[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. 2021/09/12 13:42:22 parsed 1 programs 2021/09/12 13:42:23 executed programs: 0 syzkaller login: [ 1282.661890][ T6576] chnl_net:caif_netlink_parms(): no params data found [ 1282.731309][ T6576] bridge0: port 1(bridge_slave_0) entered blocking state [ 1282.739495][ T6576] bridge0: port 1(bridge_slave_0) entered disabled state [ 1282.749266][ T6576] device bridge_slave_0 entered promiscuous mode [ 1282.758805][ T6576] bridge0: port 2(bridge_slave_1) entered blocking state [ 1282.766961][ T6576] bridge0: port 2(bridge_slave_1) entered disabled state [ 1282.775046][ T6576] device bridge_slave_1 entered promiscuous mode [ 1282.805158][ T6576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1282.815984][ T6576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1282.849693][ T6576] team0: Port device team_slave_0 added [ 1282.857177][ T6576] team0: Port device team_slave_1 added [ 1282.885011][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1282.892201][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1282.919589][ T6576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1282.934194][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1282.941265][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1282.967762][ T6576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1283.006578][ T6576] device hsr_slave_0 entered promiscuous mode [ 1283.014431][ T6576] device hsr_slave_1 entered promiscuous mode [ 1283.142304][ T6576] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1283.152593][ T6576] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1283.162212][ T6576] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1283.171272][ T6576] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1283.196943][ T6576] bridge0: port 2(bridge_slave_1) entered blocking state [ 1283.204105][ T6576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1283.211694][ T6576] bridge0: port 1(bridge_slave_0) entered blocking state [ 1283.218810][ T6576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1283.268860][ T6576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1283.281883][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1283.295020][ T6544] bridge0: port 1(bridge_slave_0) entered disabled state [ 1283.306284][ T6544] bridge0: port 2(bridge_slave_1) entered disabled state [ 1283.314463][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1283.328353][ T6576] 8021q: adding VLAN 0 to HW filter on device team0 [ 1283.340195][ T2609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1283.350270][ T2609] bridge0: port 1(bridge_slave_0) entered blocking state [ 1283.357402][ T2609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1283.376000][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1283.384482][ T6905] bridge0: port 2(bridge_slave_1) entered blocking state [ 1283.391531][ T6905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1283.413552][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1283.422102][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1283.431237][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1283.439950][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1283.451070][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1283.463900][ T6576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1283.483009][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1283.490467][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1283.505954][ T6576] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1283.526038][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1283.546528][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1283.554883][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1283.563926][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1283.576808][ T6576] device veth0_vlan entered promiscuous mode [ 1283.588272][ T6576] device veth1_vlan entered promiscuous mode [ 1283.611529][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1283.619554][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1283.628411][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1283.640860][ T6576] device veth0_macvtap entered promiscuous mode [ 1283.651411][ T6576] device veth1_macvtap entered promiscuous mode [ 1283.670669][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1283.678691][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1283.688196][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1283.701105][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1283.708497][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1283.717544][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1283.729812][ T6576] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.739068][ T6576] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.752834][ T6576] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.761539][ T6576] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.854901][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.869110][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.897806][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1283.909642][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.920552][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.935753][ T6905] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1284.134849][ C0] hrtimer: interrupt took 79839 ns [ 1284.464161][ T6901] Bluetooth: hci0: command 0x0409 tx timeout 2021/09/12 13:42:28 executed programs: 36 [ 1286.542880][ T2609] Bluetooth: hci0: command 0x041b tx timeout [ 1288.632140][ T6544] Bluetooth: hci0: command 0x040f tx timeout [ 1290.711919][ T6732] Bluetooth: hci0: command 0x0419 tx timeout 2021/09/12 13:42:33 executed programs: 108 2021/09/12 13:42:38 executed programs: 177 [ 1299.742457][ T1357] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.749071][ T1357] ieee802154 phy1 wpan1: encryption failed: -22 2021/09/12 13:42:43 executed programs: 257 2021/09/12 13:42:48 executed programs: 340 2021/09/12 13:42:53 executed programs: 417 [ 1312.934138][ T1103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1313.383555][ T1103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1313.738185][ T1103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1314.146139][ T1103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1315.965008][ T8845] chnl_net:caif_netlink_parms(): no params data found [ 1316.307199][ T8845] bridge0: port 1(bridge_slave_0) entered blocking state [ 1316.315821][ T8845] bridge0: port 1(bridge_slave_0) entered disabled state [ 1316.323994][ T8845] device bridge_slave_0 entered promiscuous mode [ 1316.333646][ T8845] bridge0: port 2(bridge_slave_1) entered blocking state [ 1316.341814][ T8845] bridge0: port 2(bridge_slave_1) entered disabled state [ 1316.349938][ T8845] device bridge_slave_1 entered promiscuous mode [ 1316.649754][ T8845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1316.934279][ T8845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1316.971618][ T8845] team0: Port device team_slave_0 added [ 1316.981329][ T8845] team0: Port device team_slave_1 added [ 1317.189641][ T6732] Bluetooth: hci0: command 0x0409 tx timeout [ 1317.285367][ T8845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1317.298122][ T8845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1317.324778][ T8845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1317.607557][ T8845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1317.614553][ T8845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1317.641990][ T8845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1317.948833][ T8845] device hsr_slave_0 entered promiscuous mode [ 1317.955697][ T8845] device hsr_slave_1 entered promiscuous mode [ 1317.963824][ T8845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1317.972763][ T8845] Cannot create hsr debugfs directory [ 1318.721721][ T1103] device hsr_slave_0 left promiscuous mode [ 1318.728682][ T1103] device hsr_slave_1 left promiscuous mode [ 1318.735916][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1318.744168][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1318.755065][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1318.763365][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1318.774318][ T1103] device bridge_slave_1 left promiscuous mode [ 1318.781865][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state [ 1318.794824][ T1103] device bridge_slave_0 left promiscuous mode [ 1318.801109][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state [ 1318.818063][ T1103] device veth1_macvtap left promiscuous mode [ 1318.824679][ T1103] device veth0_macvtap left promiscuous mode [ 1318.832092][ T1103] device veth1_vlan left promiscuous mode [ 1318.837986][ T1103] device veth0_vlan left promiscuous mode [ 1319.269388][ T6544] Bluetooth: hci0: command 0x041b tx timeout [ 1321.339164][ T6544] Bluetooth: hci0: command 0x040f tx timeout [ 1323.419046][ T6544] Bluetooth: hci0: command 0x0419 tx timeout [ 1332.210002][ T1103] team0 (unregistering): Port device team_slave_1 removed [ 1332.224455][ T1103] team0 (unregistering): Port device team_slave_0 removed [ 1332.236149][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1332.250425][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1332.302534][ T1103] bond0 (unregistering): Released all slaves [ 1332.359110][ T8845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1332.374561][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1332.382209][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1332.395338][ T8845] 8021q: adding VLAN 0 to HW filter on device team0 [ 1332.411627][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1332.421427][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1332.434035][ T6732] bridge0: port 1(bridge_slave_0) entered blocking state [ 1332.441172][ T6732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1332.452300][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1332.465900][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1332.476414][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1332.485066][ T6544] bridge0: port 2(bridge_slave_1) entered blocking state [ 1332.492212][ T6544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1332.500254][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1332.519868][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1332.529067][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1332.539723][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1332.549277][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1332.568188][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1332.576712][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1332.585766][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1332.595086][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1332.603687][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1332.612466][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1332.630852][ T8845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1332.654466][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1332.662013][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1332.675713][ T8845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1332.699486][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1332.709062][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1332.731369][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1332.740176][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1332.749304][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1332.756907][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1332.768014][ T8845] device veth0_vlan entered promiscuous mode [ 1332.789116][ T8845] device veth1_vlan entered promiscuous mode [ 1332.819158][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1332.827171][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1332.837851][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1332.850740][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1332.864043][ T8845] device veth0_macvtap entered promiscuous mode [ 1332.879142][ T8845] device veth1_macvtap entered promiscuous mode [ 1332.901363][ T8845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1332.910880][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1332.921569][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1332.930601][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1332.940293][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1332.954822][ T8845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1332.965449][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1332.976082][ T6732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1333.068278][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1333.077868][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1333.093307][ T6906] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1333.145215][ T9102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1333.175847][ T9102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1333.200351][ T6903] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/09/12 13:43:15 executed programs: 420 2021/09/12 13:43:20 executed programs: 490 2021/09/12 13:43:25 executed programs: 560 2021/09/12 13:43:30 executed programs: 627 2021/09/12 13:43:35 executed programs: 706 2021/09/12 13:43:40 executed programs: 786 [ 1361.187370][ T1357] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.193701][ T1357] ieee802154 phy1 wpan1: encryption failed: -22 2021/09/12 13:43:45 executed programs: 862 2021/09/12 13:43:50 executed programs: 941 2021/09/12 13:43:55 executed programs: 1136 2021/09/12 13:44:00 executed programs: 1356 2021/09/12 13:44:05 executed programs: 1573 2021/09/12 13:44:10 executed programs: 1797 2021/09/12 13:44:15 executed programs: 2018 [ 1398.452077][T15486] chnl_net:caif_netlink_parms(): no params data found [ 1399.068237][T15486] bridge0: port 1(bridge_slave_0) entered blocking state [ 1399.075706][T15486] bridge0: port 1(bridge_slave_0) entered disabled state [ 1399.084267][T15486] device bridge_slave_0 entered promiscuous mode [ 1399.369189][T15486] bridge0: port 2(bridge_slave_1) entered blocking state [ 1399.377781][T15486] bridge0: port 2(bridge_slave_1) entered disabled state [ 1399.386256][T15486] device bridge_slave_1 entered promiscuous mode [ 1399.713681][T15486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1399.726163][T15486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1399.775855][ T1103] device hsr_slave_0 left promiscuous mode [ 1399.783487][ T1103] device hsr_slave_1 left promiscuous mode [ 1399.790466][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1399.798892][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1399.808842][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1399.817428][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1399.826645][ T1103] device bridge_slave_1 left promiscuous mode [ 1399.833473][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state [ 1399.841916][ T1103] device bridge_slave_0 left promiscuous mode [ 1399.848096][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state [ 1399.860367][ T1103] device veth1_macvtap left promiscuous mode [ 1399.866603][ T1103] device veth0_macvtap left promiscuous mode [ 1399.873002][ T1103] device veth1_vlan left promiscuous mode [ 1399.878781][ T1103] device veth0_vlan left promiscuous mode [ 1399.972566][ T6905] Bluetooth: hci0: command 0x0409 tx timeout [ 1402.052386][ T6544] Bluetooth: hci0: command 0x041b tx timeout [ 1404.132189][ T6544] Bluetooth: hci0: command 0x040f tx timeout [ 1406.214851][ T6544] Bluetooth: hci0: command 0x0419 tx timeout [ 1413.209235][ T22] ================================================================== [ 1413.217440][ T22] BUG: KASAN: use-after-free in __d_alloc+0x19a/0x950 [ 1413.224280][ T22] Read of size 5 at addr ffff88807ca63320 by task kdevtmpfs/22 [ 1413.231803][ T22] [ 1413.234112][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 1413.241884][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.252023][ T22] Call Trace: [ 1413.255396][ T22] dump_stack_lvl+0xcd/0x134 [ 1413.260080][ T22] print_address_description.constprop.0.cold+0x6c/0x309 [ 1413.267116][ T22] ? __d_alloc+0x19a/0x950 [ 1413.271578][ T22] ? __d_alloc+0x19a/0x950 [ 1413.275983][ T22] kasan_report.cold+0x83/0xdf [ 1413.280734][ T22] ? __d_alloc+0x19a/0x950 [ 1413.285141][ T22] kasan_check_range+0x13d/0x180 [ 1413.290116][ T22] memcpy+0x20/0x60 [ 1413.293911][ T22] __d_alloc+0x19a/0x950 [ 1413.298142][ T22] d_alloc+0x4a/0x230 [ 1413.302124][ T22] __lookup_hash+0xc8/0x180 [ 1413.306637][ T22] kern_path_locked+0x17e/0x320 [ 1413.311485][ T22] ? filename_lookup+0x80/0x80 [ 1413.316248][ T22] handle_remove+0xa2/0x5fe [ 1413.320797][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1413.326433][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1413.332444][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1413.338268][ T22] ? find_held_lock+0x2d/0x110 [ 1413.343021][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1413.347369][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1413.352205][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1413.357217][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1413.362144][ T22] devtmpfsd+0x1b9/0x2a3 [ 1413.366374][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1413.371906][ T22] kthread+0x3e5/0x4d0 [ 1413.376017][ T22] ? set_kthread_struct+0x130/0x130 [ 1413.381255][ T22] ret_from_fork+0x1f/0x30 [ 1413.385698][ T22] [ 1413.388006][ T22] Allocated by task 22: [ 1413.392137][ T22] kasan_save_stack+0x1b/0x40 [ 1413.396858][ T22] __kasan_slab_alloc+0x83/0xb0 [ 1413.401709][ T22] kmem_cache_alloc+0x209/0x390 [ 1413.406549][ T22] getname_kernel+0x4e/0x370 [ 1413.411128][ T22] kern_path_locked+0x71/0x320 [ 1413.415910][ T22] handle_remove+0xa2/0x5fe [ 1413.420511][ T22] devtmpfsd+0x1b9/0x2a3 [ 1413.424749][ T22] kthread+0x3e5/0x4d0 [ 1413.428806][ T22] ret_from_fork+0x1f/0x30 [ 1413.433209][ T22] [ 1413.435518][ T22] Freed by task 22: [ 1413.439304][ T22] kasan_save_stack+0x1b/0x40 [ 1413.443972][ T22] kasan_set_track+0x1c/0x30 [ 1413.448548][ T22] kasan_set_free_info+0x20/0x30 [ 1413.453471][ T22] __kasan_slab_free+0xff/0x130 [ 1413.458304][ T22] slab_free_freelist_hook+0x81/0x190 [ 1413.463663][ T22] kmem_cache_free+0x8a/0x5b0 [ 1413.468323][ T22] putname.part.0+0xe1/0x120 [ 1413.472895][ T22] kern_path_locked+0xc2/0x320 [ 1413.477648][ T22] handle_remove+0xa2/0x5fe [ 1413.482138][ T22] devtmpfsd+0x1b9/0x2a3 [ 1413.486364][ T22] kthread+0x3e5/0x4d0 [ 1413.490417][ T22] ret_from_fork+0x1f/0x30 [ 1413.494819][ T22] [ 1413.497209][ T22] The buggy address belongs to the object at ffff88807ca63300 [ 1413.497209][ T22] which belongs to the cache names_cache of size 4096 [ 1413.511325][ T22] The buggy address is located 32 bytes inside of [ 1413.511325][ T22] 4096-byte region [ffff88807ca63300, ffff88807ca64300) [ 1413.524590][ T22] The buggy address belongs to the page: [ 1413.530208][ T22] page:ffffea0001f29800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807ca66600 pfn:0x7ca60 [ 1413.541642][ T22] head:ffffea0001f29800 order:3 compound_mapcount:0 compound_pincount:0 [ 1413.549949][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1413.557926][ T22] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010dc53c0 [ 1413.566495][ T22] raw: ffff88807ca66600 0000000080070005 00000001ffffffff 0000000000000000 [ 1413.575068][ T22] page dumped because: kasan: bad access detected [ 1413.581468][ T22] page_owner tracks the page as allocated [ 1413.587161][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8845, ts 1365117776129, free_ts 1364842246224 [ 1413.606601][ T22] get_page_from_freelist+0xa72/0x2f80 [ 1413.612077][ T22] __alloc_pages+0x1b2/0x500 [ 1413.616657][ T22] alloc_pages+0x1a7/0x300 [ 1413.621057][ T22] new_slab+0x319/0x490 [ 1413.625205][ T22] ___slab_alloc+0x921/0xfe0 [ 1413.629793][ T22] __slab_alloc.constprop.0+0x4d/0xa0 [ 1413.635153][ T22] kmem_cache_alloc+0x365/0x390 [ 1413.639988][ T22] getname_flags.part.0+0x50/0x4f0 [ 1413.645089][ T22] getname_flags+0x9a/0xe0 [ 1413.649501][ T22] user_path_at_empty+0x2b/0x90 [ 1413.654336][ T22] __x64_sys_umount+0xf8/0x180 [ 1413.659088][ T22] do_syscall_64+0x35/0xb0 [ 1413.663542][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1413.669439][ T22] page last free stack trace: [ 1413.674091][ T22] free_pcp_prepare+0x2c5/0x780 [ 1413.678928][ T22] free_unref_page+0x19/0x690 [ 1413.683587][ T22] qlist_free_all+0x5a/0xc0 [ 1413.688071][ T22] kasan_quarantine_reduce+0x180/0x200 [ 1413.693531][ T22] __kasan_slab_alloc+0x95/0xb0 [ 1413.698365][ T22] __kmalloc+0x1e7/0x320 [ 1413.702680][ T22] tomoyo_realpath_from_path+0xc3/0x620 [ 1413.708250][ T22] tomoyo_path_perm+0x21b/0x400 [ 1413.713123][ T22] security_inode_getattr+0xcf/0x140 [ 1413.718404][ T22] vfs_statx+0x164/0x390 [ 1413.722641][ T22] __do_sys_newlstat+0x91/0x110 [ 1413.727558][ T22] do_syscall_64+0x35/0xb0 [ 1413.732832][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1413.738713][ T22] [ 1413.741022][ T22] Memory state around the buggy address: [ 1413.746635][ T22] ffff88807ca63200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1413.754682][ T22] ffff88807ca63280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1413.762727][ T22] >ffff88807ca63300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1413.770773][ T22] ^ [ 1413.775868][ T22] ffff88807ca63380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1413.783910][ T22] ffff88807ca63400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1413.791958][ T22] ================================================================== [ 1413.799998][ T22] Disabling lock debugging due to kernel taint [ 1413.809249][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 1413.815846][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 1413.824957][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.835013][ T22] Call Trace: [ 1413.838295][ T22] dump_stack_lvl+0xcd/0x134 [ 1413.842896][ T22] panic+0x2b0/0x6dd [ 1413.846809][ T22] ? __warn_printk+0xf3/0xf3 [ 1413.851386][ T22] ? preempt_schedule_common+0x59/0xc0 [ 1413.856925][ T22] ? __d_alloc+0x19a/0x950 [ 1413.861336][ T22] ? preempt_schedule_thunk+0x16/0x18 [ 1413.866707][ T22] ? trace_hardirqs_on+0x38/0x1c0 [ 1413.871770][ T22] ? trace_hardirqs_on+0x51/0x1c0 [ 1413.876787][ T22] ? __d_alloc+0x19a/0x950 [ 1413.881195][ T22] ? __d_alloc+0x19a/0x950 [ 1413.885596][ T22] end_report.cold+0x63/0x6f [ 1413.890174][ T22] kasan_report.cold+0x71/0xdf [ 1413.894924][ T22] ? __d_alloc+0x19a/0x950 [ 1413.899328][ T22] kasan_check_range+0x13d/0x180 [ 1413.904259][ T22] memcpy+0x20/0x60 [ 1413.908062][ T22] __d_alloc+0x19a/0x950 [ 1413.912296][ T22] d_alloc+0x4a/0x230 [ 1413.916283][ T22] __lookup_hash+0xc8/0x180 [ 1413.920777][ T22] kern_path_locked+0x17e/0x320 [ 1413.925720][ T22] ? filename_lookup+0x80/0x80 [ 1413.930480][ T22] handle_remove+0xa2/0x5fe [ 1413.934985][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1413.940604][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1413.946569][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1413.952369][ T22] ? find_held_lock+0x2d/0x110 [ 1413.957116][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1413.961531][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1413.966370][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1413.971467][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1413.976389][ T22] devtmpfsd+0x1b9/0x2a3 [ 1413.980616][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1413.986144][ T22] kthread+0x3e5/0x4d0 [ 1413.990195][ T22] ? set_kthread_struct+0x130/0x130 [ 1413.995379][ T22] ret_from_fork+0x1f/0x30 [ 1414.000036][ T22] Kernel Offset: disabled [ 1414.004417][ T22] Rebooting in 86400 seconds..