[   44.726852][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.747837][    T8] device veth1_macvtap left promiscuous mode
[   44.754743][    T8] device veth0_macvtap left promiscuous mode
[   44.762166][    T8] device veth1_vlan left promiscuous mode
[   44.768542][    T8] device veth0_vlan left promiscuous mode
[   44.883063][    T8] team0 (unregistering): Port device team_slave_1 removed
[   44.896896][    T8] team0 (unregistering): Port device team_slave_0 removed
[   44.909493][    T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   44.923309][    T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   44.967233][    T8] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts.
[   59.982805][ T4061] ==================================================================
[   59.991249][ T4061] BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x77b/0x1b70
[   59.999985][ T4061] Read of size 16 at addr ffff8880170cdf60 by task syz-executor215/4061
[   60.008936][ T4061] 
[   60.011258][ T4061] CPU: 1 PID: 4061 Comm: syz-executor215 Not tainted 5.17.0-rc7-syzkaller #0
[   60.020008][ T4061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.030237][ T4061] Call Trace:
[   60.033497][ T4061]  <TASK>
[   60.036582][ T4061]  dump_stack_lvl+0x57/0x7d
[   60.041061][ T4061]  print_address_description.constprop.0.cold+0x8d/0x336
[   60.048296][ T4061]  ? decrypt_internal+0x77b/0x1b70
[   60.053639][ T4061]  ? decrypt_internal+0x77b/0x1b70
[   60.058755][ T4061]  kasan_report.cold+0x83/0xdf
[   60.063506][ T4061]  ? decrypt_internal+0x77b/0x1b70
[   60.068593][ T4061]  kasan_check_range+0x13d/0x180
[   60.073765][ T4061]  memcpy+0x20/0x60
[   60.077751][ T4061]  decrypt_internal+0x77b/0x1b70
[   60.082783][ T4061]  ? tls_get_rec+0x520/0x520
[   60.087449][ T4061]  ? sk_psock_get+0x2c0/0x2c0
[   60.092204][ T4061]  decrypt_skb_update+0xf9/0xa90
[   60.097129][ T4061]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   60.103625][ T4061]  tls_sw_recvmsg+0x496/0x1270
[   60.108490][ T4061]  ? decrypt_skb+0xa0/0xa0
[   60.113428][ T4061]  ? aa_sk_perm+0x1ab/0x820
[   60.117934][ T4061]  inet6_recvmsg+0xf2/0x490
[   60.122875][ T4061]  ? inet6_sk_rebuild_header+0x9d0/0x9d0
[   60.128595][ T4061]  ____sys_recvmsg+0x25e/0x620
[   60.133442][ T4061]  ? kernel_recvmsg+0x160/0x160
[   60.138380][ T4061]  ? iovec_from_user+0x142/0x290
[   60.143324][ T4061]  ? __copy_msghdr_from_user+0x86/0x3e0
[   60.149080][ T4061]  ? __import_iovec+0x50/0x540
[   60.154010][ T4061]  ? import_iovec+0xa4/0x150
[   60.158864][ T4061]  ___sys_recvmsg+0xe2/0x1a0
[   60.163552][ T4061]  ? __copy_msghdr_from_user+0x3e0/0x3e0
[   60.169802][ T4061]  ? lockdep_hardirqs_on+0x79/0x100
[   60.175217][ T4061]  ? lock_chain_count+0x20/0x20
[   60.180165][ T4061]  ? ___sys_sendmsg+0xe0/0x150
[   60.185545][ T4061]  ? kfree+0xd0/0x390
[   60.189719][ T4061]  ? __lock_acquire+0x15e4/0x5630
[   60.195104][ T4061]  ? __fget_light+0x4c/0x220
[   60.199876][ T4061]  do_recvmmsg+0x1c8/0x550
[   60.204475][ T4061]  ? ___sys_recvmsg+0x1a0/0x1a0
[   60.209325][ T4061]  ? find_held_lock+0x2d/0x110
[   60.214176][ T4061]  ? lock_downgrade+0x6e0/0x6e0
[   60.219395][ T4061]  __x64_sys_recvmmsg+0x19a/0x200
[   60.224585][ T4061]  ? __do_sys_socketcall+0x450/0x450
[   60.229951][ T4061]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   60.236198][ T4061]  ? syscall_enter_from_user_mode+0x21/0x70
[   60.242791][ T4061]  do_syscall_64+0x35/0xb0
[   60.247189][ T4061]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   60.253438][ T4061] RIP: 0033:0x7fe9ff7c4f29
[   60.258382][ T4061] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.278428][ T4061] RSP: 002b:00007fff39bb44f8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   60.287009][ T4061] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe9ff7c4f29
[   60.295190][ T4061] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[   60.303624][ T4061] RBP: 00007fe9ff7890d0 R08: 0000000000000000 R09: 0000000000000000
[   60.311952][ T4061] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9ff789160
[   60.320272][ T4061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   60.328546][ T4061]  </TASK>
[   60.331555][ T4061] 
[   60.333870][ T4061] Allocated by task 4061:
[   60.338528][ T4061]  kasan_save_stack+0x1e/0x40
[   60.343447][ T4061]  __kasan_kmalloc+0xa9/0xd0
[   60.348112][ T4061]  tls_set_sw_offload+0x78f/0x13e0
[   60.353482][ T4061]  tls_setsockopt+0x921/0xda0
[   60.358141][ T4061]  __sys_setsockopt+0x1fd/0x4e0
[   60.362963][ T4061]  __x64_sys_setsockopt+0xb5/0x150
[   60.368059][ T4061]  do_syscall_64+0x35/0xb0
[   60.372446][ T4061]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   60.378674][ T4061] 
[   60.380981][ T4061] The buggy address belongs to the object at ffff8880170cdf60
[   60.380981][ T4061]  which belongs to the cache kmalloc-16 of size 16
[   60.395140][ T4061] The buggy address is located 0 bytes inside of
[   60.395140][ T4061]  16-byte region [ffff8880170cdf60, ffff8880170cdf70)
[   60.408422][ T4061] The buggy address belongs to the page:
[   60.414170][ T4061] page:ffffea00005c3340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x170cd
[   60.424308][ T4061] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   60.431825][ T4061] raw: 00fff00000000200 ffffea00005ec880 dead000000000002 ffff88800fc413c0
[   60.440398][ T4061] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[   60.449215][ T4061] page dumped because: kasan: bad access detected
[   60.455734][ T4061] page_owner tracks the page as allocated
[   60.461434][ T4061] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 6411691894, free_ts 6054758270
[   60.477174][ T4061]  get_page_from_freelist+0xa6f/0x2f10
[   60.483051][ T4061]  __alloc_pages+0x1b2/0x500
[   60.487703][ T4061]  alloc_page_interleave+0xf/0x1c0
[   60.492788][ T4061]  allocate_slab+0x27f/0x3c0
[   60.497362][ T4061]  ___slab_alloc+0xbe3/0x12a0
[   60.502205][ T4061]  __slab_alloc.constprop.0+0x4d/0xa0
[   60.508551][ T4061]  __kmalloc+0x372/0x450
[   60.513128][ T4061]  usb_hcd_submit_urb+0x5d8/0x1f90
[   60.518303][ T4061]  usb_start_wait_urb+0xf9/0x450
[   60.523219][ T4061]  usb_control_msg+0x306/0x460
[   60.527957][ T4061]  usb_control_msg_send+0xac/0x100
[   60.533035][ T4061]  usb_set_configuration+0x8c5/0x18b0
[   60.538373][ T4061]  usb_generic_driver_probe+0x74/0xa0
[   60.543886][ T4061]  usb_probe_device+0x95/0x240
[   60.548621][ T4061]  really_probe+0x1c2/0xb60
[   60.553266][ T4061]  __driver_probe_device+0x2a6/0x460
[   60.558606][ T4061] page last free stack trace:
[   60.563337][ T4061]  free_pcp_prepare+0x374/0x870
[   60.568164][ T4061]  free_unref_page+0x19/0x690
[   60.572818][ T4061]  __vunmap+0x5af/0x9e0
[   60.577150][ T4061]  free_work+0x4b/0x70
[   60.581203][ T4061]  process_one_work+0x879/0x1410
[   60.586211][ T4061]  worker_thread+0x5a0/0xf60
[   60.590965][ T4061]  kthread+0x299/0x340
[   60.595017][ T4061]  ret_from_fork+0x1f/0x30
[   60.599502][ T4061] 
[   60.601914][ T4061] Memory state around the buggy address:
[   60.607674][ T4061]  ffff8880170cde00: 00 03 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[   60.615727][ T4061]  ffff8880170cde80: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[   60.624037][ T4061] >ffff8880170cdf00: 00 00 fc fc 00 00 fc fc 00 07 fc fc 00 04 fc fc
[   60.632341][ T4061]                                                           ^
[   60.639876][ T4061]  ffff8880170cdf80: fa fb fc fc fb fb fc fc 00 00 fc fc 00 00 fc fc
[   60.648098][ T4061]  ffff8880170ce000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   60.656502][ T4061] ==================================================================
[   60.664779][ T4061] Disabling lock debugging due to kernel taint
[   60.671237][ T4061] Kernel panic - not syncing: panic_on_warn set ...
[   60.677835][ T4061] CPU: 0 PID: 4061 Comm: syz-executor215 Tainted: G    B             5.17.0-rc7-syzkaller #0
[   60.688140][ T4061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.698297][ T4061] Call Trace:
[   60.701614][ T4061]  <TASK>
[   60.704522][ T4061]  dump_stack_lvl+0x57/0x7d
[   60.709004][ T4061]  panic+0x214/0x49f
[   60.712885][ T4061]  ? __warn_printk+0xee/0xee
[   60.717449][ T4061]  ? preempt_schedule_common+0x59/0xc0
[   60.723063][ T4061]  ? decrypt_internal+0x77b/0x1b70
[   60.728152][ T4061]  ? preempt_schedule_thunk+0x16/0x18
[   60.733491][ T4061]  ? decrypt_internal+0x77b/0x1b70
[   60.738569][ T4061]  ? decrypt_internal+0x77b/0x1b70
[   60.743910][ T4061]  end_report.cold+0x63/0x6f
[   60.748468][ T4061]  kasan_report.cold+0x71/0xdf
[   60.753298][ T4061]  ? decrypt_internal+0x77b/0x1b70
[   60.758376][ T4061]  kasan_check_range+0x13d/0x180
[   60.763603][ T4061]  memcpy+0x20/0x60
[   60.767433][ T4061]  decrypt_internal+0x77b/0x1b70
[   60.772359][ T4061]  ? tls_get_rec+0x520/0x520
[   60.776939][ T4061]  ? sk_psock_get+0x2c0/0x2c0
[   60.781588][ T4061]  decrypt_skb_update+0xf9/0xa90
[   60.786497][ T4061]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   60.792459][ T4061]  tls_sw_recvmsg+0x496/0x1270
[   60.797216][ T4061]  ? decrypt_skb+0xa0/0xa0
[   60.801626][ T4061]  ? aa_sk_perm+0x1ab/0x820
[   60.806377][ T4061]  inet6_recvmsg+0xf2/0x490
[   60.810893][ T4061]  ? inet6_sk_rebuild_header+0x9d0/0x9d0
[   60.816506][ T4061]  ____sys_recvmsg+0x25e/0x620
[   60.821416][ T4061]  ? kernel_recvmsg+0x160/0x160
[   60.826322][ T4061]  ? iovec_from_user+0x142/0x290
[   60.831258][ T4061]  ? __copy_msghdr_from_user+0x86/0x3e0
[   60.836787][ T4061]  ? __import_iovec+0x50/0x540
[   60.841519][ T4061]  ? import_iovec+0xa4/0x150
[   60.846083][ T4061]  ___sys_recvmsg+0xe2/0x1a0
[   60.850641][ T4061]  ? __copy_msghdr_from_user+0x3e0/0x3e0
[   60.856238][ T4061]  ? lockdep_hardirqs_on+0x79/0x100
[   60.861404][ T4061]  ? lock_chain_count+0x20/0x20
[   60.866321][ T4061]  ? ___sys_sendmsg+0xe0/0x150
[   60.871055][ T4061]  ? kfree+0xd0/0x390
[   60.875028][ T4061]  ? __lock_acquire+0x15e4/0x5630
[   60.880030][ T4061]  ? __fget_light+0x4c/0x220
[   60.884602][ T4061]  do_recvmmsg+0x1c8/0x550
[   60.888988][ T4061]  ? ___sys_recvmsg+0x1a0/0x1a0
[   60.894084][ T4061]  ? find_held_lock+0x2d/0x110
[   60.898819][ T4061]  ? lock_downgrade+0x6e0/0x6e0
[   60.903726][ T4061]  __x64_sys_recvmmsg+0x19a/0x200
[   60.908807][ T4061]  ? __do_sys_socketcall+0x450/0x450
[   60.914072][ T4061]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   60.920115][ T4061]  ? syscall_enter_from_user_mode+0x21/0x70
[   60.925974][ T4061]  do_syscall_64+0x35/0xb0
[   60.930364][ T4061]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   60.936230][ T4061] RIP: 0033:0x7fe9ff7c4f29
[   60.940615][ T4061] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.960283][ T4061] RSP: 002b:00007fff39bb44f8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   60.968666][ T4061] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe9ff7c4f29
[   60.976606][ T4061] RDX: 0000000000000001 RSI: 0000000020002900 RDI: 0000000000000003
[   60.984654][ T4061] RBP: 00007fe9ff7890d0 R08: 0000000000000000 R09: 0000000000000000
[   60.992593][ T4061] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9ff789160
[   61.000538][ T4061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   61.008676][ T4061]  </TASK>
[   61.011925][ T4061] Kernel Offset: disabled
[   61.016331][ T4061] Rebooting in 86400 seconds..