[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. 2021/09/07 05:16:27 parsed 1 programs 2021/09/07 05:16:27 executed programs: 0 syzkaller login: [ 1076.527731][ T8436] chnl_net:caif_netlink_parms(): no params data found [ 1076.594958][ T8436] bridge0: port 1(bridge_slave_0) entered blocking state [ 1076.603051][ T8436] bridge0: port 1(bridge_slave_0) entered disabled state [ 1076.611873][ T8436] device bridge_slave_0 entered promiscuous mode [ 1076.622158][ T8436] bridge0: port 2(bridge_slave_1) entered blocking state [ 1076.629803][ T8436] bridge0: port 2(bridge_slave_1) entered disabled state [ 1076.637739][ T8436] device bridge_slave_1 entered promiscuous mode [ 1076.666816][ T8436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1076.677794][ T8436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1076.711617][ T8436] team0: Port device team_slave_0 added [ 1076.719822][ T8436] team0: Port device team_slave_1 added [ 1076.746917][ T8436] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1076.753883][ T8436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1076.780226][ T8436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1076.792884][ T8436] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1076.799907][ T8436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1076.825867][ T8436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1076.864176][ T8436] device hsr_slave_0 entered promiscuous mode [ 1076.871489][ T8436] device hsr_slave_1 entered promiscuous mode [ 1076.993529][ T8436] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1077.004914][ T8436] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1077.017490][ T8436] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1077.029851][ T8436] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1077.053035][ T8436] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.060338][ T8436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1077.068453][ T8436] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.075547][ T8436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1077.122682][ T8436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1077.137502][ T8411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1077.149207][ T8411] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.157977][ T8411] bridge0: port 2(bridge_slave_1) entered disabled state [ 1077.168506][ T8411] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1077.183288][ T8436] 8021q: adding VLAN 0 to HW filter on device team0 [ 1077.194615][ T8769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1077.204652][ T8769] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.211754][ T8769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1077.222985][ T8411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1077.232168][ T8411] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.239275][ T8411] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1077.261766][ T8411] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1077.271117][ T8411] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1077.282495][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1077.295918][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1077.308106][ T8411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1077.318780][ T8436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1077.338060][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1077.345440][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1077.359527][ T8436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1077.378556][ T8411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1077.399929][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1077.408163][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1077.417350][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1077.428342][ T8436] device veth0_vlan entered promiscuous mode [ 1077.441662][ T8436] device veth1_vlan entered promiscuous mode [ 1077.464586][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1077.473520][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1077.482383][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1077.493723][ T8436] device veth0_macvtap entered promiscuous mode [ 1077.504419][ T8436] device veth1_macvtap entered promiscuous mode [ 1077.513425][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1077.532411][ T8436] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1077.540096][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1077.549743][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1077.562110][ T8436] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1077.570577][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1077.579373][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1077.592367][ T8436] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.602331][ T8436] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.611497][ T8436] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.624441][ T8436] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.722718][ T123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1077.730871][ T123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1077.749151][ T8769] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1077.775224][ T123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1077.784656][ T123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1077.797950][ T8769] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1078.224660][ T123] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.596432][ T8436] syz-executor.0 (8436) used greatest stack depth: 21920 bytes left [ 1080.816245][ T123] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1082.875377][ T8805] chnl_net:caif_netlink_parms(): no params data found [ 1082.941783][ T8805] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.948971][ T8805] bridge0: port 1(bridge_slave_0) entered disabled state [ 1082.957897][ T8805] device bridge_slave_0 entered promiscuous mode [ 1082.968110][ T8805] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.975625][ T8805] bridge0: port 2(bridge_slave_1) entered disabled state [ 1082.983838][ T8805] device bridge_slave_1 entered promiscuous mode [ 1083.015780][ T8805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1083.028003][ T8805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1083.065048][ T8805] team0: Port device team_slave_0 added [ 1083.073871][ T8805] team0: Port device team_slave_1 added [ 1083.184009][ T123] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.211953][ T8805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1083.219202][ T8805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.245279][ T8805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1083.257692][ T8805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1083.264638][ T8805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.290691][ T8805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1083.421473][ T123] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.436007][ T8805] device hsr_slave_0 entered promiscuous mode [ 1083.443944][ T8805] device hsr_slave_1 entered promiscuous mode [ 1083.450900][ T8805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1083.460351][ T8805] Cannot create hsr debugfs directory [ 1083.712204][ T8805] bridge0: port 2(bridge_slave_1) entered blocking state [ 1083.719364][ T8805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1083.726817][ T8805] bridge0: port 1(bridge_slave_0) entered blocking state [ 1083.733915][ T8805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1084.275798][ T8770] bridge0: port 1(bridge_slave_0) entered disabled state [ 1084.283323][ T8770] bridge0: port 2(bridge_slave_1) entered disabled state [ 1084.396581][ T8805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1084.411565][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1084.420769][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1084.507368][ T8805] 8021q: adding VLAN 0 to HW filter on device team0 [ 1084.518976][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1084.528304][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1084.538104][ T29] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.545254][ T29] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1084.636802][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1084.647168][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1084.655959][ T8772] bridge0: port 2(bridge_slave_1) entered blocking state [ 1084.663011][ T8772] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1084.671351][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1084.695652][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1084.704238][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1084.713534][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1084.722167][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1084.731408][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1084.742479][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1084.746027][ T8770] Bluetooth: hci0: command 0x0409 tx timeout [ 1084.764726][ T8805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1084.777755][ T8805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1084.790470][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1084.800673][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1084.809672][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1084.818691][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1084.915304][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1084.922842][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1084.931178][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1084.944543][ T8805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1085.176181][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1085.184751][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1085.201192][ T8805] device veth0_vlan entered promiscuous mode [ 1085.284008][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1085.292317][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1085.306862][ T8805] device veth1_vlan entered promiscuous mode [ 1085.315102][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1085.322774][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1085.425588][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1085.434875][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1085.446760][ T8805] device veth0_macvtap entered promiscuous mode [ 1085.458553][ T8805] device veth1_macvtap entered promiscuous mode [ 1085.567624][ T8805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1085.578490][ T8805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.590130][ T8805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1085.601135][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1085.609095][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1085.617631][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1085.626704][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1085.637528][ T8805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1085.648055][ T8805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1085.659605][ T8805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1085.668129][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1085.677143][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1085.873715][ T8803] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1085.887646][ T8803] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1085.896145][ T123] device hsr_slave_0 left promiscuous mode [ 1085.908771][ T123] device hsr_slave_1 left promiscuous mode [ 1085.916123][ T123] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1085.923567][ T123] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1085.934452][ T123] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1085.942526][ T123] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1085.952754][ T123] device bridge_slave_1 left promiscuous mode [ 1085.960195][ T123] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.973061][ T123] device bridge_slave_0 left promiscuous mode [ 1085.979384][ T123] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.995997][ T123] device veth1_macvtap left promiscuous mode [ 1086.002164][ T123] device veth0_macvtap left promiscuous mode [ 1086.008489][ T123] device veth1_vlan left promiscuous mode [ 1086.014400][ T123] device veth0_vlan left promiscuous mode [ 1086.814961][ T9182] Bluetooth: hci0: command 0x041b tx timeout [ 1088.894700][ T9182] Bluetooth: hci0: command 0x040f tx timeout [ 1089.571016][ T123] team0 (unregistering): Port device team_slave_1 removed [ 1089.583602][ T123] team0 (unregistering): Port device team_slave_0 removed [ 1089.597560][ T123] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1089.615702][ T123] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1089.672468][ T123] bond0 (unregistering): Released all slaves [ 1089.760516][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1089.813557][ T8803] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1089.822433][ T8803] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1089.833835][ T8770] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1092.582189][ T9203] chnl_net:caif_netlink_parms(): no params data found [ 1092.768611][ T123] device hsr_slave_0 left promiscuous mode [ 1092.777675][ T123] device hsr_slave_1 left promiscuous mode [ 1092.784145][ T123] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1092.792971][ T123] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1092.801985][ T123] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1092.811622][ T123] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1092.820906][ T123] device bridge_slave_1 left promiscuous mode [ 1092.829246][ T123] bridge0: port 2(bridge_slave_1) entered disabled state [ 1092.838090][ T123] device bridge_slave_0 left promiscuous mode [ 1092.844231][ T123] bridge0: port 1(bridge_slave_0) entered disabled state [ 1092.857946][ T123] device veth1_macvtap left promiscuous mode [ 1092.863950][ T123] device veth0_macvtap left promiscuous mode [ 1092.871885][ T123] device veth1_vlan left promiscuous mode [ 1092.878124][ T123] device veth0_vlan left promiscuous mode [ 1094.334288][ T8772] Bluetooth: hci0: command 0x0409 tx timeout [ 1096.353979][ T22] ================================================================== [ 1096.362260][ T22] BUG: KASAN: use-after-free in __d_alloc+0x19a/0x950 [ 1096.369097][ T22] Read of size 5 at addr ffff88807cf72220 by task kdevtmpfs/22 [ 1096.376627][ T22] [ 1096.378937][ T22] CPU: 0 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 1096.386722][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1096.396769][ T22] Call Trace: [ 1096.400050][ T22] dump_stack_lvl+0xcd/0x134 [ 1096.404684][ T22] print_address_description.constprop.0.cold+0x6c/0x309 [ 1096.411818][ T22] ? __d_alloc+0x19a/0x950 [ 1096.416220][ T22] ? __d_alloc+0x19a/0x950 [ 1096.420624][ T22] kasan_report.cold+0x83/0xdf [ 1096.425473][ T22] ? __d_alloc+0x19a/0x950 [ 1096.429906][ T22] kasan_check_range+0x13d/0x180 [ 1096.434979][ T22] memcpy+0x20/0x60 [ 1096.439042][ T22] __d_alloc+0x19a/0x950 [ 1096.443273][ T22] d_alloc+0x4a/0x230 [ 1096.447258][ T22] __lookup_hash+0xc8/0x180 [ 1096.451748][ T22] kern_path_locked+0x17e/0x320 [ 1096.456594][ T22] ? filename_lookup+0x80/0x80 [ 1096.461376][ T22] handle_remove+0xa2/0x5fe [ 1096.465923][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1096.471553][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1096.477571][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1096.483412][ T22] ? find_held_lock+0x2d/0x110 [ 1096.488174][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1096.492568][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1096.497420][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1096.502447][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1096.507389][ T22] devtmpfsd+0x1b9/0x2a3 [ 1096.511622][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1096.517158][ T22] kthread+0x3e5/0x4d0 [ 1096.521286][ T22] ? set_kthread_struct+0x130/0x130 [ 1096.526478][ T22] ret_from_fork+0x1f/0x30 [ 1096.530911][ T22] [ 1096.533238][ T22] Allocated by task 22: [ 1096.537395][ T22] kasan_save_stack+0x1b/0x40 [ 1096.542138][ T22] __kasan_slab_alloc+0x83/0xb0 [ 1096.546975][ T22] kmem_cache_alloc+0x285/0x4a0 [ 1096.551813][ T22] getname_kernel+0x4e/0x370 [ 1096.556387][ T22] kern_path_locked+0x71/0x320 [ 1096.561237][ T22] handle_remove+0xa2/0x5fe [ 1096.565727][ T22] devtmpfsd+0x1b9/0x2a3 [ 1096.569953][ T22] kthread+0x3e5/0x4d0 [ 1096.574020][ T22] ret_from_fork+0x1f/0x30 [ 1096.578446][ T22] [ 1096.580768][ T22] Freed by task 22: [ 1096.584565][ T22] kasan_save_stack+0x1b/0x40 [ 1096.589239][ T22] kasan_set_track+0x1c/0x30 [ 1096.593819][ T22] kasan_set_free_info+0x20/0x30 [ 1096.598740][ T22] __kasan_slab_free+0xff/0x130 [ 1096.603571][ T22] slab_free_freelist_hook+0xe3/0x250 [ 1096.608937][ T22] kmem_cache_free+0x8a/0x5b0 [ 1096.613684][ T22] putname.part.0+0xe1/0x120 [ 1096.618622][ T22] kern_path_locked+0xc2/0x320 [ 1096.623371][ T22] handle_remove+0xa2/0x5fe [ 1096.627869][ T22] devtmpfsd+0x1b9/0x2a3 [ 1096.632120][ T22] kthread+0x3e5/0x4d0 [ 1096.636172][ T22] ret_from_fork+0x1f/0x30 [ 1096.640572][ T22] [ 1096.642877][ T22] The buggy address belongs to the object at ffff88807cf72200 [ 1096.642877][ T22] which belongs to the cache names_cache of size 4096 [ 1096.657080][ T22] The buggy address is located 32 bytes inside of [ 1096.657080][ T22] 4096-byte region [ffff88807cf72200, ffff88807cf73200) [ 1096.670432][ T22] The buggy address belongs to the page: [ 1096.676047][ T22] page:ffffea0001f3dc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807cf76600 pfn:0x7cf70 [ 1096.687481][ T22] head:ffffea0001f3dc00 order:3 compound_mapcount:0 compound_pincount:0 [ 1096.695790][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1096.703761][ T22] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010dc63c0 [ 1096.712339][ T22] raw: ffff88807cf76600 0000000080070004 00000001ffffffff 0000000000000000 [ 1096.720950][ T22] page dumped because: kasan: bad access detected [ 1096.727392][ T22] page_owner tracks the page as allocated [ 1096.733088][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 21326840336, free_ts 20941317796 [ 1096.751912][ T22] get_page_from_freelist+0xa72/0x2f80 [ 1096.757398][ T22] __alloc_pages+0x1b2/0x500 [ 1096.761971][ T22] alloc_pages+0x1a7/0x300 [ 1096.766416][ T22] allocate_slab+0x32e/0x4b0 [ 1096.771028][ T22] ___slab_alloc+0x473/0x7b0 [ 1096.775604][ T22] __slab_alloc.constprop.0+0xa7/0xf0 [ 1096.781317][ T22] kmem_cache_alloc+0x3e1/0x4a0 [ 1096.786161][ T22] getname_flags.part.0+0x50/0x4f0 [ 1096.791255][ T22] __x64_sys_mkdir+0xda/0x140 [ 1096.795955][ T22] do_syscall_64+0x35/0xb0 [ 1096.800420][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1096.806318][ T22] page last free stack trace: [ 1096.810996][ T22] free_pcp_prepare+0x2c5/0x780 [ 1096.815832][ T22] free_unref_page+0x19/0x690 [ 1096.820500][ T22] unfreeze_partials+0x16c/0x1b0 [ 1096.825532][ T22] put_cpu_partial+0x13d/0x230 [ 1096.830310][ T22] qlist_free_all+0x5a/0xc0 [ 1096.834792][ T22] kasan_quarantine_reduce+0x180/0x200 [ 1096.840231][ T22] __kasan_slab_alloc+0x95/0xb0 [ 1096.845078][ T22] __kmalloc+0x1f4/0x330 [ 1096.849304][ T22] tomoyo_supervisor+0xce8/0xf00 [ 1096.859564][ T22] tomoyo_path_permission+0x270/0x3a0 [ 1096.864929][ T22] tomoyo_check_open_permission+0x33e/0x380 [ 1096.870804][ T22] tomoyo_file_open+0xa3/0xd0 [ 1096.875472][ T22] security_file_open+0x45/0xb0 [ 1096.880304][ T22] do_dentry_open+0x353/0x11d0 [ 1096.885154][ T22] path_openat+0x1c9a/0x2740 [ 1096.889738][ T22] do_filp_open+0x1aa/0x400 [ 1096.894225][ T22] [ 1096.896528][ T22] Memory state around the buggy address: [ 1096.902132][ T22] ffff88807cf72100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1096.910170][ T22] ffff88807cf72180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1096.918209][ T22] >ffff88807cf72200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1096.926245][ T22] ^ [ 1096.931333][ T22] ffff88807cf72280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1096.939387][ T22] ffff88807cf72300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1096.947427][ T22] ================================================================== [ 1096.955564][ T22] Disabling lock debugging due to kernel taint [ 1096.962158][ T3179] Bluetooth: hci0: command 0x041b tx timeout [ 1096.970741][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 1096.977325][ T22] CPU: 0 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 1096.986439][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1096.996480][ T22] Call Trace: [ 1096.999760][ T22] dump_stack_lvl+0xcd/0x134 [ 1097.004351][ T22] panic+0x2b0/0x6dd [ 1097.008269][ T22] ? __warn_printk+0xf3/0xf3 [ 1097.012847][ T22] ? preempt_schedule_common+0x59/0xc0 [ 1097.018315][ T22] ? __d_alloc+0x19a/0x950 [ 1097.022724][ T22] ? preempt_schedule_thunk+0x16/0x18 [ 1097.028089][ T22] ? trace_hardirqs_on+0x38/0x1c0 [ 1097.033154][ T22] ? trace_hardirqs_on+0x51/0x1c0 [ 1097.038277][ T22] ? __d_alloc+0x19a/0x950 [ 1097.042694][ T22] ? __d_alloc+0x19a/0x950 [ 1097.047102][ T22] end_report.cold+0x63/0x6f [ 1097.051685][ T22] kasan_report.cold+0x71/0xdf [ 1097.056438][ T22] ? __d_alloc+0x19a/0x950 [ 1097.060845][ T22] kasan_check_range+0x13d/0x180 [ 1097.065774][ T22] memcpy+0x20/0x60 [ 1097.069587][ T22] __d_alloc+0x19a/0x950 [ 1097.073835][ T22] d_alloc+0x4a/0x230 [ 1097.077807][ T22] __lookup_hash+0xc8/0x180 [ 1097.082301][ T22] kern_path_locked+0x17e/0x320 [ 1097.087148][ T22] ? filename_lookup+0x80/0x80 [ 1097.091909][ T22] handle_remove+0xa2/0x5fe [ 1097.096408][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1097.102052][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1097.108035][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1097.113847][ T22] ? find_held_lock+0x2d/0x110 [ 1097.118607][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1097.122929][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1097.127769][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1097.132786][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1097.137718][ T22] devtmpfsd+0x1b9/0x2a3 [ 1097.141951][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1097.147490][ T22] kthread+0x3e5/0x4d0 [ 1097.151549][ T22] ? set_kthread_struct+0x130/0x130 [ 1097.156769][ T22] ret_from_fork+0x1f/0x30 [ 1097.162916][ T22] Kernel Offset: disabled [ 1097.167224][ T22] Rebooting in 86400 seconds..