[ 44.726852][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.747837][ T8] device veth1_macvtap left promiscuous mode
[ 44.754743][ T8] device veth0_macvtap left promiscuous mode
[ 44.762166][ T8] device veth1_vlan left promiscuous mode
[ 44.768542][ T8] device veth0_vlan left promiscuous mode
[ 44.883063][ T8] team0 (unregistering): Port device team_slave_1 removed
[ 44.896896][ T8] team0 (unregistering): Port device team_slave_0 removed
[ 44.909493][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 44.923309][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 44.967233][ T8] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts.
[ 59.982805][ T4061] ==================================================================
[ 59.991249][ T4061] BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x77b/0x1b70
[ 59.999985][ T4061] Read of size 16 at addr ffff8880170cdf60 by task syz-executor215/4061
[ 60.008936][ T4061]
[ 60.011258][ T4061] CPU: 1 PID: 4061 Comm: syz-executor215 Not tainted 5.17.0-rc7-syzkaller #0
[ 60.020008][ T4061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 60.030237][ T4061] Call Trace:
[ 60.033497][ T4061]
[ 60.036582][ T4061] dump_stack_lvl+0x57/0x7d
[ 60.041061][ T4061] print_address_description.constprop.0.cold+0x8d/0x336
[ 60.048296][ T4061] ? decrypt_internal+0x77b/0x1b70
[ 60.053639][ T4061] ? decrypt_internal+0x77b/0x1b70
[ 60.058755][ T4061] kasan_report.cold+0x83/0xdf
[ 60.063506][ T4061] ? decrypt_internal+0x77b/0x1b70
[ 60.068593][ T4061] kasan_check_range+0x13d/0x180
[ 60.073765][ T4061] memcpy+0x20/0x60
[ 60.077751][ T4061] decrypt_internal+0x77b/0x1b70
[ 60.082783][ T4061] ? tls_get_rec+0x520/0x520
[ 60.087449][ T4061] ? sk_psock_get+0x2c0/0x2c0
[ 60.092204][ T4061] decrypt_skb_update+0xf9/0xa90
[ 60.097129][ T4061] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 60.103625][ T4061] tls_sw_recvmsg+0x496/0x1270
[ 60.108490][ T4061] ? decrypt_skb+0xa0/0xa0
[ 60.113428][ T4061] ? aa_sk_perm+0x1ab/0x820
[ 60.117934][ T4061] inet6_recvmsg+0xf2/0x490
[ 60.122875][ T4061] ? inet6_sk_rebuild_header+0x9d0/0x9d0
[ 60.128595][ T4061] ____sys_recvmsg+0x25e/0x620
[ 60.133442][ T4061] ? kernel_recvmsg+0x160/0x160
[ 60.138380][ T4061] ? iovec_from_user+0x142/0x290
[ 60.143324][ T4061] ? __copy_msghdr_from_user+0x86/0x3e0
[ 60.149080][ T4061] ? __import_iovec+0x50/0x540
[ 60.154010][ T4061] ? import_iovec+0xa4/0x150
[ 60.158864][ T4061] ___sys_recvmsg+0xe2/0x1a0
[ 60.163552][ T4061] ? __copy_msghdr_from_user+0x3e0/0x3e0
[ 60.169802][ T4061] ? lockdep_hardirqs_on+0x79/0x100
[ 60.175217][ T4061] ? lock_chain_count+0x20/0x20
[ 60.180165][ T4061] ? ___sys_sendmsg+0xe0/0x150
[ 60.185545][ T4061] ? kfree+0xd0/0x390
[ 60.189719][ T4061] ? __lock_acquire+0x15e4/0x5630
[ 60.195104][ T4061] ? __fget_light+0x4c/0x220
[ 60.199876][ T4061] do_recvmmsg+0x1c8/0x550
[ 60.204475][ T4061] ? ___sys_recvmsg+0x1a0/0x1a0
[ 60.209325][ T4061] ? find_held_lock+0x2d/0x110
[ 60.214176][ T4061] ? lock_downgrade+0x6e0/0x6e0
[ 60.219395][ T4061] __x64_sys_recvmmsg+0x19a/0x200
[ 60.224585][ T4061] ? __do_sys_socketcall+0x450/0x450
[ 60.229951][ T4061] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 60.236198][ T4061] ? syscall_enter_from_user_mode+0x21/0x70
[ 60.242791][ T4061] do_syscall_64+0x35/0xb0
[ 60.247189][ T4061] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 60.253438][ T4061] RIP: 0033:0x7fe9ff7c4f29
[ 60.258382][ T4061] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.278428][ T4061] RSP: 002b:00007fff39bb44f8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 60.287009][ T4061] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe9ff7c4f29
[ 60.295190][ T4061] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[ 60.303624][ T4061] RBP: 00007fe9ff7890d0 R08: 0000000000000000 R09: 0000000000000000
[ 60.311952][ T4061] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9ff789160
[ 60.320272][ T4061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 60.328546][ T4061]
[ 60.331555][ T4061]
[ 60.333870][ T4061] Allocated by task 4061:
[ 60.338528][ T4061] kasan_save_stack+0x1e/0x40
[ 60.343447][ T4061] __kasan_kmalloc+0xa9/0xd0
[ 60.348112][ T4061] tls_set_sw_offload+0x78f/0x13e0
[ 60.353482][ T4061] tls_setsockopt+0x921/0xda0
[ 60.358141][ T4061] __sys_setsockopt+0x1fd/0x4e0
[ 60.362963][ T4061] __x64_sys_setsockopt+0xb5/0x150
[ 60.368059][ T4061] do_syscall_64+0x35/0xb0
[ 60.372446][ T4061] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 60.378674][ T4061]
[ 60.380981][ T4061] The buggy address belongs to the object at ffff8880170cdf60
[ 60.380981][ T4061] which belongs to the cache kmalloc-16 of size 16
[ 60.395140][ T4061] The buggy address is located 0 bytes inside of
[ 60.395140][ T4061] 16-byte region [ffff8880170cdf60, ffff8880170cdf70)
[ 60.408422][ T4061] The buggy address belongs to the page:
[ 60.414170][ T4061] page:ffffea00005c3340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x170cd
[ 60.424308][ T4061] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 60.431825][ T4061] raw: 00fff00000000200 ffffea00005ec880 dead000000000002 ffff88800fc413c0
[ 60.440398][ T4061] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 60.449215][ T4061] page dumped because: kasan: bad access detected
[ 60.455734][ T4061] page_owner tracks the page as allocated
[ 60.461434][ T4061] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 6411691894, free_ts 6054758270
[ 60.477174][ T4061] get_page_from_freelist+0xa6f/0x2f10
[ 60.483051][ T4061] __alloc_pages+0x1b2/0x500
[ 60.487703][ T4061] alloc_page_interleave+0xf/0x1c0
[ 60.492788][ T4061] allocate_slab+0x27f/0x3c0
[ 60.497362][ T4061] ___slab_alloc+0xbe3/0x12a0
[ 60.502205][ T4061] __slab_alloc.constprop.0+0x4d/0xa0
[ 60.508551][ T4061] __kmalloc+0x372/0x450
[ 60.513128][ T4061] usb_hcd_submit_urb+0x5d8/0x1f90
[ 60.518303][ T4061] usb_start_wait_urb+0xf9/0x450
[ 60.523219][ T4061] usb_control_msg+0x306/0x460
[ 60.527957][ T4061] usb_control_msg_send+0xac/0x100
[ 60.533035][ T4061] usb_set_configuration+0x8c5/0x18b0
[ 60.538373][ T4061] usb_generic_driver_probe+0x74/0xa0
[ 60.543886][ T4061] usb_probe_device+0x95/0x240
[ 60.548621][ T4061] really_probe+0x1c2/0xb60
[ 60.553266][ T4061] __driver_probe_device+0x2a6/0x460
[ 60.558606][ T4061] page last free stack trace:
[ 60.563337][ T4061] free_pcp_prepare+0x374/0x870
[ 60.568164][ T4061] free_unref_page+0x19/0x690
[ 60.572818][ T4061] __vunmap+0x5af/0x9e0
[ 60.577150][ T4061] free_work+0x4b/0x70
[ 60.581203][ T4061] process_one_work+0x879/0x1410
[ 60.586211][ T4061] worker_thread+0x5a0/0xf60
[ 60.590965][ T4061] kthread+0x299/0x340
[ 60.595017][ T4061] ret_from_fork+0x1f/0x30
[ 60.599502][ T4061]
[ 60.601914][ T4061] Memory state around the buggy address:
[ 60.607674][ T4061] ffff8880170cde00: 00 03 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 60.615727][ T4061] ffff8880170cde80: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 60.624037][ T4061] >ffff8880170cdf00: 00 00 fc fc 00 00 fc fc 00 07 fc fc 00 04 fc fc
[ 60.632341][ T4061] ^
[ 60.639876][ T4061] ffff8880170cdf80: fa fb fc fc fb fb fc fc 00 00 fc fc 00 00 fc fc
[ 60.648098][ T4061] ffff8880170ce000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.656502][ T4061] ==================================================================
[ 60.664779][ T4061] Disabling lock debugging due to kernel taint
[ 60.671237][ T4061] Kernel panic - not syncing: panic_on_warn set ...
[ 60.677835][ T4061] CPU: 0 PID: 4061 Comm: syz-executor215 Tainted: G B 5.17.0-rc7-syzkaller #0
[ 60.688140][ T4061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 60.698297][ T4061] Call Trace:
[ 60.701614][ T4061]
[ 60.704522][ T4061] dump_stack_lvl+0x57/0x7d
[ 60.709004][ T4061] panic+0x214/0x49f
[ 60.712885][ T4061] ? __warn_printk+0xee/0xee
[ 60.717449][ T4061] ? preempt_schedule_common+0x59/0xc0
[ 60.723063][ T4061] ? decrypt_internal+0x77b/0x1b70
[ 60.728152][ T4061] ? preempt_schedule_thunk+0x16/0x18
[ 60.733491][ T4061] ? decrypt_internal+0x77b/0x1b70
[ 60.738569][ T4061] ? decrypt_internal+0x77b/0x1b70
[ 60.743910][ T4061] end_report.cold+0x63/0x6f
[ 60.748468][ T4061] kasan_report.cold+0x71/0xdf
[ 60.753298][ T4061] ? decrypt_internal+0x77b/0x1b70
[ 60.758376][ T4061] kasan_check_range+0x13d/0x180
[ 60.763603][ T4061] memcpy+0x20/0x60
[ 60.767433][ T4061] decrypt_internal+0x77b/0x1b70
[ 60.772359][ T4061] ? tls_get_rec+0x520/0x520
[ 60.776939][ T4061] ? sk_psock_get+0x2c0/0x2c0
[ 60.781588][ T4061] decrypt_skb_update+0xf9/0xa90
[ 60.786497][ T4061] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 60.792459][ T4061] tls_sw_recvmsg+0x496/0x1270
[ 60.797216][ T4061] ? decrypt_skb+0xa0/0xa0
[ 60.801626][ T4061] ? aa_sk_perm+0x1ab/0x820
[ 60.806377][ T4061] inet6_recvmsg+0xf2/0x490
[ 60.810893][ T4061] ? inet6_sk_rebuild_header+0x9d0/0x9d0
[ 60.816506][ T4061] ____sys_recvmsg+0x25e/0x620
[ 60.821416][ T4061] ? kernel_recvmsg+0x160/0x160
[ 60.826322][ T4061] ? iovec_from_user+0x142/0x290
[ 60.831258][ T4061] ? __copy_msghdr_from_user+0x86/0x3e0
[ 60.836787][ T4061] ? __import_iovec+0x50/0x540
[ 60.841519][ T4061] ? import_iovec+0xa4/0x150
[ 60.846083][ T4061] ___sys_recvmsg+0xe2/0x1a0
[ 60.850641][ T4061] ? __copy_msghdr_from_user+0x3e0/0x3e0
[ 60.856238][ T4061] ? lockdep_hardirqs_on+0x79/0x100
[ 60.861404][ T4061] ? lock_chain_count+0x20/0x20
[ 60.866321][ T4061] ? ___sys_sendmsg+0xe0/0x150
[ 60.871055][ T4061] ? kfree+0xd0/0x390
[ 60.875028][ T4061] ? __lock_acquire+0x15e4/0x5630
[ 60.880030][ T4061] ? __fget_light+0x4c/0x220
[ 60.884602][ T4061] do_recvmmsg+0x1c8/0x550
[ 60.888988][ T4061] ? ___sys_recvmsg+0x1a0/0x1a0
[ 60.894084][ T4061] ? find_held_lock+0x2d/0x110
[ 60.898819][ T4061] ? lock_downgrade+0x6e0/0x6e0
[ 60.903726][ T4061] __x64_sys_recvmmsg+0x19a/0x200
[ 60.908807][ T4061] ? __do_sys_socketcall+0x450/0x450
[ 60.914072][ T4061] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 60.920115][ T4061] ? syscall_enter_from_user_mode+0x21/0x70
[ 60.925974][ T4061] do_syscall_64+0x35/0xb0
[ 60.930364][ T4061] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 60.936230][ T4061] RIP: 0033:0x7fe9ff7c4f29
[ 60.940615][ T4061] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.960283][ T4061] RSP: 002b:00007fff39bb44f8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 60.968666][ T4061] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe9ff7c4f29
[ 60.976606][ T4061] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[ 60.984654][ T4061] RBP: 00007fe9ff7890d0 R08: 0000000000000000 R09: 0000000000000000
[ 60.992593][ T4061] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9ff789160
[ 61.000538][ T4061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 61.008676][ T4061]
[ 61.011925][ T4061] Kernel Offset: disabled
[ 61.016331][ T4061] Rebooting in 86400 seconds..