[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. 2021/09/10 00:48:35 parsed 1 programs 2021/09/10 00:48:35 executed programs: 0 syzkaller login: [ 1102.237194][ T6551] chnl_net:caif_netlink_parms(): no params data found [ 1102.310650][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.320713][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state [ 1102.328519][ T6551] device bridge_slave_0 entered promiscuous mode [ 1102.338977][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.346814][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state [ 1102.355328][ T6551] device bridge_slave_1 entered promiscuous mode [ 1102.386041][ T6551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1102.397269][ T6551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1102.431207][ T6551] team0: Port device team_slave_0 added [ 1102.438555][ T6551] team0: Port device team_slave_1 added [ 1102.467440][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1102.474542][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1102.501069][ T6551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1102.513847][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1102.520881][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1102.547106][ T6551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1102.588043][ T6551] device hsr_slave_0 entered promiscuous mode [ 1102.595371][ T6551] device hsr_slave_1 entered promiscuous mode [ 1102.718667][ T6551] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1102.728772][ T6551] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1102.738793][ T6551] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1102.748798][ T6551] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1102.773539][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.780819][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1102.788552][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.795658][ T6551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1102.841303][ T6551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1102.854943][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1102.867239][ T1051] bridge0: port 1(bridge_slave_0) entered disabled state [ 1102.876434][ T1051] bridge0: port 2(bridge_slave_1) entered disabled state [ 1102.886701][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1102.901674][ T6551] 8021q: adding VLAN 0 to HW filter on device team0 [ 1102.913491][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1102.922767][ T1051] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.929897][ T1051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1102.941603][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1102.950959][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.958006][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1102.983460][ T2951] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1102.993157][ T2951] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1103.001656][ T2951] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1103.015373][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1103.027573][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1103.038007][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1103.059870][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1103.067337][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1103.080598][ T6551] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1103.100620][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1103.121497][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1103.130472][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1103.138161][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1103.148503][ T6551] device veth0_vlan entered promiscuous mode [ 1103.162723][ T6551] device veth1_vlan entered promiscuous mode [ 1103.184245][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1103.192880][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1103.201708][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1103.214758][ T6551] device veth0_macvtap entered promiscuous mode [ 1103.224961][ T6551] device veth1_macvtap entered promiscuous mode [ 1103.244302][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1103.252571][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1103.262061][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1103.275112][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1103.283591][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1103.293361][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1103.305524][ T6551] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1103.314580][ T6551] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1103.323492][ T6551] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1103.341869][ T6551] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1103.428830][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1103.474345][ T1461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1103.489496][ T1461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1103.490657][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1103.498182][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1103.517041][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1104.705629][ T1101] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.559547][ T6551] syz-executor.0 (6551) used greatest stack depth: 22552 bytes left [ 1106.940879][ T1101] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.208683][ T1101] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.272084][ T6919] chnl_net:caif_netlink_parms(): no params data found [ 1109.618975][ T1101] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.685306][ T6919] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.693775][ T6919] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.704788][ T6919] device bridge_slave_0 entered promiscuous mode [ 1109.714742][ T6919] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.722808][ T6919] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.731499][ T6919] device bridge_slave_1 entered promiscuous mode [ 1109.765044][ T6919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1109.778034][ T6919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1109.813174][ T6919] team0: Port device team_slave_0 added [ 1109.822144][ T6919] team0: Port device team_slave_1 added [ 1109.874222][ T6919] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1109.884293][ T6919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1109.936023][ T6919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1109.972352][ T6919] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1110.018283][ T6919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1110.085756][ T6919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1110.769256][ T1051] Bluetooth: hci0: command 0x0409 tx timeout [ 1110.891987][ T6919] device hsr_slave_0 entered promiscuous mode [ 1110.899108][ T6919] device hsr_slave_1 entered promiscuous mode [ 1110.905506][ T6919] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1110.913856][ T6919] Cannot create hsr debugfs directory [ 1111.998410][ T6919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1112.012428][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1112.021893][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1112.311062][ T6919] 8021q: adding VLAN 0 to HW filter on device team0 [ 1112.322503][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1112.331061][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1112.340572][ T6884] bridge0: port 1(bridge_slave_0) entered blocking state [ 1112.347603][ T6884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1112.637983][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1112.648086][ T6526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1112.656787][ T6526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1112.666144][ T6526] bridge0: port 2(bridge_slave_1) entered blocking state [ 1112.673272][ T6526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1112.857990][ T6882] Bluetooth: hci0: command 0x041b tx timeout [ 1112.981003][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1112.989986][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1112.999561][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1113.009406][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1113.017687][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1113.027286][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1113.036767][ T6882] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1113.331850][ T6919] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1113.342551][ T6919] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1113.357025][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1113.366134][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1113.374903][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1113.383596][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1113.392345][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1113.699592][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1113.707253][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1113.717358][ T6919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1114.149227][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1114.161485][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1114.201284][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1114.211737][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1114.553512][ T6919] device veth0_vlan entered promiscuous mode [ 1114.560174][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1114.568517][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1114.600908][ T1101] device hsr_slave_0 left promiscuous mode [ 1114.608839][ T1101] device hsr_slave_1 left promiscuous mode [ 1114.615459][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1114.623728][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1114.634102][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1114.642348][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1114.651647][ T1101] device bridge_slave_1 left promiscuous mode [ 1114.658882][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 1114.673346][ T1101] device bridge_slave_0 left promiscuous mode [ 1114.679734][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 1114.696824][ T1101] device veth1_macvtap left promiscuous mode [ 1114.703151][ T1101] device veth0_macvtap left promiscuous mode [ 1114.710172][ T1101] device veth1_vlan left promiscuous mode [ 1114.716062][ T1101] device veth0_vlan left promiscuous mode [ 1114.937719][ T6882] Bluetooth: hci0: command 0x040f tx timeout [ 1115.488968][ T1357] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.495452][ T1357] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.007589][ T6882] Bluetooth: hci0: command 0x0419 tx timeout [ 1128.722789][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 1128.734627][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 1128.748563][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1128.762579][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1128.814548][ T1101] bond0 (unregistering): Released all slaves [ 1128.853985][ T6919] device veth1_vlan entered promiscuous mode [ 1128.867623][ T6525] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1128.909772][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1128.919709][ T1051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1128.930741][ T6919] device veth0_macvtap entered promiscuous mode [ 1128.942461][ T6919] device veth1_macvtap entered promiscuous mode [ 1128.968190][ T6919] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1128.975504][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1128.987237][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1128.995015][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1129.005344][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1129.021412][ T6919] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1129.028955][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1129.039963][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1129.120047][ T1461] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1129.161564][ T1461] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1129.198759][ T6526] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1129.218905][ T6917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1129.241117][ T6917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1129.265115][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1133.579340][ T7322] chnl_net:caif_netlink_parms(): no params data found [ 1134.209343][ T7322] bridge0: port 1(bridge_slave_0) entered blocking state [ 1134.217956][ T7322] bridge0: port 1(bridge_slave_0) entered disabled state [ 1134.226063][ T7322] device bridge_slave_0 entered promiscuous mode [ 1134.234665][ T7322] bridge0: port 2(bridge_slave_1) entered blocking state [ 1134.242333][ T7322] bridge0: port 2(bridge_slave_1) entered disabled state [ 1134.250936][ T7322] device bridge_slave_1 entered promiscuous mode [ 1134.556946][ T7322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1134.856199][ T7322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1134.893860][ T7322] team0: Port device team_slave_0 added [ 1134.915768][ T7322] team0: Port device team_slave_1 added [ 1134.925670][ T6882] Bluetooth: hci0: command 0x0409 tx timeout [ 1135.239746][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1135.246930][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.273359][ T7322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1135.291143][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1135.298935][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.325856][ T7322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1135.352308][ T1101] device hsr_slave_0 left promiscuous mode [ 1135.359589][ T1101] device hsr_slave_1 left promiscuous mode [ 1135.367951][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1135.376186][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1135.384635][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1135.392717][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1135.402085][ T1101] device bridge_slave_1 left promiscuous mode [ 1135.408699][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 1135.417472][ T1101] device bridge_slave_0 left promiscuous mode [ 1135.423661][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 1135.436944][ T1101] device veth1_macvtap left promiscuous mode [ 1135.442974][ T1101] device veth0_macvtap left promiscuous mode [ 1135.450458][ T1101] device veth1_vlan left promiscuous mode [ 1135.456952][ T1101] device veth0_vlan left promiscuous mode [ 1137.005287][ T6882] Bluetooth: hci0: command 0x041b tx timeout [ 1139.084994][ T6882] Bluetooth: hci0: command 0x040f tx timeout [ 1141.174764][ T6882] Bluetooth: hci0: command 0x0419 tx timeout [ 1149.049891][ T22] ================================================================== [ 1149.058098][ T22] BUG: KASAN: use-after-free in __d_alloc+0x19a/0x950 [ 1149.064934][ T22] Read of size 5 at addr ffff888079aaa220 by task kdevtmpfs/22 [ 1149.072511][ T22] [ 1149.074821][ T22] CPU: 0 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 1149.082523][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1149.092562][ T22] Call Trace: [ 1149.095846][ T22] dump_stack_lvl+0xcd/0x134 [ 1149.100488][ T22] print_address_description.constprop.0.cold+0x6c/0x309 [ 1149.107522][ T22] ? __d_alloc+0x19a/0x950 [ 1149.111922][ T22] ? __d_alloc+0x19a/0x950 [ 1149.116323][ T22] kasan_report.cold+0x83/0xdf [ 1149.121074][ T22] ? __d_alloc+0x19a/0x950 [ 1149.125479][ T22] kasan_check_range+0x13d/0x180 [ 1149.130479][ T22] memcpy+0x20/0x60 [ 1149.134394][ T22] __d_alloc+0x19a/0x950 [ 1149.138643][ T22] d_alloc+0x4a/0x230 [ 1149.142668][ T22] __lookup_hash+0xc8/0x180 [ 1149.147199][ T22] kern_path_locked+0x17e/0x320 [ 1149.152041][ T22] ? filename_lookup+0x80/0x80 [ 1149.156799][ T22] handle_remove+0xa2/0x5fe [ 1149.161336][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1149.166958][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1149.172959][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1149.178794][ T22] ? find_held_lock+0x2d/0x110 [ 1149.183545][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1149.187901][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1149.192737][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1149.197761][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1149.202711][ T22] devtmpfsd+0x1b9/0x2a3 [ 1149.206946][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1149.212493][ T22] kthread+0x3e5/0x4d0 [ 1149.216616][ T22] ? set_kthread_struct+0x130/0x130 [ 1149.221801][ T22] ret_from_fork+0x1f/0x30 [ 1149.226230][ T22] [ 1149.228538][ T22] Allocated by task 22: [ 1149.232683][ T22] kasan_save_stack+0x1b/0x40 [ 1149.237376][ T22] __kasan_slab_alloc+0x83/0xb0 [ 1149.242212][ T22] kmem_cache_alloc+0x209/0x390 [ 1149.247047][ T22] getname_kernel+0x4e/0x370 [ 1149.251636][ T22] kern_path_locked+0x71/0x320 [ 1149.256400][ T22] handle_remove+0xa2/0x5fe [ 1149.260896][ T22] devtmpfsd+0x1b9/0x2a3 [ 1149.265127][ T22] kthread+0x3e5/0x4d0 [ 1149.269193][ T22] ret_from_fork+0x1f/0x30 [ 1149.273605][ T22] [ 1149.275910][ T22] Freed by task 22: [ 1149.279697][ T22] kasan_save_stack+0x1b/0x40 [ 1149.284367][ T22] kasan_set_track+0x1c/0x30 [ 1149.289029][ T22] kasan_set_free_info+0x20/0x30 [ 1149.293952][ T22] __kasan_slab_free+0xff/0x130 [ 1149.298887][ T22] slab_free_freelist_hook+0x81/0x190 [ 1149.304278][ T22] kmem_cache_free+0x8a/0x5b0 [ 1149.308944][ T22] putname.part.0+0xe1/0x120 [ 1149.313529][ T22] kern_path_locked+0xc2/0x320 [ 1149.318284][ T22] handle_remove+0xa2/0x5fe [ 1149.322780][ T22] devtmpfsd+0x1b9/0x2a3 [ 1149.327015][ T22] kthread+0x3e5/0x4d0 [ 1149.331161][ T22] ret_from_fork+0x1f/0x30 [ 1149.335656][ T22] [ 1149.337983][ T22] The buggy address belongs to the object at ffff888079aaa200 [ 1149.337983][ T22] which belongs to the cache names_cache of size 4096 [ 1149.352107][ T22] The buggy address is located 32 bytes inside of [ 1149.352107][ T22] 4096-byte region [ffff888079aaa200, ffff888079aab200) [ 1149.365378][ T22] The buggy address belongs to the page: [ 1149.371074][ T22] page:ffffea0001e6aa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79aa8 [ 1149.381207][ T22] head:ffffea0001e6aa00 order:3 compound_mapcount:0 compound_pincount:0 [ 1149.389600][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1149.397582][ T22] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010dc53c0 [ 1149.406149][ T22] raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000 [ 1149.414710][ T22] page dumped because: kasan: bad access detected [ 1149.421100][ T22] page_owner tracks the page as allocated [ 1149.426793][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2963, ts 17876434892, free_ts 14078628402 [ 1149.445958][ T22] get_page_from_freelist+0xa72/0x2f80 [ 1149.451434][ T22] __alloc_pages+0x1b2/0x500 [ 1149.456010][ T22] alloc_pages+0x1a7/0x300 [ 1149.460408][ T22] new_slab+0x319/0x490 [ 1149.464552][ T22] ___slab_alloc+0x921/0xfe0 [ 1149.469127][ T22] __slab_alloc.constprop.0+0x4d/0xa0 [ 1149.474484][ T22] kmem_cache_alloc+0x365/0x390 [ 1149.479322][ T22] getname_flags.part.0+0x50/0x4f0 [ 1149.484422][ T22] getname_flags+0x9a/0xe0 [ 1149.488834][ T22] user_path_at_empty+0x2b/0x90 [ 1149.493774][ T22] do_faccessat+0x127/0x850 [ 1149.498331][ T22] do_syscall_64+0x35/0xb0 [ 1149.502759][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1149.508663][ T22] page last free stack trace: [ 1149.513317][ T22] free_pcp_prepare+0x2c5/0x780 [ 1149.518154][ T22] free_unref_page+0x19/0x690 [ 1149.522908][ T22] free_contig_range+0xa8/0xf0 [ 1149.527657][ T22] destroy_args+0xa8/0x646 [ 1149.532105][ T22] debug_vm_pgtable+0x295b/0x29ed [ 1149.537114][ T22] do_one_initcall+0x103/0x650 [ 1149.541875][ T22] kernel_init_freeable+0x6b1/0x73a [ 1149.547059][ T22] kernel_init+0x1a/0x1d0 [ 1149.551371][ T22] ret_from_fork+0x1f/0x30 [ 1149.555775][ T22] [ 1149.558168][ T22] Memory state around the buggy address: [ 1149.563785][ T22] ffff888079aaa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1149.571847][ T22] ffff888079aaa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1149.579890][ T22] >ffff888079aaa200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1149.587931][ T22] ^ [ 1149.593021][ T22] ffff888079aaa280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1149.601062][ T22] ffff888079aaa300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1149.609113][ T22] ================================================================== [ 1149.617163][ T22] Disabling lock debugging due to kernel taint [ 1149.629174][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 1149.635780][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 1149.644896][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1149.655002][ T22] Call Trace: [ 1149.658363][ T22] dump_stack_lvl+0xcd/0x134 [ 1149.662954][ T22] panic+0x2b0/0x6dd [ 1149.666862][ T22] ? __warn_printk+0xf3/0xf3 [ 1149.671434][ T22] ? preempt_schedule_common+0x59/0xc0 [ 1149.676884][ T22] ? __d_alloc+0x19a/0x950 [ 1149.681808][ T22] ? preempt_schedule_thunk+0x16/0x18 [ 1149.687169][ T22] ? trace_hardirqs_on+0x38/0x1c0 [ 1149.692282][ T22] ? trace_hardirqs_on+0x51/0x1c0 [ 1149.697295][ T22] ? __d_alloc+0x19a/0x950 [ 1149.701692][ T22] ? __d_alloc+0x19a/0x950 [ 1149.706090][ T22] end_report.cold+0x63/0x6f [ 1149.710672][ T22] kasan_report.cold+0x71/0xdf [ 1149.715430][ T22] ? __d_alloc+0x19a/0x950 [ 1149.719902][ T22] kasan_check_range+0x13d/0x180 [ 1149.724838][ T22] memcpy+0x20/0x60 [ 1149.728636][ T22] __d_alloc+0x19a/0x950 [ 1149.732867][ T22] d_alloc+0x4a/0x230 [ 1149.736833][ T22] __lookup_hash+0xc8/0x180 [ 1149.741367][ T22] kern_path_locked+0x17e/0x320 [ 1149.746206][ T22] ? filename_lookup+0x80/0x80 [ 1149.750956][ T22] handle_remove+0xa2/0x5fe [ 1149.755448][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1149.761064][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1149.767064][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1149.772857][ T22] ? find_held_lock+0x2d/0x110 [ 1149.777602][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1149.781916][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1149.786749][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1149.791756][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1149.796677][ T22] devtmpfsd+0x1b9/0x2a3 [ 1149.800904][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1149.806432][ T22] kthread+0x3e5/0x4d0 [ 1149.810486][ T22] ? set_kthread_struct+0x130/0x130 [ 1149.815674][ T22] ret_from_fork+0x1f/0x30 [ 1149.820326][ T22] Kernel Offset: disabled [ 1149.824635][ T22] Rebooting in 86400 seconds..