[ 99.010139][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.022542][ T10] device veth1_macvtap left promiscuous mode
[ 99.028658][ T10] device veth0_macvtap left promiscuous mode
[ 99.035030][ T10] device veth1_vlan left promiscuous mode
[ 99.040786][ T10] device veth0_vlan left promiscuous mode
[ 99.127740][ T10] team0 (unregistering): Port device team_slave_1 removed
[ 99.137861][ T10] team0 (unregistering): Port device team_slave_0 removed
[ 99.148149][ T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 99.160060][ T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 99.196106][ T10] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts.
[ 111.880083][ T3953] ==================================================================
[ 111.888264][ T3953] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x5c/0xc0
[ 111.895621][ T3953] Read of size 42 at addr ffff888075280680 by task syz-executor410/3953
[ 111.903927][ T3953]
[ 111.906238][ T3953] CPU: 1 PID: 3953 Comm: syz-executor410 Not tainted 5.17.0-rc4-syzkaller #0
[ 111.914967][ T3953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 111.925110][ T3953] Call Trace:
[ 111.928462][ T3953]
[ 111.931375][ T3953] dump_stack_lvl+0x57/0x7d
[ 111.935860][ T3953] print_address_description.constprop.0.cold+0x8d/0x336
[ 111.942961][ T3953] ? _copy_to_user+0x5c/0xc0
[ 111.947536][ T3953] ? _copy_to_user+0x5c/0xc0
[ 111.952450][ T3953] kasan_report.cold+0x83/0xdf
[ 111.957281][ T3953] ? _copy_to_user+0x5c/0xc0
[ 111.961846][ T3953] kasan_check_range+0x13d/0x180
[ 111.966760][ T3953] _copy_to_user+0x5c/0xc0
[ 111.971238][ T3953] __htab_map_lookup_and_delete_batch+0xb71/0x1460
[ 111.977727][ T3953] ? __fget_files+0x1bf/0x3c0
[ 111.982391][ T3953] ? htab_of_map_alloc+0xb0/0xb0
[ 111.987396][ T3953] bpf_map_do_batch+0x1f5/0x420
[ 111.992313][ T3953] __sys_bpf+0x161f/0x4400
[ 111.996710][ T3953] ? bpf_link_get_from_fd+0xe0/0xe0
[ 112.001880][ T3953] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 112.007837][ T3953] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 112.013799][ T3953] ? find_held_lock+0x2d/0x110
[ 112.018556][ T3953] __x64_sys_bpf+0x70/0xb0
[ 112.022945][ T3953] ? syscall_enter_from_user_mode+0x21/0x70
[ 112.028813][ T3953] do_syscall_64+0x35/0xb0
[ 112.033204][ T3953] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 112.039070][ T3953] RIP: 0033:0x7f38e1430b79
[ 112.043461][ T3953] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.063042][ T3953] RSP: 002b:00007f38e13c12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 112.071429][ T3953] RAX: ffffffffffffffda RBX: 00007f38e14b93f0 RCX: 00007f38e1430b79
[ 112.079376][ T3953] RDX: 0000000000000038 RSI: 0000000020000080 RDI: 0000000000000019
[ 112.087349][ T3953] RBP: 00007f38e14868e0 R08: 00007f38e13c1700 R09: 0000000000000000
[ 112.095299][ T3953] R10: 00007f38e13c1700 R11: 0000000000000246 R12: 00000000200031c0
[ 112.103244][ T3953] R13: 00007f38e1486068 R14: 00000000200021c0 R15: 00007f38e14b93f8
[ 112.111201][ T3953]
[ 112.114209][ T3953]
[ 112.116511][ T3953] Allocated by task 3953:
[ 112.120985][ T3953] kasan_save_stack+0x1e/0x40
[ 112.125638][ T3953] __kasan_kmalloc+0xa9/0xd0
[ 112.130199][ T3953] __htab_map_lookup_and_delete_batch+0x479/0x1460
[ 112.136673][ T3953] bpf_map_do_batch+0x1f5/0x420
[ 112.141498][ T3953] __sys_bpf+0x161f/0x4400
[ 112.145888][ T3953] __x64_sys_bpf+0x70/0xb0
[ 112.150275][ T3953] do_syscall_64+0x35/0xb0
[ 112.154665][ T3953] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 112.160703][ T3953]
[ 112.163011][ T3953] The buggy address belongs to the object at ffff888075280680
[ 112.163011][ T3953] which belongs to the cache kmalloc-64 of size 64
[ 112.176862][ T3953] The buggy address is located 0 bytes inside of
[ 112.176862][ T3953] 64-byte region [ffff888075280680, ffff8880752806c0)
[ 112.189842][ T3953] The buggy address belongs to the page:
[ 112.195535][ T3953] page:ffffea0001d4a000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75280
[ 112.205659][ T3953] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 112.213175][ T3953] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff88800fc41640
[ 112.221731][ T3953] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 112.230284][ T3953] page dumped because: kasan: bad access detected
[ 112.236667][ T3953] page_owner tracks the page as allocated
[ 112.242350][ T3953] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 2968, ts 92475092272, free_ts 92127107028
[ 112.259590][ T3953] get_page_from_freelist+0xa6f/0x2f10
[ 112.265019][ T3953] __alloc_pages+0x1b2/0x500
[ 112.270011][ T3953] allocate_slab+0x27f/0x3c0
[ 112.274572][ T3953] ___slab_alloc+0xbe3/0x12a0
[ 112.279830][ T3953] __slab_alloc.constprop.0+0x4d/0xa0
[ 112.285172][ T3953] __kmalloc+0x372/0x450
[ 112.289388][ T3953] tomoyo_encode2.part.0+0x92/0x310
[ 112.294648][ T3953] tomoyo_realpath_from_path+0x140/0x6a0
[ 112.300251][ T3953] tomoyo_path_perm+0x1fb/0x350
[ 112.305070][ T3953] security_path_truncate+0xab/0x100
[ 112.310326][ T3953] path_openat+0x121b/0x2390
[ 112.314893][ T3953] do_filp_open+0x199/0x3d0
[ 112.319459][ T3953] do_sys_openat2+0x11e/0x400
[ 112.324108][ T3953] __x64_sys_openat+0x11b/0x1d0
[ 112.328932][ T3953] do_syscall_64+0x35/0xb0
[ 112.333322][ T3953] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 112.339185][ T3953] page last free stack trace:
[ 112.343829][ T3953] free_pcp_prepare+0x374/0x870
[ 112.348650][ T3953] free_unref_page+0x19/0x690
[ 112.353299][ T3953] __unfreeze_partials+0x320/0x340
[ 112.358470][ T3953] qlist_free_all+0x6d/0x160
[ 112.363032][ T3953] kasan_quarantine_reduce+0x180/0x200
[ 112.368466][ T3953] __kasan_slab_alloc+0xa2/0xc0
[ 112.373287][ T3953] __kmalloc+0x256/0x450
[ 112.377502][ T3953] tomoyo_get_name+0x1b7/0x3f0
[ 112.382237][ T3953] tomoyo_assign_domain+0x260/0x600
[ 112.387409][ T3953] tomoyo_find_next_domain+0x5f1/0x1c50
[ 112.392926][ T3953] tomoyo_bprm_check_security+0xfb/0x170
[ 112.398536][ T3953] security_bprm_check+0x34/0x70
[ 112.403448][ T3953] bprm_execve+0x5da/0x1520
[ 112.407949][ T3953] kernel_execve+0x2c2/0x3e0
[ 112.412510][ T3953] call_usermodehelper_exec_async+0x2c1/0x500
[ 112.418553][ T3953] ret_from_fork+0x1f/0x30
[ 112.422944][ T3953]
[ 112.425247][ T3953] Memory state around the buggy address:
[ 112.430848][ T3953] ffff888075280580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 112.438886][ T3953] ffff888075280600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 112.446919][ T3953] >ffff888075280680: 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc fc
[ 112.454979][ T3953] ^
[ 112.460063][ T3953] ffff888075280700: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 112.468094][ T3953] ffff888075280780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 112.476124][ T3953] ==================================================================
[ 112.484155][ T3953] Disabling lock debugging due to kernel taint
[ 114.061859][ T3953] Kernel panic - not syncing: panic_on_warn set ...
[ 114.068462][ T3953] CPU: 0 PID: 3953 Comm: syz-executor410 Tainted: G B 5.17.0-rc4-syzkaller #0
[ 114.078582][ T3953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 114.088790][ T3953] Call Trace:
[ 114.092046][ T3953]
[ 114.095306][ T3953] dump_stack_lvl+0x57/0x7d
[ 114.099791][ T3953] panic+0x214/0x49f
[ 114.103659][ T3953] ? __warn_printk+0xee/0xee
[ 114.108226][ T3953] ? preempt_schedule_common+0x59/0xc0
[ 114.113656][ T3953] ? _copy_to_user+0x5c/0xc0
[ 114.118221][ T3953] ? preempt_schedule_thunk+0x16/0x18
[ 114.123563][ T3953] ? _copy_to_user+0x5c/0xc0
[ 114.128906][ T3953] ? _copy_to_user+0x5c/0xc0
[ 114.133466][ T3953] end_report.cold+0x63/0x6f
[ 114.138028][ T3953] kasan_report.cold+0x71/0xdf
[ 114.142762][ T3953] ? _copy_to_user+0x5c/0xc0
[ 114.147321][ T3953] kasan_check_range+0x13d/0x180
[ 114.152232][ T3953] _copy_to_user+0x5c/0xc0
[ 114.156878][ T3953] __htab_map_lookup_and_delete_batch+0xb71/0x1460
[ 114.163350][ T3953] ? __fget_files+0x1bf/0x3c0
[ 114.168002][ T3953] ? htab_of_map_alloc+0xb0/0xb0
[ 114.172911][ T3953] bpf_map_do_batch+0x1f5/0x420
[ 114.177738][ T3953] __sys_bpf+0x161f/0x4400
[ 114.182427][ T3953] ? bpf_link_get_from_fd+0xe0/0xe0
[ 114.187597][ T3953] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 114.193759][ T3953] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 114.199709][ T3953] ? find_held_lock+0x2d/0x110
[ 114.204453][ T3953] __x64_sys_bpf+0x70/0xb0
[ 114.208841][ T3953] ? syscall_enter_from_user_mode+0x21/0x70
[ 114.214706][ T3953] do_syscall_64+0x35/0xb0
[ 114.219112][ T3953] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 114.224987][ T3953] RIP: 0033:0x7f38e1430b79
[ 114.229373][ T3953] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 114.248953][ T3953] RSP: 002b:00007f38e13c12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 114.257361][ T3953] RAX: ffffffffffffffda RBX: 00007f38e14b93f0 RCX: 00007f38e1430b79
[ 114.265304][ T3953] RDX: 0000000000000038 RSI: 0000000020000080 RDI: 0000000000000019
[ 114.273246][ T3953] RBP: 00007f38e14868e0 R08: 00007f38e13c1700 R09: 0000000000000000
[ 114.281187][ T3953] R10: 00007f38e13c1700 R11: 0000000000000246 R12: 00000000200031c0
[ 114.289127][ T3953] R13: 00007f38e1486068 R14: 00000000200021c0 R15: 00007f38e14b93f8
[ 114.297075][ T3953]
[ 114.300736][ T3953] Kernel Offset: disabled
[ 114.305122][ T3953] Rebooting in 86400 seconds..