[   39.203619][   T44] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.219313][   T44] device veth1_macvtap left promiscuous mode
[   39.225760][   T44] device veth0_macvtap left promiscuous mode
[   39.231853][   T44] device veth1_vlan left promiscuous mode
[   39.240191][   T44] device veth0_vlan left promiscuous mode
[   39.369653][   T44] team0 (unregistering): Port device team_slave_1 removed
[   39.381817][   T44] team0 (unregistering): Port device team_slave_0 removed
[   39.394483][   T44] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   39.406906][   T44] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   39.443131][   T44] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts.
[   56.997126][ T4125] ==================================================================
[   57.005416][ T4125] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x5c/0xc0
[   57.012682][ T4125] Read of size 42 at addr ffff888140dd8d00 by task syz-executor158/4125
[   57.020980][ T4125] 
[   57.023286][ T4125] CPU: 1 PID: 4125 Comm: syz-executor158 Not tainted 5.17.0-rc8-syzkaller #0
[   57.032016][ T4125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.042048][ T4125] Call Trace:
[   57.045307][ T4125]  <TASK>
[   57.048220][ T4125]  dump_stack_lvl+0x57/0x7d
[   57.052703][ T4125]  print_address_description.constprop.0.cold+0x8d/0x336
[   57.059699][ T4125]  ? _copy_to_user+0x5c/0xc0
[   57.064266][ T4125]  ? _copy_to_user+0x5c/0xc0
[   57.068833][ T4125]  kasan_report.cold+0x83/0xdf
[   57.073572][ T4125]  ? _copy_to_user+0x5c/0xc0
[   57.078131][ T4125]  kasan_check_range+0x13d/0x180
[   57.083034][ T4125]  _copy_to_user+0x5c/0xc0
[   57.087502][ T4125]  __htab_map_lookup_and_delete_batch+0xb71/0x1410
[   57.093990][ T4125]  ? __fget_files+0x1bf/0x3c0
[   57.098643][ T4125]  ? htab_of_map_alloc+0xb0/0xb0
[   57.103550][ T4125]  bpf_map_do_batch+0x1f5/0x420
[   57.108370][ T4125]  __sys_bpf+0x161f/0x4400
[   57.112754][ T4125]  ? bpf_link_get_from_fd+0xe0/0xe0
[   57.117916][ T4125]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   57.123865][ T4125]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   57.129900][ T4125]  ? find_held_lock+0x2d/0x110
[   57.134643][ T4125]  __x64_sys_bpf+0x70/0xb0
[   57.139025][ T4125]  ? syscall_enter_from_user_mode+0x21/0x70
[   57.144884][ T4125]  do_syscall_64+0x35/0xb0
[   57.149268][ T4125]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   57.155127][ T4125] RIP: 0033:0x7f1c6b3bcb79
[   57.159509][ T4125] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   57.179082][ T4125] RSP: 002b:00007f1c6b34d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   57.187457][ T4125] RAX: ffffffffffffffda RBX: 00007f1c6b4453f0 RCX: 00007f1c6b3bcb79
[   57.195396][ T4125] RDX: 0000000000000038 RSI: 0000000020000080 RDI: 0000000000000019
[   57.203527][ T4125] RBP: 00007f1c6b4128e0 R08: 00007f1c6b34d700 R09: 0000000000000000
[   57.211482][ T4125] R10: 00007f1c6b34d700 R11: 0000000000000246 R12: 00000000200031c0
[   57.219436][ T4125] R13: 00007f1c6b412068 R14: 00000000200021c0 R15: 00007f1c6b4453f8
[   57.227390][ T4125]  </TASK>
[   57.230378][ T4125] 
[   57.232674][ T4125] Allocated by task 4125:
[   57.236966][ T4125]  kasan_save_stack+0x1e/0x40
[   57.241786][ T4125]  __kasan_kmalloc+0xa9/0xd0
[   57.246338][ T4125]  __htab_map_lookup_and_delete_batch+0x479/0x1410
[   57.252890][ T4125]  bpf_map_do_batch+0x1f5/0x420
[   57.257712][ T4125]  __sys_bpf+0x161f/0x4400
[   57.262090][ T4125]  __x64_sys_bpf+0x70/0xb0
[   57.266487][ T4125]  do_syscall_64+0x35/0xb0
[   57.270867][ T4125]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   57.276741][ T4125] 
[   57.279038][ T4125] The buggy address belongs to the object at ffff888140dd8d00
[   57.279038][ T4125]  which belongs to the cache kmalloc-64 of size 64
[   57.292899][ T4125] The buggy address is located 0 bytes inside of
[   57.292899][ T4125]  64-byte region [ffff888140dd8d00, ffff888140dd8d40)
[   57.305896][ T4125] The buggy address belongs to the page:
[   57.311497][ T4125] page:ffffea0005037600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x140dd8
[   57.321695][ T4125] flags: 0x57ff00000000200(slab|node=1|zone=2|lastcpupid=0x7ff)
[   57.329292][ T4125] raw: 057ff00000000200 ffffea00005c5e40 dead000000000004 ffff88800fc41640
[   57.337942][ T4125] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[   57.346488][ T4125] page dumped because: kasan: bad access detected
[   57.352881][ T4125] page_owner tracks the page as allocated
[   57.358560][ T4125] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2454578284, free_ts 0
[   57.373379][ T4125]  get_page_from_freelist+0xa6f/0x2f10
[   57.378806][ T4125]  __alloc_pages+0x1b2/0x500
[   57.383371][ T4125]  alloc_page_interleave+0xf/0x1c0
[   57.388452][ T4125]  allocate_slab+0x27f/0x3c0
[   57.393008][ T4125]  ___slab_alloc+0xbe3/0x12a0
[   57.397645][ T4125]  __slab_alloc.constprop.0+0x4d/0xa0
[   57.402982][ T4125]  __kmalloc+0x372/0x450
[   57.407186][ T4125]  kobj_map+0x6b/0x640
[   57.411220][ T4125]  cdev_add+0x82/0x110
[   57.415255][ T4125]  tty_cdev_add+0x175/0x290
[   57.419725][ T4125]  tty_register_device_attr+0x3e8/0x6d0
[   57.425232][ T4125]  tty_register_driver+0x37a/0x6e0
[   57.430303][ T4125]  vty_init+0x2e1/0x306
[   57.434764][ T4125]  tty_init+0x11a/0x11d
[   57.438915][ T4125]  do_one_initcall+0xbe/0x440
[   57.443565][ T4125]  kernel_init_freeable+0x5ab/0x605
[   57.448729][ T4125] page_owner free stack trace missing
[   57.454063][ T4125] 
[   57.456355][ T4125] Memory state around the buggy address:
[   57.461947][ T4125]  ffff888140dd8c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   57.469990][ T4125]  ffff888140dd8c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   57.478015][ T4125] >ffff888140dd8d00: 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc fc
[   57.486039][ T4125]                                ^
[   57.491113][ T4125]  ffff888140dd8d80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   57.499137][ T4125]  ffff888140dd8e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   57.507163][ T4125] ==================================================================
[   57.515188][ T4125] Disabling lock debugging due to kernel taint
[   58.997593][ T4125] Kernel panic - not syncing: panic_on_warn set ...
[   59.004264][ T4125] CPU: 0 PID: 4125 Comm: syz-executor158 Tainted: G    B             5.17.0-rc8-syzkaller #0
[   59.014380][ T4125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.024405][ T4125] Call Trace:
[   59.027657][ T4125]  <TASK>
[   59.030563][ T4125]  dump_stack_lvl+0x57/0x7d
[   59.035046][ T4125]  panic+0x214/0x49f
[   59.039002][ T4125]  ? __warn_printk+0xee/0xee
[   59.043560][ T4125]  ? preempt_schedule_common+0x59/0xc0
[   59.048990][ T4125]  ? _copy_to_user+0x5c/0xc0
[   59.053550][ T4125]  ? preempt_schedule_thunk+0x16/0x18
[   59.058896][ T4125]  ? _copy_to_user+0x5c/0xc0
[   59.063455][ T4125]  ? _copy_to_user+0x5c/0xc0
[   59.068016][ T4125]  end_report.cold+0x63/0x6f
[   59.072576][ T4125]  kasan_report.cold+0x71/0xdf
[   59.077306][ T4125]  ? _copy_to_user+0x5c/0xc0
[   59.081857][ T4125]  kasan_check_range+0x13d/0x180
[   59.086756][ T4125]  _copy_to_user+0x5c/0xc0
[   59.091133][ T4125]  __htab_map_lookup_and_delete_batch+0xb71/0x1410
[   59.097599][ T4125]  ? __fget_files+0x1bf/0x3c0
[   59.102243][ T4125]  ? htab_of_map_alloc+0xb0/0xb0
[   59.107144][ T4125]  bpf_map_do_batch+0x1f5/0x420
[   59.111957][ T4125]  __sys_bpf+0x161f/0x4400
[   59.116335][ T4125]  ? bpf_link_get_from_fd+0xe0/0xe0
[   59.121494][ T4125]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   59.127436][ T4125]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   59.133377][ T4125]  ? find_held_lock+0x2d/0x110
[   59.138107][ T4125]  __x64_sys_bpf+0x70/0xb0
[   59.142485][ T4125]  ? syscall_enter_from_user_mode+0x21/0x70
[   59.148342][ T4125]  do_syscall_64+0x35/0xb0
[   59.152723][ T4125]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   59.158598][ T4125] RIP: 0033:0x7f1c6b3bcb79
[   59.162977][ T4125] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.182547][ T4125] RSP: 002b:00007f1c6b34d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   59.190920][ T4125] RAX: ffffffffffffffda RBX: 00007f1c6b4453f0 RCX: 00007f1c6b3bcb79
[   59.198859][ T4125] RDX: 0000000000000038 RSI: 0000000020000080 RDI: 0000000000000019
[   59.206796][ T4125] RBP: 00007f1c6b4128e0 R08: 00007f1c6b34d700 R09: 0000000000000000
[   59.214733][ T4125] R10: 00007f1c6b34d700 R11: 0000000000000246 R12: 00000000200031c0
[   59.222668][ T4125] R13: 00007f1c6b412068 R14: 00000000200021c0 R15: 00007f1c6b4453f8
[   59.230740][ T4125]  </TASK>
[   59.234449][ T4125] Kernel Offset: disabled
[   59.238828][ T4125] Rebooting in 86400 seconds..