ T4058]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   66.257356][ T4058]  ? 0xffffffff81000000
[   66.261490][ T4058]  ? lock_downgrade+0x6e0/0x6e0
[   66.266330][ T4058]  ? __context_tracking_enter+0x93/0xa0
[   66.271857][ T4058]  __x64_sys_recvmmsg+0x19a/0x200
[   66.276867][ T4058]  ? __do_sys_socketcall+0x450/0x450
[   66.282212][ T4058]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   66.288170][ T4058]  ? syscall_enter_from_user_mode+0x21/0x70
[   66.294051][ T4058]  do_syscall_64+0x35/0xb0
[   66.298452][ T4058]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   66.304328][ T4058] RIP: 0033:0x7fb60f8eff29
[   66.308727][ T4058] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   66.328309][ T4058] RSP: 002b:00007ffc362332e8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   66.336777][ T4058] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb60f8eff29
[   66.344719][ T4058] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[   66.352926][ T4058] RBP: 00007fb60f8b40d0 R08: 0000000000000000 R09: 0000000000000000
[   66.360877][ T4058] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb60f8b4160
[   66.368831][ T4058] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   66.376808][ T4058]  </TASK>
[   66.380051][ T4058] Kernel Offset: disabled
[   66.384620][ T4058] Rebooting in 86400 seconds..