Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts. 2021/09/06 21:05:45 parsed 1 programs 2021/09/06 21:05:45 executed programs: 0 syzkaller login: [ 304.844564][ T8441] chnl_net:caif_netlink_parms(): no params data found [ 304.927590][ T8441] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.936185][ T8441] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.946406][ T8441] device bridge_slave_0 entered promiscuous mode [ 304.955409][ T8441] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.963205][ T8441] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.971757][ T8441] device bridge_slave_1 entered promiscuous mode [ 305.005597][ T8441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.016642][ T8441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 305.050002][ T8441] team0: Port device team_slave_0 added [ 305.057207][ T8441] team0: Port device team_slave_1 added [ 305.083264][ T8441] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.090513][ T8441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.116770][ T8441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 305.130339][ T8441] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.137283][ T8441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.163419][ T8441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.203148][ T8441] device hsr_slave_0 entered promiscuous mode [ 305.211234][ T8441] device hsr_slave_1 entered promiscuous mode [ 305.339297][ T8441] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 305.350959][ T8441] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 305.361217][ T8441] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 305.370637][ T8441] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 305.395114][ T8441] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.402298][ T8441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.410353][ T8441] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.417419][ T8441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.462159][ T8441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.474620][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 305.486042][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.495130][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.504116][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 305.516891][ T8441] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.529548][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 305.537974][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.545296][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.556649][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 305.565524][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.572989][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.592715][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 305.601926][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 305.615715][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 305.627633][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 305.640409][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 305.652072][ T8441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 305.670749][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 305.678143][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 305.693470][ T8441] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.712324][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 305.733251][ T8441] device veth0_vlan entered promiscuous mode [ 305.741085][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 305.750622][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 305.758159][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 305.774144][ T8441] device veth1_vlan entered promiscuous mode [ 305.796181][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 305.804395][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 305.814030][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 305.827012][ T8441] device veth0_macvtap entered promiscuous mode [ 305.838077][ T8441] device veth1_macvtap entered promiscuous mode [ 305.854402][ T8441] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 305.863461][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 305.873792][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 305.887139][ T8441] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 305.894857][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 305.904310][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 305.915832][ T8441] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.925065][ T8441] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.933837][ T8441] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.942632][ T8441] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.036785][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.045617][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.084470][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 306.103086][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.114872][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.125143][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 306.565601][ T210] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.873906][ T210] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.280915][ T210] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.436759][ T210] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.504980][ T8805] chnl_net:caif_netlink_parms(): no params data found [ 311.584151][ T8805] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.592621][ T8805] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.602826][ T8805] device bridge_slave_0 entered promiscuous mode [ 311.612542][ T8805] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.619792][ T8805] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.627459][ T8805] device bridge_slave_1 entered promiscuous mode [ 311.664145][ T8805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 311.682164][ T8805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 311.728026][ T8805] team0: Port device team_slave_0 added [ 311.750789][ T8805] team0: Port device team_slave_1 added [ 311.781051][ T8805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 311.788011][ T8805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.815183][ T8805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 311.833031][ T8805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 311.842322][ T8805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.869364][ T8805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.977253][ T8805] device hsr_slave_0 entered promiscuous mode [ 312.002934][ T8805] device hsr_slave_1 entered promiscuous mode [ 312.022792][ T8805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 312.043308][ T8805] Cannot create hsr debugfs directory [ 312.805909][ T8805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.819864][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 312.827554][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 312.915478][ T8805] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.926303][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 312.937630][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 312.946711][ T3166] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.953824][ T3166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.962760][ T3166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 312.978685][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 312.987205][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 312.995708][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.002830][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.015964][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 313.028163][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 313.129467][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 313.139321][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 313.147582][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 313.159796][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 313.168716][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 313.170177][ T4854] Bluetooth: hci0: command 0x0409 tx timeout [ 313.177097][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 313.191448][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 313.200300][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 313.209739][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 313.302532][ T8805] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 313.323247][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 313.330834][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 313.347375][ T8805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 313.568711][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 313.577217][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 313.597743][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 313.606947][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 313.615988][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 313.623840][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 313.711569][ T8805] device veth0_vlan entered promiscuous mode [ 313.725410][ T8805] device veth1_vlan entered promiscuous mode [ 313.747864][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 313.756173][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 313.764326][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 313.773036][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 313.872735][ T8805] device veth0_macvtap entered promiscuous mode [ 313.883342][ T8805] device veth1_macvtap entered promiscuous mode [ 313.902547][ T8805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 313.913806][ T8805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 313.926011][ T8805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 313.940644][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 313.949278][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 313.963468][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 313.973870][ T3180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 313.984751][ T8805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 313.995386][ T8805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 314.006605][ T8805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.094748][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 314.103262][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 314.167847][ T210] device hsr_slave_0 left promiscuous mode [ 314.181864][ T210] device hsr_slave_1 left promiscuous mode [ 314.194173][ T210] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.202871][ T210] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.212492][ T210] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.220513][ T210] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.229454][ T210] device bridge_slave_1 left promiscuous mode [ 314.236399][ T210] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.249861][ T210] device bridge_slave_0 left promiscuous mode [ 314.256029][ T210] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.273729][ T210] device veth1_macvtap left promiscuous mode [ 314.281419][ T210] device veth0_macvtap left promiscuous mode [ 314.287446][ T210] device veth1_vlan left promiscuous mode [ 314.295644][ T210] device veth0_vlan left promiscuous mode [ 315.248040][ T8773] Bluetooth: hci0: command 0x041b tx timeout [ 316.840023][ T3251] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.846603][ T3251] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.318040][ T8773] Bluetooth: hci0: command 0x040f tx timeout [ 317.857092][ T210] team0 (unregistering): Port device team_slave_1 removed [ 317.872612][ T210] team0 (unregistering): Port device team_slave_0 removed [ 317.887501][ T210] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.903083][ T210] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.956360][ T210] bond0 (unregistering): Released all slaves [ 318.082825][ T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.117463][ T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.146359][ T3090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.152286][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 318.170684][ T3090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.180189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 321.033992][ T210] device hsr_slave_0 left promiscuous mode [ 321.042006][ T210] device hsr_slave_1 left promiscuous mode [ 321.050855][ T210] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 321.062563][ T210] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 321.071759][ T210] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 321.080521][ T210] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 321.089430][ T210] device bridge_slave_1 left promiscuous mode [ 321.095788][ T210] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.105112][ T210] device bridge_slave_0 left promiscuous mode [ 321.111594][ T210] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.123638][ T210] device veth1_macvtap left promiscuous mode [ 321.130617][ T210] device veth0_macvtap left promiscuous mode [ 321.136654][ T210] device veth1_vlan left promiscuous mode [ 321.143825][ T210] device veth0_vlan left promiscuous mode [ 322.759146][ T20] Bluetooth: hci0: command 0x0409 tx timeout [ 324.501582][ T22] ================================================================== [ 324.509887][ T22] BUG: KASAN: use-after-free in __d_alloc+0x19a/0x950 [ 324.516714][ T22] Read of size 5 at addr ffff88807ef46620 by task kdevtmpfs/22 [ 324.524245][ T22] [ 324.526554][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 324.534258][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.544302][ T22] Call Trace: [ 324.547570][ T22] dump_stack_lvl+0xcd/0x134 [ 324.552200][ T22] print_address_description.constprop.0.cold+0x6c/0x309 [ 324.559218][ T22] ? __d_alloc+0x19a/0x950 [ 324.563621][ T22] ? __d_alloc+0x19a/0x950 [ 324.568038][ T22] kasan_report.cold+0x83/0xdf [ 324.572786][ T22] ? __d_alloc+0x19a/0x950 [ 324.577189][ T22] kasan_check_range+0x13d/0x180 [ 324.582149][ T22] memcpy+0x20/0x60 [ 324.585944][ T22] __d_alloc+0x19a/0x950 [ 324.590187][ T22] d_alloc+0x4a/0x230 [ 324.594184][ T22] __lookup_hash+0xc8/0x180 [ 324.598685][ T22] kern_path_locked+0x17e/0x320 [ 324.603985][ T22] ? filename_lookup+0x80/0x80 [ 324.608765][ T22] handle_remove+0xa2/0x5fe [ 324.613322][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 324.618966][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 324.625010][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 324.630869][ T22] ? find_held_lock+0x2d/0x110 [ 324.635645][ T22] ? devtmpfsd+0xaa/0x2a3 [ 324.640012][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 324.644864][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 324.649892][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 324.654848][ T22] devtmpfsd+0x1b9/0x2a3 [ 324.659106][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 324.664714][ T22] kthread+0x3e5/0x4d0 [ 324.668879][ T22] ? set_kthread_struct+0x130/0x130 [ 324.674090][ T22] ret_from_fork+0x1f/0x30 [ 324.678544][ T22] [ 324.680862][ T22] Allocated by task 22: [ 324.685019][ T22] kasan_save_stack+0x1b/0x40 [ 324.689776][ T22] __kasan_slab_alloc+0x83/0xb0 [ 324.694628][ T22] kmem_cache_alloc+0x285/0x4a0 [ 324.699483][ T22] getname_kernel+0x4e/0x370 [ 324.704075][ T22] kern_path_locked+0x71/0x320 [ 324.708844][ T22] handle_remove+0xa2/0x5fe [ 324.713354][ T22] devtmpfsd+0x1b9/0x2a3 [ 324.717604][ T22] kthread+0x3e5/0x4d0 [ 324.721697][ T22] ret_from_fork+0x1f/0x30 [ 324.726114][ T22] [ 324.728427][ T22] Freed by task 22: [ 324.732227][ T22] kasan_save_stack+0x1b/0x40 [ 324.736917][ T22] kasan_set_track+0x1c/0x30 [ 324.741514][ T22] kasan_set_free_info+0x20/0x30 [ 324.746453][ T22] __kasan_slab_free+0xff/0x130 [ 324.751315][ T22] slab_free_freelist_hook+0xe3/0x250 [ 324.756702][ T22] kmem_cache_free+0x8a/0x5b0 [ 324.761391][ T22] putname.part.0+0xe1/0x120 [ 324.765986][ T22] kern_path_locked+0xc2/0x320 [ 324.770756][ T22] handle_remove+0xa2/0x5fe [ 324.775269][ T22] devtmpfsd+0x1b9/0x2a3 [ 324.779512][ T22] kthread+0x3e5/0x4d0 [ 324.783584][ T22] ret_from_fork+0x1f/0x30 [ 324.788087][ T22] [ 324.790416][ T22] The buggy address belongs to the object at ffff88807ef46600 [ 324.790416][ T22] which belongs to the cache names_cache of size 4096 [ 324.804642][ T22] The buggy address is located 32 bytes inside of [ 324.804642][ T22] 4096-byte region [ffff88807ef46600, ffff88807ef47600) [ 324.817918][ T22] The buggy address belongs to the page: [ 324.823543][ T22] page:ffffea0001fbd000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ef40 [ 324.833705][ T22] head:ffffea0001fbd000 order:3 compound_mapcount:0 compound_pincount:0 [ 324.842034][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 324.850047][ T22] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff8881400063c0 [ 324.858627][ T22] raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000 [ 324.867195][ T22] page dumped because: kasan: bad access detected [ 324.873605][ T22] page_owner tracks the page as allocated [ 324.879390][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 67769703885, free_ts 67762424046 [ 324.898222][ T22] get_page_from_freelist+0xa72/0x2f80 [ 324.903705][ T22] __alloc_pages+0x1b2/0x500 [ 324.908293][ T22] alloc_pages+0x1a7/0x300 [ 324.912786][ T22] allocate_slab+0x32e/0x4b0 [ 324.917370][ T22] ___slab_alloc+0x473/0x7b0 [ 324.921958][ T22] __slab_alloc.constprop.0+0xa7/0xf0 [ 324.927326][ T22] kmem_cache_alloc+0x3e1/0x4a0 [ 324.932174][ T22] getname_flags.part.0+0x50/0x4f0 [ 324.937281][ T22] getname_flags+0x9a/0xe0 [ 324.941701][ T22] user_path_at_empty+0x2b/0x90 [ 324.946565][ T22] vfs_statx+0x142/0x390 [ 324.950795][ T22] __do_sys_newlstat+0x91/0x110 [ 324.955635][ T22] do_syscall_64+0x35/0xb0 [ 324.960113][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 324.966289][ T22] page last free stack trace: [ 324.970945][ T22] free_pcp_prepare+0x2c5/0x780 [ 324.975789][ T22] free_unref_page+0x19/0x690 [ 324.980458][ T22] unfreeze_partials+0x16c/0x1b0 [ 324.985408][ T22] put_cpu_partial+0x13d/0x230 [ 324.990164][ T22] qlist_free_all+0x5a/0xc0 [ 324.994658][ T22] kasan_quarantine_reduce+0x180/0x200 [ 325.000125][ T22] __kasan_slab_alloc+0x95/0xb0 [ 325.004965][ T22] __kmalloc+0x1f4/0x330 [ 325.009199][ T22] tomoyo_realpath_from_path+0xc3/0x620 [ 325.014889][ T22] tomoyo_path_perm+0x21b/0x400 [ 325.019749][ T22] security_inode_getattr+0xcf/0x140 [ 325.025067][ T22] vfs_statx+0x164/0x390 [ 325.029315][ T22] __do_sys_newlstat+0x91/0x110 [ 325.034164][ T22] do_syscall_64+0x35/0xb0 [ 325.038582][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 325.044489][ T22] [ 325.046810][ T22] Memory state around the buggy address: [ 325.052436][ T22] ffff88807ef46500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 325.060492][ T22] ffff88807ef46580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 325.068544][ T22] >ffff88807ef46600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.076600][ T22] ^ [ 325.081699][ T22] ffff88807ef46680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.089749][ T22] ffff88807ef46700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 325.097812][ T22] ================================================================== [ 325.105860][ T22] Disabling lock debugging due to kernel taint [ 325.113831][ T20] Bluetooth: hci0: command 0x041b tx timeout [ 325.123315][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 325.129904][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 325.139014][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.149067][ T22] Call Trace: [ 325.152328][ T22] dump_stack_lvl+0xcd/0x134 [ 325.157014][ T22] panic+0x2b0/0x6dd [ 325.160935][ T22] ? __warn_printk+0xf3/0xf3 [ 325.165512][ T22] ? preempt_schedule_common+0x59/0xc0 [ 325.170957][ T22] ? __d_alloc+0x19a/0x950 [ 325.175354][ T22] ? preempt_schedule_thunk+0x16/0x18 [ 325.180708][ T22] ? trace_hardirqs_on+0x38/0x1c0 [ 325.185773][ T22] ? trace_hardirqs_on+0x51/0x1c0 [ 325.190784][ T22] ? __d_alloc+0x19a/0x950 [ 325.195189][ T22] ? __d_alloc+0x19a/0x950 [ 325.199584][ T22] end_report.cold+0x63/0x6f [ 325.204537][ T22] kasan_report.cold+0x71/0xdf [ 325.209288][ T22] ? __d_alloc+0x19a/0x950 [ 325.213683][ T22] kasan_check_range+0x13d/0x180 [ 325.218609][ T22] memcpy+0x20/0x60 [ 325.222407][ T22] __d_alloc+0x19a/0x950 [ 325.226657][ T22] d_alloc+0x4a/0x230 [ 325.230638][ T22] __lookup_hash+0xc8/0x180 [ 325.235134][ T22] kern_path_locked+0x17e/0x320 [ 325.239989][ T22] ? filename_lookup+0x80/0x80 [ 325.244748][ T22] handle_remove+0xa2/0x5fe [ 325.249248][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 325.254876][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 325.260855][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 325.266655][ T22] ? find_held_lock+0x2d/0x110 [ 325.271410][ T22] ? devtmpfsd+0xaa/0x2a3 [ 325.275729][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 325.280569][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 325.285588][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 325.290517][ T22] devtmpfsd+0x1b9/0x2a3 [ 325.294752][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 325.300295][ T22] kthread+0x3e5/0x4d0 [ 325.304366][ T22] ? set_kthread_struct+0x130/0x130 [ 325.309561][ T22] ret_from_fork+0x1f/0x30 [ 325.314026][ T22] Kernel Offset: disabled [ 325.318335][ T22] Rebooting in 86400 seconds..