Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts. 2021/09/09 10:55:55 parsed 1 programs 2021/09/09 10:55:55 executed programs: 0 syzkaller login: [ 1424.936304][ T6553] chnl_net:caif_netlink_parms(): no params data found [ 1424.995471][ T6553] bridge0: port 1(bridge_slave_0) entered blocking state [ 1425.003130][ T6553] bridge0: port 1(bridge_slave_0) entered disabled state [ 1425.012067][ T6553] device bridge_slave_0 entered promiscuous mode [ 1425.020877][ T6553] bridge0: port 2(bridge_slave_1) entered blocking state [ 1425.028081][ T6553] bridge0: port 2(bridge_slave_1) entered disabled state [ 1425.037397][ T6553] device bridge_slave_1 entered promiscuous mode [ 1425.066040][ T6553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1425.077325][ T6553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1425.107772][ T6553] team0: Port device team_slave_0 added [ 1425.114969][ T6553] team0: Port device team_slave_1 added [ 1425.140203][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1425.147138][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1425.173131][ T6553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1425.187364][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1425.194452][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1425.220864][ T6553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1425.255334][ T6553] device hsr_slave_0 entered promiscuous mode [ 1425.262018][ T6553] device hsr_slave_1 entered promiscuous mode [ 1425.367979][ T6553] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1425.378456][ T6553] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1425.388228][ T6553] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1425.398040][ T6553] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1425.418420][ T6553] bridge0: port 2(bridge_slave_1) entered blocking state [ 1425.425529][ T6553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1425.433003][ T6553] bridge0: port 1(bridge_slave_0) entered blocking state [ 1425.440096][ T6553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1425.479270][ T6553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1425.493092][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1425.503540][ T6718] bridge0: port 1(bridge_slave_0) entered disabled state [ 1425.512595][ T6718] bridge0: port 2(bridge_slave_1) entered disabled state [ 1425.521740][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1425.533662][ T6553] 8021q: adding VLAN 0 to HW filter on device team0 [ 1425.543995][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1425.553385][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 1425.560450][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1425.573068][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1425.581373][ T6718] bridge0: port 2(bridge_slave_1) entered blocking state [ 1425.588385][ T6718] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1425.611977][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1425.620723][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1425.628906][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1425.637340][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1425.646046][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1425.656309][ T6553] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1425.672261][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1425.680581][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1425.692551][ T6553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1425.708881][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1425.728095][ T6553] device veth0_vlan entered promiscuous mode [ 1425.735472][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1425.744940][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1425.752952][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1425.764939][ T6553] device veth1_vlan entered promiscuous mode [ 1425.782822][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1425.791371][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1425.799881][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1425.810431][ T6553] device veth0_macvtap entered promiscuous mode [ 1425.820226][ T6553] device veth1_macvtap entered promiscuous mode [ 1425.835944][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1425.843821][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1425.852844][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1425.863703][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1425.872520][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1425.883022][ T6553] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1425.892790][ T6553] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1425.901896][ T6553] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1425.913644][ T6553] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1425.988580][ T1123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1425.996794][ T1123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1426.024897][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1426.039103][ T1123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1426.049033][ T1123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1426.058583][ T6528] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1426.800436][ T37] Bluetooth: hci0: command 0x0409 tx timeout [ 1428.319736][ T1123] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1430.855310][ T1123] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.555037][ T1123] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.903703][ T1123] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1433.570135][ T7084] chnl_net:caif_netlink_parms(): no params data found [ 1433.903357][ T7084] bridge0: port 1(bridge_slave_0) entered blocking state [ 1433.910498][ T7084] bridge0: port 1(bridge_slave_0) entered disabled state [ 1433.918077][ T7084] device bridge_slave_0 entered promiscuous mode [ 1433.927448][ T7084] bridge0: port 2(bridge_slave_1) entered blocking state [ 1433.935673][ T7084] bridge0: port 2(bridge_slave_1) entered disabled state [ 1433.944001][ T7084] device bridge_slave_1 entered promiscuous mode [ 1434.236866][ T7084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1434.249445][ T7084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1434.319819][ T6528] Bluetooth: hci0: command 0x0409 tx timeout [ 1434.560053][ T7084] team0: Port device team_slave_0 added [ 1434.568882][ T7084] team0: Port device team_slave_1 added [ 1434.863971][ T7084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1434.871010][ T7084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1434.897171][ T7084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1435.178958][ T7084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1435.186053][ T7084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1435.212541][ T7084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1435.522882][ T7084] device hsr_slave_0 entered promiscuous mode [ 1435.530116][ T7084] device hsr_slave_1 entered promiscuous mode [ 1435.536511][ T7084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1435.544588][ T7084] Cannot create hsr debugfs directory [ 1436.234633][ T7084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1436.246128][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1436.254577][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1436.273576][ T7084] 8021q: adding VLAN 0 to HW filter on device team0 [ 1436.289746][ T1123] device hsr_slave_0 left promiscuous mode [ 1436.296107][ T1123] device hsr_slave_1 left promiscuous mode [ 1436.302398][ T1123] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1436.310669][ T1123] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1436.321395][ T1123] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1436.328893][ T1123] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1436.337141][ T1123] device bridge_slave_1 left promiscuous mode [ 1436.344358][ T1123] bridge0: port 2(bridge_slave_1) entered disabled state [ 1436.356832][ T1123] device bridge_slave_0 left promiscuous mode [ 1436.364132][ T1123] bridge0: port 1(bridge_slave_0) entered disabled state [ 1436.379051][ T1123] device veth1_macvtap left promiscuous mode [ 1436.385151][ T1123] device veth0_macvtap left promiscuous mode [ 1436.392644][ T1123] device veth1_vlan left promiscuous mode [ 1436.398655][ T6220] Bluetooth: hci0: command 0x041b tx timeout [ 1436.399612][ T1123] device veth0_vlan left promiscuous mode [ 1438.478331][ T6886] Bluetooth: hci0: command 0x040f tx timeout [ 1440.558213][ T6886] Bluetooth: hci0: command 0x0419 tx timeout [ 1449.584581][ T1123] team0 (unregistering): Port device team_slave_1 removed [ 1449.598733][ T1123] team0 (unregistering): Port device team_slave_0 removed [ 1449.613410][ T1123] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1449.625691][ T1123] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1449.671235][ T1123] bond0 (unregistering): Released all slaves [ 1449.760339][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1449.768979][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1449.777192][ T6220] bridge0: port 1(bridge_slave_0) entered blocking state [ 1449.784271][ T6220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1449.792521][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1449.801041][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1449.809668][ T6220] bridge0: port 2(bridge_slave_1) entered blocking state [ 1449.816702][ T6220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1449.824280][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1449.832766][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1449.841431][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1449.850352][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1449.858806][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1449.867173][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1449.875540][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1449.883820][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1449.892135][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1449.899968][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1449.913620][ T7084] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1449.926083][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1449.936273][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1449.944592][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1449.970111][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1449.978100][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1449.990077][ T7084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1450.140827][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1450.149639][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1450.167017][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1450.175062][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1450.184819][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1450.192597][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1450.207077][ T7084] device veth0_vlan entered promiscuous mode [ 1450.221149][ T7084] device veth1_vlan entered promiscuous mode [ 1450.247161][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1450.258788][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1450.266764][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1450.276857][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1450.288169][ T7084] device veth0_macvtap entered promiscuous mode [ 1450.301632][ T7084] device veth1_macvtap entered promiscuous mode [ 1450.319935][ T7084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1450.327216][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1450.338172][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1450.345981][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1450.354543][ T6220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1450.365769][ T7084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1450.375911][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1450.385752][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1450.471039][ T6484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1450.489700][ T6484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1450.521065][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1450.544940][ T6908] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1450.557524][ T6908] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1450.566294][ T6718] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/09/09 10:56:22 executed programs: 42 2021/09/09 10:56:27 executed programs: 185 [ 1461.494826][ T8422] chnl_net:caif_netlink_parms(): no params data found [ 1461.819188][ T8422] bridge0: port 1(bridge_slave_0) entered blocking state [ 1461.826310][ T8422] bridge0: port 1(bridge_slave_0) entered disabled state [ 1461.835052][ T8422] device bridge_slave_0 entered promiscuous mode [ 1462.112004][ T8422] bridge0: port 2(bridge_slave_1) entered blocking state [ 1462.119122][ T8422] bridge0: port 2(bridge_slave_1) entered disabled state [ 1462.127412][ T8422] device bridge_slave_1 entered promiscuous mode [ 1462.433064][ T8422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1462.443989][ T8422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1462.479202][ T8422] team0: Port device team_slave_0 added [ 1462.495842][ T8422] team0: Port device team_slave_1 added [ 1462.795353][ T8422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1462.803078][ T8422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1462.829388][ T8422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1462.850172][ T8422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1462.857202][ T8422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1462.884712][ T8422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1462.902029][ T7082] device hsr_slave_0 left promiscuous mode [ 1462.908464][ T7082] device hsr_slave_1 left promiscuous mode [ 1462.914595][ T7082] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1462.922065][ T7082] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1462.931711][ T7082] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1462.939454][ T7082] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1462.949207][ T7082] device bridge_slave_1 left promiscuous mode [ 1462.955385][ T7082] bridge0: port 2(bridge_slave_1) entered disabled state [ 1462.964146][ T7082] device bridge_slave_0 left promiscuous mode [ 1462.971903][ T7082] bridge0: port 1(bridge_slave_0) entered disabled state [ 1462.982763][ T7082] device veth1_macvtap left promiscuous mode [ 1462.990174][ T7082] device veth0_macvtap left promiscuous mode [ 1462.996252][ T7082] device veth1_vlan left promiscuous mode [ 1463.002185][ T7082] device veth0_vlan left promiscuous mode [ 1463.116581][ T37] Bluetooth: hci0: command 0x0409 tx timeout [ 1465.196457][ T6887] Bluetooth: hci0: command 0x041b tx timeout [ 1467.286222][ T6887] Bluetooth: hci0: command 0x040f tx timeout [ 1469.366127][ T6887] Bluetooth: hci0: command 0x0419 tx timeout [ 1476.154517][ T22] ================================================================== [ 1476.162671][ T22] BUG: KASAN: use-after-free in __d_alloc+0x1a2/0x700 [ 1476.169485][ T22] Read of size 5 at addr ffff88801dd31120 by task kdevtmpfs/22 [ 1476.177006][ T22] [ 1476.179310][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 1476.187000][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1476.197027][ T22] Call Trace: [ 1476.200284][ T22] dump_stack_lvl+0x1dc/0x2d8 [ 1476.204975][ T22] ? show_regs_print_info+0x12/0x12 [ 1476.210146][ T22] ? _printk+0xcf/0x118 [ 1476.214300][ T22] ? wake_up_klogd+0xb2/0xf0 [ 1476.218866][ T22] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 1476.224556][ T22] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 1476.230029][ T22] print_address_description+0x66/0x3e0 [ 1476.235570][ T22] ? __d_alloc+0x1a2/0x700 [ 1476.239960][ T22] kasan_report+0x19a/0x1f0 [ 1476.244438][ T22] ? __d_alloc+0x1a2/0x700 [ 1476.248833][ T22] kasan_check_range+0x2b5/0x2f0 [ 1476.253742][ T22] ? __d_alloc+0x1a2/0x700 [ 1476.258134][ T22] memcpy+0x25/0x60 [ 1476.261920][ T22] __d_alloc+0x1a2/0x700 [ 1476.266144][ T22] d_alloc+0x48/0x1d0 [ 1476.270103][ T22] __lookup_hash+0xc8/0x240 [ 1476.274581][ T22] kern_path_locked+0x2f2/0x490 [ 1476.279409][ T22] ? __filename_lookup+0x640/0x640 [ 1476.284492][ T22] ? do_raw_spin_unlock+0x134/0x8a0 [ 1476.289700][ T22] devtmpfs_work_loop+0x264/0x1080 [ 1476.294822][ T22] ? public_dev_mount+0xa0/0xa0 [ 1476.299646][ T22] ? rcu_read_lock_sched_held+0x89/0x130 [ 1476.305275][ T22] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 1476.311250][ T22] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 1476.317122][ T22] ? _raw_spin_unlock+0x40/0x40 [ 1476.321949][ T22] ? swake_up_locked+0x76/0x130 [ 1476.326813][ T22] ? complete+0x54/0xa0 [ 1476.330943][ T22] devtmpfsd+0x44/0x50 [ 1476.335010][ T22] kthread+0x453/0x480 [ 1476.339069][ T22] ? dmar_validate_one_drhd+0x2f0/0x2f0 [ 1476.344589][ T22] ? kthread_blkcg+0xd0/0xd0 [ 1476.349155][ T22] ret_from_fork+0x1f/0x30 [ 1476.353565][ T22] [ 1476.355865][ T22] Allocated by task 22: [ 1476.359990][ T22] __kasan_slab_alloc+0xb2/0xe0 [ 1476.364812][ T22] kmem_cache_alloc+0x1c3/0x300 [ 1476.369659][ T22] getname_kernel+0x55/0x2d0 [ 1476.374239][ T22] kern_path_locked+0xbb/0x490 [ 1476.378974][ T22] devtmpfs_work_loop+0x264/0x1080 [ 1476.384057][ T22] devtmpfsd+0x44/0x50 [ 1476.388100][ T22] kthread+0x453/0x480 [ 1476.392140][ T22] ret_from_fork+0x1f/0x30 [ 1476.396529][ T22] [ 1476.398828][ T22] Freed by task 22: [ 1476.402602][ T22] kasan_set_track+0x4c/0x80 [ 1476.407165][ T22] kasan_set_free_info+0x1f/0x40 [ 1476.412075][ T22] ____kasan_slab_free+0x10d/0x150 [ 1476.417159][ T22] slab_free_freelist_hook+0x129/0x1a0 [ 1476.422589][ T22] kmem_cache_free+0x85/0x180 [ 1476.427237][ T22] kern_path_locked+0x226/0x490 [ 1476.432062][ T22] devtmpfs_work_loop+0x264/0x1080 [ 1476.437149][ T22] devtmpfsd+0x44/0x50 [ 1476.441191][ T22] kthread+0x453/0x480 [ 1476.445234][ T22] ret_from_fork+0x1f/0x30 [ 1476.449624][ T22] [ 1476.451921][ T22] The buggy address belongs to the object at ffff88801dd31100 [ 1476.451921][ T22] which belongs to the cache names_cache of size 4096 [ 1476.466032][ T22] The buggy address is located 32 bytes inside of [ 1476.466032][ T22] 4096-byte region [ffff88801dd31100, ffff88801dd32100) [ 1476.479277][ T22] The buggy address belongs to the page: [ 1476.484876][ T22] page:ffffea0000774c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dd30 [ 1476.494993][ T22] head:ffffea0000774c00 order:3 compound_mapcount:0 compound_pincount:0 [ 1476.503285][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1476.511241][ T22] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888140007500 [ 1476.519793][ T22] raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000 [ 1476.528345][ T22] page dumped because: kasan: bad access detected [ 1476.534725][ T22] page_owner tracks the page as allocated [ 1476.540411][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4564, ts 27823599923, free_ts 22026471457 [ 1476.559474][ T22] get_page_from_freelist+0x779/0xa30 [ 1476.564860][ T22] __alloc_pages+0x255/0x580 [ 1476.569422][ T22] allocate_slab+0xcc/0x4d0 [ 1476.573898][ T22] ___slab_alloc+0x41e/0xc40 [ 1476.578460][ T22] kmem_cache_alloc+0x274/0x300 [ 1476.583283][ T22] getname_flags+0xba/0x650 [ 1476.587758][ T22] user_path_at_empty+0x2a/0x1b0 [ 1476.592666][ T22] vfs_statx+0x10a/0x3f0 [ 1476.596881][ T22] __se_sys_newstat+0xba/0x750 [ 1476.601616][ T22] do_syscall_64+0x44/0xd0 [ 1476.606005][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1476.611907][ T22] page last free stack trace: [ 1476.616551][ T22] free_pcp_prepare+0xc29/0xd20 [ 1476.621374][ T22] free_unref_page+0x7d/0x580 [ 1476.626055][ T22] __unfreeze_partials+0x1ab/0x200 [ 1476.631144][ T22] put_cpu_partial+0x132/0x1a0 [ 1476.635881][ T22] ___cache_free+0xe6/0x120 [ 1476.640356][ T22] kasan_quarantine_reduce+0x151/0x1c0 [ 1476.645787][ T22] __kasan_slab_alloc+0x2f/0xe0 [ 1476.650614][ T22] __kmalloc+0x1e7/0x370 [ 1476.654827][ T22] tomoyo_realpath_from_path+0xd8/0x610 [ 1476.660384][ T22] tomoyo_path_perm+0x238/0x660 [ 1476.665205][ T22] security_inode_getattr+0xc0/0x140 [ 1476.670481][ T22] vfs_statx+0x168/0x3f0 [ 1476.674696][ T22] __se_sys_newlstat+0xba/0x750 [ 1476.679518][ T22] do_syscall_64+0x44/0xd0 [ 1476.683908][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1476.689775][ T22] [ 1476.692103][ T22] Memory state around the buggy address: [ 1476.697708][ T22] ffff88801dd31000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1476.705740][ T22] ffff88801dd31080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1476.713775][ T22] >ffff88801dd31100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1476.721803][ T22] ^ [ 1476.726899][ T22] ffff88801dd31180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1476.734930][ T22] ffff88801dd31200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1476.742975][ T22] ================================================================== [ 1476.751002][ T22] Disabling lock debugging due to kernel taint [ 1476.759239][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 1476.765824][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 1476.774909][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1476.784956][ T22] Call Trace: [ 1476.788221][ T22] dump_stack_lvl+0x1dc/0x2d8 [ 1476.792881][ T22] ? show_regs_print_info+0x12/0x12 [ 1476.798055][ T22] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 1476.803753][ T22] ? preempt_schedule+0x16b/0x190 [ 1476.808757][ T22] ? schedule_preempt_disabled+0x20/0x20 [ 1476.814371][ T22] panic+0x2d6/0x810 [ 1476.818304][ T22] ? trace_hardirqs_on+0x30/0x80 [ 1476.823262][ T22] ? nmi_panic+0x90/0x90 [ 1476.827487][ T22] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 1476.833447][ T22] ? print_memory_metadata+0xe0/0x140 [ 1476.838801][ T22] ? __d_alloc+0x1a2/0x700 [ 1476.843200][ T22] end_report+0x83/0x90 [ 1476.847338][ T22] kasan_report+0x1bf/0x1f0 [ 1476.851830][ T22] ? __d_alloc+0x1a2/0x700 [ 1476.856228][ T22] kasan_check_range+0x2b5/0x2f0 [ 1476.861145][ T22] ? __d_alloc+0x1a2/0x700 [ 1476.865539][ T22] memcpy+0x25/0x60 [ 1476.869329][ T22] __d_alloc+0x1a2/0x700 [ 1476.873553][ T22] d_alloc+0x48/0x1d0 [ 1476.877517][ T22] __lookup_hash+0xc8/0x240 [ 1476.881997][ T22] kern_path_locked+0x2f2/0x490 [ 1476.886823][ T22] ? __filename_lookup+0x640/0x640 [ 1476.891916][ T22] ? do_raw_spin_unlock+0x134/0x8a0 [ 1476.897097][ T22] devtmpfs_work_loop+0x264/0x1080 [ 1476.902189][ T22] ? public_dev_mount+0xa0/0xa0 [ 1476.907024][ T22] ? rcu_read_lock_sched_held+0x89/0x130 [ 1476.912638][ T22] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 1476.918605][ T22] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 1476.924477][ T22] ? _raw_spin_unlock+0x40/0x40 [ 1476.929306][ T22] ? swake_up_locked+0x76/0x130 [ 1476.934137][ T22] ? complete+0x54/0xa0 [ 1476.938267][ T22] devtmpfsd+0x44/0x50 [ 1476.942316][ T22] kthread+0x453/0x480 [ 1476.946362][ T22] ? dmar_validate_one_drhd+0x2f0/0x2f0 [ 1476.951884][ T22] ? kthread_blkcg+0xd0/0xd0 [ 1476.956449][ T22] ret_from_fork+0x1f/0x30 [ 1476.961068][ T22] Kernel Offset: disabled [ 1476.965374][ T22] Rebooting in 86400 seconds..