[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.116' (ECDSA) to the list of known hosts. 2021/09/07 19:32:23 parsed 1 programs 2021/09/07 19:32:23 executed programs: 0 syzkaller login: [ 1076.386892][ T8457] chnl_net:caif_netlink_parms(): no params data found [ 1076.459678][ T8457] bridge0: port 1(bridge_slave_0) entered blocking state [ 1076.467400][ T8457] bridge0: port 1(bridge_slave_0) entered disabled state [ 1076.475211][ T8457] device bridge_slave_0 entered promiscuous mode [ 1076.485022][ T8457] bridge0: port 2(bridge_slave_1) entered blocking state [ 1076.492754][ T8457] bridge0: port 2(bridge_slave_1) entered disabled state [ 1076.501023][ T8457] device bridge_slave_1 entered promiscuous mode [ 1076.534189][ T8457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1076.545374][ T8457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1076.579999][ T8457] team0: Port device team_slave_0 added [ 1076.588319][ T8457] team0: Port device team_slave_1 added [ 1076.616563][ T8457] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1076.623519][ T8457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1076.650109][ T8457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1076.662909][ T8457] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1076.669942][ T8457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1076.695913][ T8457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1076.733521][ T8457] device hsr_slave_0 entered promiscuous mode [ 1076.740911][ T8457] device hsr_slave_1 entered promiscuous mode [ 1076.862999][ T8457] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1076.874599][ T8457] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1076.885206][ T8457] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1076.897112][ T8457] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1076.920107][ T8457] bridge0: port 2(bridge_slave_1) entered blocking state [ 1076.927275][ T8457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1076.934804][ T8457] bridge0: port 1(bridge_slave_0) entered blocking state [ 1076.942060][ T8457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1076.985386][ T8457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1076.999272][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1077.010763][ T30] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.019736][ T30] bridge0: port 2(bridge_slave_1) entered disabled state [ 1077.028431][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1077.041265][ T8457] 8021q: adding VLAN 0 to HW filter on device team0 [ 1077.052965][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1077.062304][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 1077.069382][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1077.081543][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1077.090638][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 1077.097751][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1077.117501][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1077.127579][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1077.146850][ T8431] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1077.155155][ T8431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1077.164093][ T8431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1077.177299][ T8457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1077.195918][ T8431] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1077.203303][ T8431] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1077.216629][ T8457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1077.235366][ T8431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1077.256844][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1077.265212][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1077.274258][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1077.287526][ T8457] device veth0_vlan entered promiscuous mode [ 1077.299645][ T8457] device veth1_vlan entered promiscuous mode [ 1077.321426][ T8790] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1077.329801][ T8790] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1077.338650][ T8790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1077.350742][ T8457] device veth0_macvtap entered promiscuous mode [ 1077.361988][ T8457] device veth1_macvtap entered promiscuous mode [ 1077.370556][ T8790] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1077.390780][ T8457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1077.398580][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1077.409469][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1077.421553][ T8457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1077.429017][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1077.437678][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1077.449539][ T8457] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.458692][ T8457] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.467802][ T8457] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.479278][ T8457] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.580910][ T209] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1077.589589][ T209] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1077.608944][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1077.637946][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1077.648677][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1077.658816][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1078.098013][ T10] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.402201][ T10] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1082.746582][ T10] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1082.926809][ T10] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1082.940878][ T8825] chnl_net:caif_netlink_parms(): no params data found [ 1083.000768][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state [ 1083.010047][ T8825] bridge0: port 1(bridge_slave_0) entered disabled state [ 1083.018769][ T8825] device bridge_slave_0 entered promiscuous mode [ 1083.028337][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state [ 1083.035660][ T8825] bridge0: port 2(bridge_slave_1) entered disabled state [ 1083.043341][ T8825] device bridge_slave_1 entered promiscuous mode [ 1083.072243][ T8825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1083.086565][ T8825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1083.124465][ T8825] team0: Port device team_slave_0 added [ 1083.134704][ T8825] team0: Port device team_slave_1 added [ 1083.180426][ T8825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1083.187762][ T8825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.214317][ T8825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1083.228629][ T8825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1083.235669][ T8825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.262091][ T8825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1083.378023][ T8825] device hsr_slave_0 entered promiscuous mode [ 1083.388754][ T8825] device hsr_slave_1 entered promiscuous mode [ 1083.395847][ T8825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1083.403873][ T8825] Cannot create hsr debugfs directory [ 1084.308850][ T8825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1084.327091][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1084.334730][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1084.347331][ T8825] 8021q: adding VLAN 0 to HW filter on device team0 [ 1084.445067][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1084.453589][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1084.462902][ T8792] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.469995][ T8792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1084.478807][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1084.488166][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1084.496631][ T8792] bridge0: port 2(bridge_slave_1) entered blocking state [ 1084.503680][ T8792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1084.511536][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1084.520254][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1084.529487][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1084.606108][ T8790] Bluetooth: hci0: command 0x0409 tx timeout [ 1084.632994][ T8825] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1084.643706][ T8825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1084.656303][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1084.668279][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1084.677021][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1084.686981][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1084.696126][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1084.705414][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1084.713638][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1084.722355][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1084.731121][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1084.739209][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1084.844976][ T8432] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1084.852463][ T8432] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1084.936224][ T8825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1085.111649][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1085.120336][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1085.228720][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1085.236984][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1085.246183][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1085.253772][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1085.265731][ T8825] device veth0_vlan entered promiscuous mode [ 1085.389290][ T8825] device veth1_vlan entered promiscuous mode [ 1085.414025][ T8432] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1085.422630][ T8432] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1085.431433][ T8432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1085.440566][ T8432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1085.453228][ T8825] device veth0_macvtap entered promiscuous mode [ 1085.480726][ T10] device hsr_slave_0 left promiscuous mode [ 1085.488452][ T10] device hsr_slave_1 left promiscuous mode [ 1085.497383][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1085.505501][ T10] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1085.514317][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1085.521908][ T10] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1085.531469][ T10] device bridge_slave_1 left promiscuous mode [ 1085.538972][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.552493][ T10] device bridge_slave_0 left promiscuous mode [ 1085.560180][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.575957][ T10] device veth1_macvtap left promiscuous mode [ 1085.582150][ T10] device veth0_macvtap left promiscuous mode [ 1085.588738][ T10] device veth1_vlan left promiscuous mode [ 1085.594648][ T10] device veth0_vlan left promiscuous mode [ 1086.685007][ T8790] Bluetooth: hci0: command 0x041b tx timeout [ 1088.767632][ T8790] Bluetooth: hci0: command 0x040f tx timeout [ 1089.147901][ T10] team0 (unregistering): Port device team_slave_1 removed [ 1089.164457][ T10] team0 (unregistering): Port device team_slave_0 removed [ 1089.180500][ T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1089.193917][ T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1089.248393][ T10] bond0 (unregistering): Released all slaves [ 1089.296018][ T8825] device veth1_macvtap entered promiscuous mode [ 1089.302943][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1089.312214][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1089.343946][ T8825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1089.351440][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1089.361625][ T8792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1089.375783][ T8825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1089.383961][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1089.392528][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1089.478436][ T9193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1089.503593][ T9193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1089.520457][ T8823] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1089.536594][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1089.540930][ T8823] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1089.564167][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1092.358514][ T10] device hsr_slave_0 left promiscuous mode [ 1092.368728][ T10] device hsr_slave_1 left promiscuous mode [ 1092.377498][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1092.385318][ T10] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1092.393797][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1092.402129][ T10] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1092.411252][ T10] device bridge_slave_1 left promiscuous mode [ 1092.418319][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1092.427265][ T10] device bridge_slave_0 left promiscuous mode [ 1092.433409][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1092.446458][ T10] device veth1_macvtap left promiscuous mode [ 1092.452511][ T10] device veth0_macvtap left promiscuous mode [ 1092.460644][ T10] device veth1_vlan left promiscuous mode [ 1092.466595][ T10] device veth0_vlan left promiscuous mode [ 1094.124516][ T8790] Bluetooth: hci0: command 0x0409 tx timeout [ 1095.823670][ T22] ================================================================== [ 1095.831879][ T22] BUG: KASAN: use-after-free in __d_alloc+0x19a/0x950 [ 1095.838720][ T22] Read of size 5 at addr ffff88807d13b320 by task kdevtmpfs/22 [ 1095.846242][ T22] [ 1095.848548][ T22] CPU: 1 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-syzkaller #0 [ 1095.856248][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1095.866285][ T22] Call Trace: [ 1095.869552][ T22] dump_stack_lvl+0xcd/0x134 [ 1095.874159][ T22] print_address_description.constprop.0.cold+0x6c/0x309 [ 1095.881193][ T22] ? __d_alloc+0x19a/0x950 [ 1095.885594][ T22] ? __d_alloc+0x19a/0x950 [ 1095.889994][ T22] kasan_report.cold+0x83/0xdf [ 1095.894747][ T22] ? __d_alloc+0x19a/0x950 [ 1095.899153][ T22] kasan_check_range+0x13d/0x180 [ 1095.904132][ T22] memcpy+0x20/0x60 [ 1095.907927][ T22] __d_alloc+0x19a/0x950 [ 1095.912172][ T22] d_alloc+0x4a/0x230 [ 1095.916150][ T22] __lookup_hash+0xc8/0x180 [ 1095.920644][ T22] kern_path_locked+0x17e/0x320 [ 1095.925481][ T22] ? filename_lookup+0x80/0x80 [ 1095.930238][ T22] handle_remove+0xa2/0x5fe [ 1095.934788][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1095.940409][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1095.946433][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1095.952260][ T22] ? find_held_lock+0x2d/0x110 [ 1095.957015][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1095.961356][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1095.966190][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1095.971216][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1095.976144][ T22] devtmpfsd+0x1b9/0x2a3 [ 1095.980376][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1095.985915][ T22] kthread+0x3e5/0x4d0 [ 1095.990128][ T22] ? set_kthread_struct+0x130/0x130 [ 1095.995328][ T22] ret_from_fork+0x1f/0x30 [ 1095.999773][ T22] [ 1096.002138][ T22] Allocated by task 22: [ 1096.006271][ T22] kasan_save_stack+0x1b/0x40 [ 1096.010991][ T22] __kasan_slab_alloc+0x83/0xb0 [ 1096.015842][ T22] kmem_cache_alloc+0x285/0x4a0 [ 1096.020682][ T22] getname_kernel+0x4e/0x370 [ 1096.025262][ T22] kern_path_locked+0x71/0x320 [ 1096.030121][ T22] handle_remove+0xa2/0x5fe [ 1096.034613][ T22] devtmpfsd+0x1b9/0x2a3 [ 1096.038857][ T22] kthread+0x3e5/0x4d0 [ 1096.042926][ T22] ret_from_fork+0x1f/0x30 [ 1096.047331][ T22] [ 1096.049635][ T22] Freed by task 22: [ 1096.053421][ T22] kasan_save_stack+0x1b/0x40 [ 1096.058184][ T22] kasan_set_track+0x1c/0x30 [ 1096.062768][ T22] kasan_set_free_info+0x20/0x30 [ 1096.067694][ T22] __kasan_slab_free+0xff/0x130 [ 1096.072540][ T22] slab_free_freelist_hook+0xe3/0x250 [ 1096.077908][ T22] kmem_cache_free+0x8a/0x5b0 [ 1096.082571][ T22] putname.part.0+0xe1/0x120 [ 1096.087148][ T22] kern_path_locked+0xc2/0x320 [ 1096.091895][ T22] handle_remove+0xa2/0x5fe [ 1096.096407][ T22] devtmpfsd+0x1b9/0x2a3 [ 1096.100633][ T22] kthread+0x3e5/0x4d0 [ 1096.104683][ T22] ret_from_fork+0x1f/0x30 [ 1096.109097][ T22] [ 1096.111405][ T22] The buggy address belongs to the object at ffff88807d13b300 [ 1096.111405][ T22] which belongs to the cache names_cache of size 4096 [ 1096.125522][ T22] The buggy address is located 32 bytes inside of [ 1096.125522][ T22] 4096-byte region [ffff88807d13b300, ffff88807d13c300) [ 1096.138775][ T22] The buggy address belongs to the page: [ 1096.144381][ T22] page:ffffea0001f44e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d138 [ 1096.154524][ T22] head:ffffea0001f44e00 order:3 compound_mapcount:0 compound_pincount:0 [ 1096.162827][ T22] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1096.170793][ T22] raw: 00fff00000010200 ffffea000053e200 0000000200000002 ffff888010dc63c0 [ 1096.179359][ T22] raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000 [ 1096.187914][ T22] page dumped because: kasan: bad access detected [ 1096.194302][ T22] page_owner tracks the page as allocated [ 1096.199991][ T22] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 69455765187, free_ts 69277797380 [ 1096.218811][ T22] get_page_from_freelist+0xa72/0x2f80 [ 1096.224290][ T22] __alloc_pages+0x1b2/0x500 [ 1096.228861][ T22] alloc_pages+0x1a7/0x300 [ 1096.233255][ T22] allocate_slab+0x32e/0x4b0 [ 1096.237831][ T22] ___slab_alloc+0x473/0x7b0 [ 1096.242399][ T22] __slab_alloc.constprop.0+0xa7/0xf0 [ 1096.247752][ T22] kmem_cache_alloc+0x3e1/0x4a0 [ 1096.252585][ T22] getname_flags.part.0+0x50/0x4f0 [ 1096.257683][ T22] getname_flags+0x9a/0xe0 [ 1096.262084][ T22] user_path_at_empty+0x2b/0x90 [ 1096.266916][ T22] vfs_statx+0x142/0x390 [ 1096.271140][ T22] __do_sys_newlstat+0x91/0x110 [ 1096.275967][ T22] do_syscall_64+0x35/0xb0 [ 1096.280421][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1096.286321][ T22] page last free stack trace: [ 1096.290972][ T22] free_pcp_prepare+0x2c5/0x780 [ 1096.295803][ T22] free_unref_page+0x19/0x690 [ 1096.300459][ T22] qlist_free_all+0x5a/0xc0 [ 1096.304946][ T22] kasan_quarantine_reduce+0x180/0x200 [ 1096.310385][ T22] __kasan_slab_alloc+0x95/0xb0 [ 1096.315215][ T22] __kmalloc+0x1f4/0x330 [ 1096.319440][ T22] tomoyo_realpath_from_path+0xc3/0x620 [ 1096.325017][ T22] tomoyo_path_perm+0x21b/0x400 [ 1096.329849][ T22] security_inode_getattr+0xcf/0x140 [ 1096.335144][ T22] vfs_statx+0x164/0x390 [ 1096.339368][ T22] __do_sys_newlstat+0x91/0x110 [ 1096.344199][ T22] do_syscall_64+0x35/0xb0 [ 1096.348600][ T22] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1096.354475][ T22] [ 1096.356778][ T22] Memory state around the buggy address: [ 1096.362388][ T22] ffff88807d13b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1096.370427][ T22] ffff88807d13b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1096.378468][ T22] >ffff88807d13b300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1096.386506][ T22] ^ [ 1096.391592][ T22] ffff88807d13b380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1096.399632][ T22] ffff88807d13b400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1096.407667][ T22] ================================================================== [ 1096.415701][ T22] Disabling lock debugging due to kernel taint [ 1096.427790][ T22] Kernel panic - not syncing: panic_on_warn set ... [ 1096.429851][ T8790] Bluetooth: hci0: command 0x041b tx timeout [ 1096.434380][ T22] CPU: 0 PID: 22 Comm: kdevtmpfs Tainted: G B 5.14.0-syzkaller #0 [ 1096.434403][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1096.434416][ T22] Call Trace: [ 1096.434423][ T22] dump_stack_lvl+0xcd/0x134 [ 1096.434452][ T22] panic+0x2b0/0x6dd [ 1096.471212][ T22] ? __warn_printk+0xf3/0xf3 [ 1096.475796][ T22] ? preempt_schedule_common+0x59/0xc0 [ 1096.481244][ T22] ? __d_alloc+0x19a/0x950 [ 1096.485666][ T22] ? preempt_schedule_thunk+0x16/0x18 [ 1096.491024][ T22] ? trace_hardirqs_on+0x38/0x1c0 [ 1096.496098][ T22] ? trace_hardirqs_on+0x51/0x1c0 [ 1096.501189][ T22] ? __d_alloc+0x19a/0x950 [ 1096.505587][ T22] ? __d_alloc+0x19a/0x950 [ 1096.509981][ T22] end_report.cold+0x63/0x6f [ 1096.514553][ T22] kasan_report.cold+0x71/0xdf [ 1096.519296][ T22] ? __d_alloc+0x19a/0x950 [ 1096.523689][ T22] kasan_check_range+0x13d/0x180 [ 1096.528608][ T22] memcpy+0x20/0x60 [ 1096.532395][ T22] __d_alloc+0x19a/0x950 [ 1096.536618][ T22] d_alloc+0x4a/0x230 [ 1096.540577][ T22] __lookup_hash+0xc8/0x180 [ 1096.545060][ T22] kern_path_locked+0x17e/0x320 [ 1096.549888][ T22] ? filename_lookup+0x80/0x80 [ 1096.554635][ T22] handle_remove+0xa2/0x5fe [ 1096.559125][ T22] ? cacheinfo_cpu_online.cold+0x3e/0x3e [ 1096.564741][ T22] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1096.570700][ T22] ? finish_task_switch.isra.0+0x232/0xa50 [ 1096.576490][ T22] ? find_held_lock+0x2d/0x110 [ 1096.581234][ T22] ? devtmpfsd+0xaa/0x2a3 [ 1096.585542][ T22] ? lock_downgrade+0x6e0/0x6e0 [ 1096.590369][ T22] ? do_raw_spin_lock+0x120/0x2b0 [ 1096.595377][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 1096.600294][ T22] devtmpfsd+0x1b9/0x2a3 [ 1096.604526][ T22] ? dmar_validate_one_drhd+0x24d/0x24d [ 1096.610062][ T22] kthread+0x3e5/0x4d0 [ 1096.614118][ T22] ? set_kthread_struct+0x130/0x130 [ 1096.619302][ T22] ret_from_fork+0x1f/0x30 [ 1096.625141][ T22] Kernel Offset: disabled [ 1096.629449][ T22] Rebooting in 86400 seconds..