[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. 2021/09/06 08:59:30 parsed 1 programs 2021/09/06 08:59:31 executed programs: 0 syzkaller login: [ 1064.747091][ T8476] chnl_net:caif_netlink_parms(): no params data found [ 1064.822912][ T8476] bridge0: port 1(bridge_slave_0) entered blocking state [ 1064.830356][ T8476] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.839505][ T8476] device bridge_slave_0 entered promiscuous mode [ 1064.847552][ T8476] bridge0: port 2(bridge_slave_1) entered blocking state [ 1064.854604][ T8476] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.862546][ T8476] device bridge_slave_1 entered promiscuous mode [ 1064.883203][ T8476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1064.893655][ T8476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1064.917300][ T8476] team0: Port device team_slave_0 added [ 1064.924012][ T8476] team0: Port device team_slave_1 added [ 1064.943776][ T8476] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1064.950891][ T8476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1064.976821][ T8476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1064.988765][ T8476] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1064.996030][ T8476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1065.022163][ T8476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1065.049504][ T8476] device hsr_slave_0 entered promiscuous mode [ 1065.058473][ T8476] device hsr_slave_1 entered promiscuous mode [ 1065.132883][ T8476] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1065.141132][ T8476] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1065.150419][ T8476] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1065.160008][ T8476] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1065.176734][ T8476] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.183819][ T8476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1065.191122][ T8476] bridge0: port 1(bridge_slave_0) entered blocking state [ 1065.198272][ T8476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1065.229310][ T8476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1065.240628][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1065.248924][ T8451] bridge0: port 1(bridge_slave_0) entered disabled state [ 1065.257236][ T8451] bridge0: port 2(bridge_slave_1) entered disabled state [ 1065.264857][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1065.275817][ T8476] 8021q: adding VLAN 0 to HW filter on device team0 [ 1065.285626][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1065.294467][ T8640] bridge0: port 1(bridge_slave_0) entered blocking state [ 1065.301556][ T8640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1065.311386][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1065.319704][ T8451] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.326768][ T8451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1065.346643][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1065.355102][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1065.364248][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1065.373729][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1065.385870][ T8476] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1065.397021][ T8476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1065.404623][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1065.423596][ T8476] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1065.431119][ T8808] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1065.438961][ T8808] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1065.454361][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1065.471748][ T8476] device veth0_vlan entered promiscuous mode [ 1065.478235][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1065.487453][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1065.495019][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1065.506437][ T8476] device veth1_vlan entered promiscuous mode [ 1065.517421][ T8808] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1065.525222][ T8808] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1065.541147][ T8476] device veth0_macvtap entered promiscuous mode [ 1065.548682][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1065.557176][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1065.567920][ T8476] device veth1_macvtap entered promiscuous mode [ 1065.581730][ T8476] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1065.589339][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1065.601056][ T8476] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1065.608522][ T8640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1065.619171][ T8476] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.628655][ T8476] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.639563][ T8476] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.650319][ T8476] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.698845][ T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.719419][ T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1065.730780][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1065.744548][ T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.753895][ T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1065.762263][ T8808] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1065.936300][ T8] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.763178][ T8] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.890508][ T8845] chnl_net:caif_netlink_parms(): no params data found [ 1070.962550][ T8] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.974169][ T8845] bridge0: port 1(bridge_slave_0) entered blocking state [ 1070.982290][ T8845] bridge0: port 1(bridge_slave_0) entered disabled state [ 1070.990492][ T8845] device bridge_slave_0 entered promiscuous mode [ 1070.999112][ T8845] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.007351][ T8845] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.015019][ T8845] device bridge_slave_1 entered promiscuous mode [ 1071.049143][ T8] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.070221][ T8845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1071.081994][ T8845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1071.106397][ T8845] team0: Port device team_slave_0 added [ 1071.113356][ T8845] team0: Port device team_slave_1 added [ 1071.135501][ T8845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1071.142890][ T8845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1071.169059][ T8845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1071.182201][ T8845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1071.190000][ T8845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1071.216087][ T8845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1071.286393][ T8845] device hsr_slave_0 entered promiscuous mode [ 1071.293711][ T8845] device hsr_slave_1 entered promiscuous mode [ 1071.301916][ T8845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1071.310145][ T8845] Cannot create hsr debugfs directory [ 1071.730959][ T8845] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.738023][ T8845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1071.745332][ T8845] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.752374][ T8845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.784287][ T8845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1071.799425][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1071.807819][ T8451] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.816038][ T8451] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.823699][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1071.834462][ T8845] 8021q: adding VLAN 0 to HW filter on device team0 [ 1071.844918][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1071.853875][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.860933][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.905127][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1071.913773][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1071.923431][ T8451] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.930538][ T8451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1071.938603][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1071.947333][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1071.955985][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1071.964289][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1071.972702][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1071.981172][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1071.989655][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1071.997932][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1072.006277][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1072.014370][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1072.055700][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1072.064692][ T8845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1072.080018][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1072.088029][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1072.119853][ T8845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1072.205368][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1072.213891][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1072.248569][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1072.257055][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1072.265603][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1072.273109][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1072.303629][ T8845] device veth0_vlan entered promiscuous mode [ 1072.315629][ T8845] device veth1_vlan entered promiscuous mode [ 1072.333639][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1072.342107][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1072.350712][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1072.359797][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1072.371075][ T8845] device veth0_macvtap entered promiscuous mode [ 1072.419991][ T8845] device veth1_macvtap entered promiscuous mode [ 1072.434025][ T8845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1072.444550][ T8845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1072.455047][ T8845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1072.462308][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1072.470817][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1072.478658][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1072.487605][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1072.503953][ T8] device hsr_slave_0 left promiscuous mode [ 1072.510592][ T8] device hsr_slave_1 left promiscuous mode [ 1072.516935][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1072.524312][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1072.532634][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1072.540648][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1072.549524][ T8] device bridge_slave_1 left promiscuous mode [ 1072.556225][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.564158][ T8] device bridge_slave_0 left promiscuous mode [ 1072.571512][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.580854][ T8] device veth1_macvtap left promiscuous mode [ 1072.587454][ T8] device veth0_macvtap left promiscuous mode [ 1072.593476][ T8] device veth1_vlan left promiscuous mode [ 1072.599331][ T8] device veth0_vlan left promiscuous mode [ 1072.845000][ T8808] Bluetooth: hci0: command 0x0409 tx timeout [ 1073.484207][ T8] team0 (unregistering): Port device team_slave_1 removed [ 1073.494138][ T8] team0 (unregistering): Port device team_slave_0 removed [ 1073.504345][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1073.517474][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1073.547393][ T8] bond0 (unregistering): Released all slaves [ 1073.588667][ T8845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1073.602576][ T8808] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1073.611242][ T8808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1073.658246][ T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1073.668416][ T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1073.695935][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1073.707998][ T8842] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1073.718988][ T8842] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1073.727182][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1074.889719][ T8] device hsr_slave_0 left promiscuous mode [ 1074.895986][ T8] device hsr_slave_1 left promiscuous mode [ 1074.902566][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1074.910256][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1074.918071][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1074.926218][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1074.934298][ T8] device bridge_slave_1 left promiscuous mode [ 1074.940471][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 1074.950793][ T8] device bridge_slave_0 left promiscuous mode [ 1074.957791][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 1074.970983][ T8] device veth1_macvtap left promiscuous mode [ 1074.977828][ T8] device veth0_macvtap left promiscuous mode [ 1074.983875][ T8] device veth1_vlan left promiscuous mode [ 1074.990841][ T8] device veth0_vlan left promiscuous mode [ 1075.839606][ T22] ================================================================== [ 1075.847674][ T22] BUG: KASAN: use-after-free in __d_alloc+0x19a/0x950 [ 1075.854551][ T22] Read of size 5 at addr ffff88807bb30020 by task kdevtmpfs/22 [ 1075.862088][ T22] [ 1075.864395][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 1075.872112][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.882168][ T22] Call Trace: [ 1075.885592][ T22] dump_stack_lvl+0xcd/0x134 [ 1075.890239][ T22] print_address_description.constprop.0.cold+0x6c/0x309 [ 1075.897279][ T22] ? __d_alloc+0x19a/0x950 [ 1075.901771][ T22] ? __d_alloc+0x19a/0x950 [ 1075.906168][ T22] kasan_report.cold+0x83/0xdf [ 1075.910933][ T22] ? __d_alloc+0x19a/0x950 [ 1075.915428][ T22] kasan_check_range+0x13d/0x180 [ 1075.920422][ T22] memcpy+0x20/0x60 [ 1075.924260][ T22] __d_alloc+0x19a/0x950 [ 1075.928515][ T22] d_alloc+0x4a/0x230 [ 1075.932496][ T22] __lookup_hash+0xc8/0x180 [ 1075.936993][ T22] kern_path_locked+0x17e/0x320 [ 1075.941861][ T22] ? filename_lookup+0x80/0x80 [ 1075.946620][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1075.952120][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1075.957565][ T22] handle_remove+0xa2/0x5fe [ 1075.962107][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1075.966977][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1075.972608][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1075.978480][ T22] ? trace_hardirqs_on+0x5b/0x1c0 [ 1075.983630][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1075.989427][ T22] ? __switch_to+0x5cc/0x1060 [ 1075.994166][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1075.999731][ T22] ? lock_acquire+0x442/0x510 [ 1076.004411][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1076.009852][ T22] ? lock_release+0x522/0x720 [ 1076.014532][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1076.018910][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1076.023743][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1076.028755][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1076.033742][ T22] devtmpfsd+0x1b9/0x2a3 [ 1076.037980][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1076.043514][ T22] kthread+0x3e5/0x4d0 [ 1076.047736][ T22] ? set_kthread_struct+0x130/0x130 [ 1076.053053][ T22] ret_from_fork+0x1f/0x30 [ 1076.057473][ T22] [ 1076.060140][ T22] Allocated by task 22: [ 1076.064318][ T22] kasan_save_stack+0x1b/0x40 [ 1076.069168][ T22] __kasan_slab_alloc+0x83/0xb0 [ 1076.074045][ T22] kmem_cache_alloc+0x285/0x4a0 [ 1076.078878][ T22] getname_kernel+0x4e/0x370 [ 1076.083450][ T22] kern_path_locked+0x71/0x320 [ 1076.088194][ T22] handle_remove+0xa2/0x5fe [ 1076.092684][ T22] devtmpfsd+0x1b9/0x2a3 [ 1076.096906][ T22] kthread+0x3e5/0x4d0 [ 1076.100957][ T22] ret_from_fork+0x1f/0x30 [ 1076.105354][ T22] [ 1076.107662][ T22] Freed by task 22: [ 1076.111455][ T22] kasan_save_stack+0x1b/0x40 [ 1076.116126][ T22] kasan_set_track+0x1c/0x30 [ 1076.120880][ T22] kasan_set_free_info+0x20/0x30 [ 1076.125823][ T22] __kasan_slab_free+0xff/0x130 [ 1076.130672][ T22] slab_free_freelist_hook+0xe3/0x250 [ 1076.136046][ T22] kmem_cache_free+0x8a/0x5b0 [ 1076.140807][ T22] putname.part.0+0xe1/0x120 [ 1076.145472][ T22] kern_path_locked+0xc2/0x320 [ 1076.150220][ T22] handle_remove+0xa2/0x5fe [ 1076.154706][ T22] devtmpfsd+0x1b9/0x2a3 [ 1076.159035][ T22] kthread+0x3e5/0x4d0 [ 1076.163085][ T22] ret_from_fork+0x1f/0x30 [ 1076.167500][ T22] [ 1076.169802][ T22] The buggy address belongs to the object at ffff88807bb30000 [ 1076.169802][ T22] which belongs to the cache names_cache of size 4096 [ 1076.184021][ T22] The buggy address is located 32 bytes inside of [ 1076.184021][ T22] 4096-byte region [ffff88807bb30000, ffff88807bb31000) [ 1076.197274][ T22] The buggy address belongs to the page: [ 1076.202882][ T22] page:ffffea0001eecc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bb30 [ 1076.213013][ T22] head:ffffea0001eecc00 order:3 compound_mapcount:0 compound_pincount:0 [ 1076.221499][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1076.229568][ T22] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010dc63c0 [ 1076.238133][ T22] raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000 [ 1076.246697][ T22] page dumped because: kasan: bad access detected [ 1076.253092][ T22] page_owner tracks the page as allocated [ 1076.258778][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5635, ts 31070057882, free_ts 31044849010 [ 1076.277856][ T22] get_page_from_freelist+0xa72/0x2f80 [ 1076.283325][ T22] __alloc_pages+0x1b2/0x500 [ 1076.287895][ T22] alloc_pages+0x1a7/0x300 [ 1076.292333][ T22] allocate_slab+0x32e/0x4b0 [ 1076.296920][ T22] ___slab_alloc+0x473/0x7b0 [ 1076.301577][ T22] __slab_alloc.constprop.0+0xa7/0xf0 [ 1076.306929][ T22] kmem_cache_alloc+0x3e1/0x4a0 [ 1076.311759][ T22] getname_flags.part.0+0x50/0x4f0 [ 1076.316852][ T22] getname+0x8e/0xd0 [ 1076.320725][ T22] do_sys_openat2+0xf5/0x4d0 [ 1076.325342][ T22] __x64_sys_open+0x119/0x1c0 [ 1076.329994][ T22] do_syscall_64+0x35/0xb0 [ 1076.334433][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1076.340346][ T22] page last free stack trace: [ 1076.344990][ T22] free_pcp_prepare+0x2c5/0x780 [ 1076.349821][ T22] free_unref_page+0x19/0x690 [ 1076.354504][ T22] unfreeze_partials+0x16c/0x1b0 [ 1076.359452][ T22] put_cpu_partial+0x13d/0x230 [ 1076.364205][ T22] qlist_free_all+0x5a/0xc0 [ 1076.368696][ T22] kasan_quarantine_reduce+0x180/0x200 [ 1076.374135][ T22] __kasan_slab_alloc+0x95/0xb0 [ 1076.378971][ T22] kmem_cache_alloc+0x285/0x4a0 [ 1076.383804][ T22] getname_flags.part.0+0x50/0x4f0 [ 1076.388900][ T22] getname+0x8e/0xd0 [ 1076.392780][ T22] do_sys_openat2+0xf5/0x4d0 [ 1076.397356][ T22] __x64_sys_open+0x119/0x1c0 [ 1076.402051][ T22] do_syscall_64+0x35/0xb0 [ 1076.406456][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1076.412334][ T22] [ 1076.414641][ T22] Memory state around the buggy address: [ 1076.420273][ T22] ffff88807bb2ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1076.428317][ T22] ffff88807bb2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1076.436358][ T22] >ffff88807bb30000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1076.444403][ T22] ^ [ 1076.449488][ T22] ffff88807bb30080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1076.459262][ T22] ffff88807bb30100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1076.467304][ T22] ================================================================== [ 1076.478667][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 1076.485262][ T22] CPU: 0 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 1076.494548][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1076.504604][ T22] Call Trace: [ 1076.507884][ T22] dump_stack_lvl+0xcd/0x134 [ 1076.512486][ T22] panic+0x2b0/0x6dd [ 1076.516404][ T22] ? __warn_printk+0xf3/0xf3 [ 1076.521002][ T22] ? preempt_schedule_common+0x59/0xc0 [ 1076.526475][ T22] ? __d_alloc+0x19a/0x950 [ 1076.530908][ T22] ? preempt_schedule_thunk+0x16/0x18 [ 1076.536290][ T22] ? trace_hardirqs_on+0x38/0x1c0 [ 1076.541339][ T22] ? trace_hardirqs_on+0x51/0x1c0 [ 1076.546372][ T22] ? __d_alloc+0x19a/0x950 [ 1076.550794][ T22] ? __d_alloc+0x19a/0x950 [ 1076.555230][ T22] end_report.cold+0x63/0x6f [ 1076.560003][ T22] kasan_report.cold+0x71/0xdf [ 1076.564774][ T22] ? __d_alloc+0x19a/0x950 [ 1076.569200][ T22] kasan_check_range+0x13d/0x180 [ 1076.574143][ T22] memcpy+0x20/0x60 [ 1076.577959][ T22] __d_alloc+0x19a/0x950 [ 1076.582213][ T22] d_alloc+0x4a/0x230 [ 1076.586206][ T22] __lookup_hash+0xc8/0x180 [ 1076.590731][ T22] kern_path_locked+0x17e/0x320 [ 1076.595591][ T22] ? filename_lookup+0x80/0x80 [ 1076.600363][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1076.605828][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1076.611299][ T22] handle_remove+0xa2/0x5fe [ 1076.615904][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1076.620875][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1076.626585][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1076.632399][ T22] ? trace_hardirqs_on+0x5b/0x1c0 [ 1076.637449][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1076.643278][ T22] ? __switch_to+0x5cc/0x1060 [ 1076.647995][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1076.653433][ T22] ? lock_acquire+0x442/0x510 [ 1076.658089][ T22] ? rcu_read_lock_sched_held+0xd/0x70 [ 1076.663526][ T22] ? lock_release+0x522/0x720 [ 1076.668181][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1076.672496][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1076.677330][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1076.682346][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1076.687280][ T22] devtmpfsd+0x1b9/0x2a3 [ 1076.691513][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1076.697047][ T22] kthread+0x3e5/0x4d0 [ 1076.701117][ T22] ? set_kthread_struct+0x130/0x130 [ 1076.706295][ T22] ret_from_fork+0x1f/0x30 [ 1076.712024][ T22] Kernel Offset: disabled [ 1076.716330][ T22] Rebooting in 86400 seconds..