[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. 2021/09/06 23:06:02 parsed 1 programs 2021/09/06 23:06:03 executed programs: 0 syzkaller login: [ 1077.422539][ T8441] chnl_net:caif_netlink_parms(): no params data found [ 1077.494242][ T8441] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.502260][ T8441] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.510075][ T8441] device bridge_slave_0 entered promiscuous mode [ 1077.520501][ T8441] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.528328][ T8441] bridge0: port 2(bridge_slave_1) entered disabled state [ 1077.536936][ T8441] device bridge_slave_1 entered promiscuous mode [ 1077.566990][ T8441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1077.578209][ T8441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1077.609694][ T8441] team0: Port device team_slave_0 added [ 1077.617476][ T8441] team0: Port device team_slave_1 added [ 1077.647488][ T8441] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1077.655368][ T8441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1077.681552][ T8441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1077.694119][ T8441] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1077.701100][ T8441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1077.728356][ T8441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1077.765327][ T8441] device hsr_slave_0 entered promiscuous mode [ 1077.772865][ T8441] device hsr_slave_1 entered promiscuous mode [ 1077.898334][ T8441] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1077.909570][ T8441] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1077.920830][ T8441] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1077.932245][ T8441] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1077.955753][ T8441] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.963031][ T8441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1077.970783][ T8441] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.977902][ T8441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1078.018777][ T8441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1078.035877][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1078.047800][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.057717][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.066810][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1078.079713][ T8441] 8021q: adding VLAN 0 to HW filter on device team0 [ 1078.093343][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1078.102097][ T2948] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.109155][ T2948] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1078.134318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1078.143247][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.150283][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1078.159529][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1078.169889][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1078.187346][ T8441] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1078.201012][ T8441] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1078.214583][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1078.223611][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1078.232872][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1078.252287][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1078.259736][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1078.267369][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1078.279149][ T8441] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1078.299182][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1078.319235][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1078.327967][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1078.336287][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1078.347939][ T8441] device veth0_vlan entered promiscuous mode [ 1078.359618][ T8441] device veth1_vlan entered promiscuous mode [ 1078.382013][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1078.390483][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1078.399352][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1078.413453][ T8441] device veth0_macvtap entered promiscuous mode [ 1078.424214][ T8441] device veth1_macvtap entered promiscuous mode [ 1078.442813][ T8441] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1078.450270][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1078.459954][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1078.473769][ T8441] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1078.481099][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1078.490197][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1078.503006][ T8441] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.525237][ T8441] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.535015][ T8441] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.543800][ T8441] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.641387][ T218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1078.649414][ T218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1078.682870][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1078.697968][ T218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1078.707694][ T218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1078.717335][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1079.169358][ T8569] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1081.486983][ T8569] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.840635][ T8809] chnl_net:caif_netlink_parms(): no params data found [ 1083.911634][ T8809] bridge0: port 1(bridge_slave_0) entered blocking state [ 1083.918777][ T8809] bridge0: port 1(bridge_slave_0) entered disabled state [ 1083.927581][ T8809] device bridge_slave_0 entered promiscuous mode [ 1083.937842][ T8809] bridge0: port 2(bridge_slave_1) entered blocking state [ 1083.945460][ T8809] bridge0: port 2(bridge_slave_1) entered disabled state [ 1083.956308][ T8809] device bridge_slave_1 entered promiscuous mode [ 1083.987546][ T8809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1084.001629][ T8809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1084.103244][ T8569] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.142061][ T8809] team0: Port device team_slave_0 added [ 1084.149439][ T8809] team0: Port device team_slave_1 added [ 1084.262209][ T8569] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.289157][ T8809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1084.296258][ T8809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.322618][ T8809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1084.336501][ T8809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1084.344154][ T8809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.370771][ T8809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1084.417181][ T8809] device hsr_slave_0 entered promiscuous mode [ 1084.426200][ T8809] device hsr_slave_1 entered promiscuous mode [ 1084.434275][ T8809] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1084.442883][ T8809] Cannot create hsr debugfs directory [ 1085.379380][ T8809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1085.394464][ T8416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1085.403428][ T8416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1085.488210][ T8809] 8021q: adding VLAN 0 to HW filter on device team0 [ 1085.498400][ T8416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1085.507772][ T8416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1085.516769][ T8416] bridge0: port 1(bridge_slave_0) entered blocking state [ 1085.523860][ T8416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1085.539734][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1085.562056][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1085.570563][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1085.579048][ T8773] bridge0: port 2(bridge_slave_1) entered blocking state [ 1085.586269][ T8773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1085.594385][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1085.603320][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1085.613465][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1085.622551][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1085.631239][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1085.639648][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1085.721971][ T8774] Bluetooth: hci0: command 0x0409 tx timeout [ 1085.735757][ T8809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1085.746545][ T8809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1085.758587][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1085.767909][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1085.777041][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1085.786841][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1085.795675][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1085.805105][ T8773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1085.901180][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1085.908628][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1085.923192][ T8809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1086.148758][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1086.157347][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1086.251331][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1086.259452][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1086.268256][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1086.276449][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1086.288232][ T8809] device veth0_vlan entered promiscuous mode [ 1086.385346][ T8809] device veth1_vlan entered promiscuous mode [ 1086.408692][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1086.416629][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1086.425978][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1086.435562][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1086.447977][ T8809] device veth0_macvtap entered promiscuous mode [ 1086.472396][ T8809] device veth1_macvtap entered promiscuous mode [ 1086.580048][ T8809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1086.591000][ T8809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1086.603903][ T8809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1086.612199][ T8415] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1086.620116][ T8415] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1086.629633][ T8415] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1086.638688][ T8415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1086.656218][ T8809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1086.673195][ T8809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1086.690094][ T8809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1086.698841][ T8415] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1086.708225][ T8415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1086.723177][ T8569] device hsr_slave_0 left promiscuous mode [ 1086.730590][ T8569] device hsr_slave_1 left promiscuous mode [ 1086.736941][ T8569] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1086.745850][ T8569] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1086.755080][ T8569] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1086.763372][ T8569] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1086.772776][ T8569] device bridge_slave_1 left promiscuous mode [ 1086.779762][ T8569] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.795178][ T8569] device bridge_slave_0 left promiscuous mode [ 1086.803006][ T8569] bridge0: port 1(bridge_slave_0) entered disabled state [ 1086.819104][ T8569] device veth1_macvtap left promiscuous mode [ 1086.827463][ T8569] device veth0_macvtap left promiscuous mode [ 1086.835099][ T8569] device veth1_vlan left promiscuous mode [ 1086.841908][ T8569] device veth0_vlan left promiscuous mode [ 1087.790707][ T5] Bluetooth: hci0: command 0x041b tx timeout [ 1089.870515][ T5] Bluetooth: hci0: command 0x040f tx timeout [ 1090.396536][ T8569] team0 (unregistering): Port device team_slave_1 removed [ 1090.409800][ T8569] team0 (unregistering): Port device team_slave_0 removed [ 1090.425150][ T8569] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1090.438585][ T8569] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1090.495261][ T8569] bond0 (unregistering): Released all slaves [ 1090.655628][ T9160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1090.668701][ T9160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1090.723111][ T8807] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1090.724813][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1090.736571][ T8807] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1090.749254][ T2948] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1093.442586][ T8569] device hsr_slave_0 left promiscuous mode [ 1093.449091][ T8569] device hsr_slave_1 left promiscuous mode [ 1093.490531][ T8569] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1093.513601][ T8569] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1093.524112][ T8569] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1093.532115][ T8569] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1093.541413][ T8569] device bridge_slave_1 left promiscuous mode [ 1093.547591][ T8569] bridge0: port 2(bridge_slave_1) entered disabled state [ 1093.556905][ T8569] device bridge_slave_0 left promiscuous mode [ 1093.564073][ T8569] bridge0: port 1(bridge_slave_0) entered disabled state [ 1093.575030][ T8569] device veth1_macvtap left promiscuous mode [ 1093.581734][ T8569] device veth0_macvtap left promiscuous mode [ 1093.587791][ T8569] device veth1_vlan left promiscuous mode [ 1093.593698][ T8569] device veth0_vlan left promiscuous mode [ 1095.470157][ T8416] Bluetooth: hci0: command 0x0409 tx timeout [ 1096.942847][ T22] ================================================================== [ 1096.951055][ T22] BUG: KASAN: use-after-free in __d_alloc+0x19a/0x950 [ 1096.957894][ T22] Read of size 5 at addr ffff88807c4ca220 by task kdevtmpfs/22 [ 1096.965417][ T22] [ 1096.967726][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 1096.975425][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1096.985461][ T22] Call Trace: [ 1096.988725][ T22] dump_stack_lvl+0xcd/0x134 [ 1096.993361][ T22] print_address_description.constprop.0.cold+0x6c/0x309 [ 1097.000384][ T22] ? __d_alloc+0x19a/0x950 [ 1097.004837][ T22] ? __d_alloc+0x19a/0x950 [ 1097.009236][ T22] kasan_report.cold+0x83/0xdf [ 1097.013985][ T22] ? __d_alloc+0x19a/0x950 [ 1097.018393][ T22] kasan_check_range+0x13d/0x180 [ 1097.023369][ T22] memcpy+0x20/0x60 [ 1097.027162][ T22] __d_alloc+0x19a/0x950 [ 1097.031428][ T22] d_alloc+0x4a/0x230 [ 1097.035435][ T22] __lookup_hash+0xc8/0x180 [ 1097.039930][ T22] kern_path_locked+0x17e/0x320 [ 1097.044781][ T22] ? filename_lookup+0x80/0x80 [ 1097.049537][ T22] handle_remove+0xa2/0x5fe [ 1097.054067][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1097.059707][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1097.065743][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1097.071569][ T22] ? find_held_lock+0x2d/0x110 [ 1097.076320][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1097.080659][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1097.085496][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1097.090510][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1097.095439][ T22] devtmpfsd+0x1b9/0x2a3 [ 1097.099669][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1097.105203][ T22] kthread+0x3e5/0x4d0 [ 1097.109315][ T22] ? set_kthread_struct+0x130/0x130 [ 1097.114500][ T22] ret_from_fork+0x1f/0x30 [ 1097.118930][ T22] [ 1097.121241][ T22] Allocated by task 22: [ 1097.125377][ T22] kasan_save_stack+0x1b/0x40 [ 1097.130084][ T22] __kasan_slab_alloc+0x83/0xb0 [ 1097.134965][ T22] kmem_cache_alloc+0x285/0x4a0 [ 1097.139811][ T22] getname_kernel+0x4e/0x370 [ 1097.144407][ T22] kern_path_locked+0x71/0x320 [ 1097.149170][ T22] handle_remove+0xa2/0x5fe [ 1097.154102][ T22] devtmpfsd+0x1b9/0x2a3 [ 1097.158335][ T22] kthread+0x3e5/0x4d0 [ 1097.162400][ T22] ret_from_fork+0x1f/0x30 [ 1097.166812][ T22] [ 1097.169119][ T22] Freed by task 22: [ 1097.172906][ T22] kasan_save_stack+0x1b/0x40 [ 1097.177584][ T22] kasan_set_track+0x1c/0x30 [ 1097.182167][ T22] kasan_set_free_info+0x20/0x30 [ 1097.187098][ T22] __kasan_slab_free+0xff/0x130 [ 1097.191943][ T22] slab_free_freelist_hook+0xe3/0x250 [ 1097.197312][ T22] kmem_cache_free+0x8a/0x5b0 [ 1097.202015][ T22] putname.part.0+0xe1/0x120 [ 1097.206597][ T22] kern_path_locked+0xc2/0x320 [ 1097.211350][ T22] handle_remove+0xa2/0x5fe [ 1097.215850][ T22] devtmpfsd+0x1b9/0x2a3 [ 1097.220074][ T22] kthread+0x3e5/0x4d0 [ 1097.224136][ T22] ret_from_fork+0x1f/0x30 [ 1097.228537][ T22] [ 1097.230844][ T22] The buggy address belongs to the object at ffff88807c4ca200 [ 1097.230844][ T22] which belongs to the cache names_cache of size 4096 [ 1097.244961][ T22] The buggy address is located 32 bytes inside of [ 1097.244961][ T22] 4096-byte region [ffff88807c4ca200, ffff88807c4cb200) [ 1097.258215][ T22] The buggy address belongs to the page: [ 1097.263823][ T22] page:ffffea0001f13200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c4c8 [ 1097.273965][ T22] head:ffffea0001f13200 order:3 compound_mapcount:0 compound_pincount:0 [ 1097.282269][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1097.290248][ T22] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010dc63c0 [ 1097.298812][ T22] raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000 [ 1097.307373][ T22] page dumped because: kasan: bad access detected [ 1097.313765][ T22] page_owner tracks the page as allocated [ 1097.319475][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4992, ts 30929509189, free_ts 30911739979 [ 1097.338566][ T22] get_page_from_freelist+0xa72/0x2f80 [ 1097.344040][ T22] __alloc_pages+0x1b2/0x500 [ 1097.348613][ T22] alloc_pages+0x1a7/0x300 [ 1097.353038][ T22] allocate_slab+0x32e/0x4b0 [ 1097.357620][ T22] ___slab_alloc+0x473/0x7b0 [ 1097.364568][ T22] __slab_alloc.constprop.0+0xa7/0xf0 [ 1097.369942][ T22] kmem_cache_alloc+0x3e1/0x4a0 [ 1097.374777][ T22] getname_flags.part.0+0x50/0x4f0 [ 1097.379873][ T22] getname_flags+0x9a/0xe0 [ 1097.384358][ T22] __x64_sys_rename+0x65/0xa0 [ 1097.389022][ T22] do_syscall_64+0x35/0xb0 [ 1097.393480][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1097.399393][ T22] page last free stack trace: [ 1097.404050][ T22] free_pcp_prepare+0x2c5/0x780 [ 1097.408886][ T22] free_unref_page+0x19/0x690 [ 1097.413548][ T22] unfreeze_partials+0x16c/0x1b0 [ 1097.418473][ T22] put_cpu_partial+0x13d/0x230 [ 1097.423223][ T22] qlist_free_all+0x5a/0xc0 [ 1097.427710][ T22] kasan_quarantine_reduce+0x180/0x200 [ 1097.433151][ T22] __kasan_slab_alloc+0x95/0xb0 [ 1097.437983][ T22] __kmalloc+0x1f4/0x330 [ 1097.442209][ T22] tomoyo_realpath_from_path+0xc3/0x620 [ 1097.447787][ T22] tomoyo_path_perm+0x21b/0x400 [ 1097.452620][ T22] security_inode_getattr+0xcf/0x140 [ 1097.457931][ T22] vfs_statx+0x164/0x390 [ 1097.462158][ T22] __do_sys_newlstat+0x91/0x110 [ 1097.466990][ T22] do_syscall_64+0x35/0xb0 [ 1097.471395][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1097.477275][ T22] [ 1097.479580][ T22] Memory state around the buggy address: [ 1097.485189][ T22] ffff88807c4ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1097.493231][ T22] ffff88807c4ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1097.501279][ T22] >ffff88807c4ca200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1097.509318][ T22] ^ [ 1097.514410][ T22] ffff88807c4ca280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1097.522468][ T22] ffff88807c4ca300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1097.530521][ T22] ================================================================== [ 1097.538560][ T22] Disabling lock debugging due to kernel taint [ 1097.547467][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 1097.554189][ T22] CPU: 0 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 1097.563303][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1097.573364][ T22] Call Trace: [ 1097.576640][ T22] dump_stack_lvl+0xcd/0x134 [ 1097.581221][ T22] panic+0x2b0/0x6dd [ 1097.585131][ T22] ? __warn_printk+0xf3/0xf3 [ 1097.589758][ T22] ? preempt_schedule_common+0x59/0xc0 [ 1097.595206][ T22] ? __d_alloc+0x19a/0x950 [ 1097.599603][ T22] ? preempt_schedule_thunk+0x16/0x18 [ 1097.604956][ T22] ? trace_hardirqs_on+0x38/0x1c0 [ 1097.610034][ T22] ? trace_hardirqs_on+0x51/0x1c0 [ 1097.615040][ T22] ? __d_alloc+0x19a/0x950 [ 1097.619436][ T22] ? __d_alloc+0x19a/0x950 [ 1097.623833][ T22] end_report.cold+0x63/0x6f [ 1097.628403][ T22] kasan_report.cold+0x71/0xdf [ 1097.633185][ T22] ? __d_alloc+0x19a/0x950 [ 1097.637585][ T22] kasan_check_range+0x13d/0x180 [ 1097.642507][ T22] memcpy+0x20/0x60 [ 1097.646299][ T22] __d_alloc+0x19a/0x950 [ 1097.650530][ T22] d_alloc+0x4a/0x230 [ 1097.654491][ T22] __lookup_hash+0xc8/0x180 [ 1097.658983][ T22] kern_path_locked+0x17e/0x320 [ 1097.663816][ T22] ? filename_lookup+0x80/0x80 [ 1097.668561][ T22] handle_remove+0xa2/0x5fe [ 1097.673050][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1097.678667][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1097.684641][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1097.690428][ T22] ? find_held_lock+0x2d/0x110 [ 1097.695172][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1097.699503][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1097.704336][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1097.709339][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1097.714274][ T22] devtmpfsd+0x1b9/0x2a3 [ 1097.718497][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1097.724037][ T22] kthread+0x3e5/0x4d0 [ 1097.728100][ T22] ? set_kthread_struct+0x130/0x130 [ 1097.733292][ T22] ret_from_fork+0x1f/0x30 [ 1097.738953][ T22] Kernel Offset: disabled [ 1097.743269][ T22] Rebooting in 86400 seconds..