syzkaller login: [ 89.376367][ T2045] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 89.384313][ T2045] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 89.404872][ T2045] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:19580' (ECDSA) to the list of known hosts. 1970/01/01 00:01:57 fuzzer started 1970/01/01 00:02:00 connecting to host at localhost:45731 1970/01/01 00:02:00 checking machine... 1970/01/01 00:02:00 checking revisions... 1970/01/01 00:02:02 testing simple program... executing program executing program [ 130.307927][ T2207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.352769][ T2207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 133.378889][ T2207] device hsr_slave_0 entered promiscuous mode [ 133.442336][ T2207] device hsr_slave_1 entered promiscuous mode executing program [ 135.430768][ T2207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 135.533915][ T2207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 135.634042][ T2207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 135.714220][ T2207] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 138.147782][ T2207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.312730][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.346553][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 139.741362][ T1813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.760079][ T1813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.851292][ T1813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.864322][ T1813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.921750][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.127164][ C1] hrtimer: interrupt took 39917584 ns [ 140.130872][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.356558][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.371101][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.443318][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.450454][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.500570][ T2207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.692948][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.694826][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 143.415526][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 143.424740][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 144.671188][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 144.691283][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 144.722321][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 144.743523][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 144.785901][ T2207] device veth0_vlan entered promiscuous mode [ 144.943323][ T2207] device veth1_vlan entered promiscuous mode [ 145.327644][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 145.350630][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 145.412257][ T2207] device veth0_macvtap entered promiscuous mode [ 145.535301][ T2207] device veth1_macvtap entered promiscuous mode executing program [ 145.679125][ T2543] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 145.702300][ T2543] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 145.832018][ T2543] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 145.874937][ T2543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 146.021526][ T2543] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 146.072372][ T2543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 146.173571][ T2207] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.178656][ T2207] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.182085][ T2207] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.185529][ T2207] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.091831][ T2207] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 147.916706][ T10] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:02:27 building call list... [ 148.090810][ T10] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.232358][ T10] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.401090][ T10] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 151.251144][ T10] device hsr_slave_0 left promiscuous mode [ 151.310076][ T10] device hsr_slave_1 left promiscuous mode [ 151.420124][ T10] device veth1_macvtap left promiscuous mode [ 151.421265][ T10] device veth0_macvtap left promiscuous mode [ 151.427947][ T10] device veth1_vlan left promiscuous mode [ 151.429015][ T10] device veth0_vlan left promiscuous mode executing program [ 152.642762][ T22] ================================================================== [ 152.645348][ T22] BUG: KASAN: invalid-access in __entry_tramp_text_end+0xddc/0xf000 [ 152.647746][ T22] Read at addr f2ff00000302b0e0 by task kdevtmpfs/22 [ 152.648566][ T22] Pointer tag: [f2], memory tag: [fe] [ 152.649836][ T22] [ 152.650805][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller-10929-ge99f23c5bf59 #0 [ 152.651914][ T22] Hardware name: linux,dummy-virt (DT) [ 152.652918][ T22] Call trace: [ 152.653424][ T22] dump_backtrace+0x0/0x1ac [ 152.654139][ T22] show_stack+0x18/0x24 [ 152.654752][ T22] dump_stack_lvl+0x68/0x84 [ 152.655979][ T22] print_address_description+0x7c/0x2b4 [ 152.658282][ T22] kasan_report+0x134/0x380 [ 152.659920][ T22] __do_kernel_fault+0x128/0x1bc [ 152.660884][ T22] do_tag_check_fault+0x74/0x90 [ 152.662727][ T22] do_mem_abort+0x44/0xb4 [ 152.663996][ T22] el1_abort+0x40/0x60 [ 152.665382][ T22] el1h_64_sync_handler+0xb0/0xd0 [ 152.666471][ T22] el1h_64_sync+0x78/0x7c [ 152.667649][ T22] __entry_tramp_text_end+0xddc/0xf000 [ 152.669456][ T22] d_lookup+0x44/0x70 [ 152.670146][ T22] lookup_dcache+0x24/0x84 [ 152.671599][ T22] __lookup_hash+0x24/0xd0 [ 152.672895][ T22] kern_path_locked+0x90/0x10c [ 152.674089][ T22] handle_remove+0x38/0x284 [ 152.675118][ T22] devtmpfsd+0x8c/0xd0 [ 152.676522][ T22] kthread+0x150/0x15c [ 152.686135][ T22] ret_from_fork+0x10/0x20 [ 152.687438][ T22] [ 152.687975][ T22] Allocated by task 22: [ 152.688620][ T22] kasan_save_stack+0x28/0x60 [ 152.689394][ T22] __kasan_slab_alloc+0xb0/0x110 [ 152.690038][ T22] kmem_cache_alloc+0x194/0x2f4 [ 152.690674][ T22] getname_kernel+0x30/0x150 [ 152.691288][ T22] kern_path_locked+0x2c/0x10c [ 152.691932][ T22] handle_remove+0x38/0x284 [ 152.692543][ T22] devtmpfsd+0x8c/0xd0 [ 152.693129][ T22] kthread+0x150/0x15c [ 152.693730][ T22] ret_from_fork+0x10/0x20 [ 152.694478][ T22] [ 152.694916][ T22] Freed by task 22: [ 152.695427][ T22] kasan_save_stack+0x28/0x60 [ 152.696096][ T22] kasan_set_track+0x28/0x3c [ 152.696727][ T22] kasan_set_free_info+0x20/0x30 [ 152.697570][ T22] ____kasan_slab_free.constprop.0+0x178/0x1e0 [ 152.698301][ T22] __kasan_slab_free+0x10/0x1c [ 152.698949][ T22] slab_free_freelist_hook+0xc4/0x20c [ 152.699608][ T22] kmem_cache_free+0x9c/0x3d4 [ 152.700467][ T22] putname.part.0+0x68/0x7c [ 152.701333][ T22] kern_path_locked+0x64/0x10c [ 152.702855][ T22] handle_remove+0x38/0x284 [ 152.703558][ T22] devtmpfsd+0x8c/0xd0 [ 152.704378][ T22] kthread+0x150/0x15c [ 152.704974][ T22] ret_from_fork+0x10/0x20 [ 152.705589][ T22] [ 152.705988][ T22] The buggy address belongs to the object at ffff00000302b0c0 [ 152.705988][ T22] which belongs to the cache names_cache of size 4096 [ 152.707517][ T22] The buggy address is located 32 bytes inside of [ 152.707517][ T22] 4096-byte region [ffff00000302b0c0, ffff00000302c0c0) [ 152.708793][ T22] The buggy address belongs to the page: [ 152.709605][ T22] page:000000004d9ec918 refcount:1 mapcount:0 mapping:0000000000000000 index:0xf8ff00000302d140 pfn:0x43028 [ 152.710892][ T22] head:000000004d9ec918 order:3 compound_mapcount:0 compound_pincount:0 [ 152.711793][ T22] flags: 0x1ffc00000010200(slab|head|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 152.713293][ T22] raw: 01ffc00000010200 0000000000000000 dead000000000122 fdff000002837700 [ 152.714238][ T22] raw: f8ff00000302d140 0000000080070005 00000001ffffffff 0000000000000000 [ 152.715199][ T22] page dumped because: kasan: bad access detected [ 152.715929][ T22] [ 152.716348][ T22] Memory state around the buggy address: [ 152.717202][ T22] ffff00000302ae00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 152.718078][ T22] ffff00000302af00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 152.718894][ T22] >ffff00000302b000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 152.719730][ T22] ^ [ 152.720580][ T22] ffff00000302b100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 152.721380][ T22] ffff00000302b200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 152.722200][ T22] ================================================================== [ 152.722997][ T22] Disabling lock debugging due to kernel taint [ 153.800066][ T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.905400][ T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.471820][ T10] bond0 (unregistering): Released all slaves executing program executing program executing program executing program executing program executing program [ 171.221398][ T2203] can: request_module (can-proto-0) failed. [ 171.417926][ T2203] can: request_module (can-proto-0) failed. [ 171.618402][ T2203] can: request_module (can-proto-0) failed. executing program executing program executing program [ 178.641609][ T2045] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 178.652411][ T2045] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 178.665596][ T2045] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 178.680512][ T2045] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. executing program VM DIAGNOSIS: 20:09:29 Registers: info registers vcpu 0 PC=ffff80001014ee00 X00=f5ff0000052fc090 X01=0000000000000005 X02=f2ff0000085c65a3 X03=f2ff0000085c65ae X04=0000000000000010 X05=00000000fffffffe X06=000000000000000f X07=000000000000000f X08=f2ff0000085c6000 X09=ffff800011dff3f8 X10=0000000000000020 X11=0000000000000000 X12=f2ff0000085c659e X13=f2ff0000085c7000 X14=0000000000000000 X15=0000000000000030 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=f2ff0000085c7000 X20=f2ff0000085c659e X21=ffff80001288bc40 X22=ffff8000118e7598 X23=00000000ffffffe8 X24=0000000000000a62 X25=0000000000000020 X26=ffff800011e17331 X27=ffff800011e17331 X28=f2ff0000085c65c9 X29=ffff80001288bb00 X30=7ace8000102f0fd4 SP=ffff80001288bb80 PSTATE=20400009 --C- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:3fd2480ef33f2fbc Z01=0000000000000000:3fd0000000000000 Z02=0000000000000000:3f716732fb548d68 Z03=0000000000000000:3ff0000000000000 Z04=0000000000000000:3ff0000000000000 Z05=0000000000000000:3fd3333333333333 Z06=0000000000000000:0000040000000000 Z07=0000000000000000:eb619bec7963c590 Z08=0000000000000000:3fd14f564f51e39a Z09=0000000000000000:3fe2a4f843c9c6f1 Z10=0000000000000000:3fe0000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000031e345ed Z31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff8000100933ac X00=ffff800012455ab8 X01=0000000000000000 X02=ffff8000121f8000 X03=ffff80001224d110 X04=00000000ffffffff X05=ffff8000124a23e0 X06=ffff8000124a23e0 X07=0000000000000018 X08=0000000080000000 X09=ffff8000122fd240 X10=00000000ffffe000 X11=ffff8000122fd240 X12=ffff8000126ab610 X13=000000000000030d X14=0000000000000000 X15=0000000000000020 X16=6478302b646e655f X17=30306678302f6364 X18=00000000fffffffd X19=ffff800011e06f80 X20=00000000000000c0 X21=ffff800011f14080 X22=ffff800011e28d30 X23=0000000000000001 X24=f5ff0000029a06d8 X25=0000000000000016 X26=ffff800011f14080 X27=0000000000000000 X28=f5ff0000029a0000 X29=ffff8000126ab850 X30=bcb78000105e6448 SP=ffff8000126ab830 PSTATE=604000c9 -ZC- EL2h BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000000000000000:4112406000000000 Z02=dc400c52a8c934f4:c5b7c0026b204b6f Z03=0000000040000000:0000000000000000 Z04=4010040140100401:4000000000000000 Z05=4010040140100401:4010040140100401 Z06=5555400000400000:5555400000400000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000010:0000001b3e1eccc0 Z31=0000000000000000:0000000000000000