Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '[localhost]:5949' (ECDSA) to the list of known hosts. syzkaller login: [ 115.215445][ T38] kauditd_printk_skb: 7 callbacks suppressed [ 115.215557][ T38] audit: type=1400 audit(1575482858.686:42): avc: denied { map } for pid=9200 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/12/04 18:07:38 fuzzer started 2019/12/04 18:07:41 dialing manager at 10.0.2.10:39253 2019/12/04 18:07:41 syscalls: 2707 2019/12/04 18:07:41 code coverage: enabled 2019/12/04 18:07:41 comparison tracing: enabled 2019/12/04 18:07:41 extra coverage: extra coverage is not supported by the kernel 2019/12/04 18:07:41 setuid sandbox: enabled 2019/12/04 18:07:41 namespace sandbox: enabled 2019/12/04 18:07:41 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/04 18:07:41 fault injection: enabled 2019/12/04 18:07:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/04 18:07:41 net packet injection: enabled 2019/12/04 18:07:41 net device setup: enabled 2019/12/04 18:07:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/04 18:07:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 18:08:16 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 152.712149][ T38] audit: type=1400 audit(1575482896.176:43): avc: denied { map } for pid=9223 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3104 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 18:08:16 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$netlink(0x10, 0x3, 0xa) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") splice(r0, 0x0, r2, 0x0, 0x40000000004ffe0, 0x0) 18:08:16 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) [ 153.237764][ T9224] IPVS: ftp: loaded support on port[0] = 21 [ 153.251078][ T9226] IPVS: ftp: loaded support on port[0] = 21 18:08:16 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000021000500d25a80648c63940d0600fc00100003400200a06d053582c137153e370900018000f01700d1bd", 0x2e}], 0x1}, 0x0) [ 153.316221][ T9228] IPVS: ftp: loaded support on port[0] = 21 [ 153.505497][ T9230] IPVS: ftp: loaded support on port[0] = 21 [ 153.752559][ T9224] chnl_net:caif_netlink_parms(): no params data found [ 153.781292][ T9226] chnl_net:caif_netlink_parms(): no params data found [ 153.820092][ T9230] chnl_net:caif_netlink_parms(): no params data found [ 153.854683][ T9228] chnl_net:caif_netlink_parms(): no params data found [ 153.948837][ T9230] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.971188][ T9230] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.994249][ T9230] device bridge_slave_0 entered promiscuous mode [ 154.028854][ T9226] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.050230][ T9226] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.070719][ T9226] device bridge_slave_0 entered promiscuous mode [ 154.087071][ T9224] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.103742][ T9224] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.117741][ T9224] device bridge_slave_0 entered promiscuous mode [ 154.130444][ T9224] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.147174][ T9224] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.166975][ T9224] device bridge_slave_1 entered promiscuous mode [ 154.186174][ T9230] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.202823][ T9230] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.224245][ T9230] device bridge_slave_1 entered promiscuous mode [ 154.247968][ T9226] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.261469][ T9226] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.275677][ T9226] device bridge_slave_1 entered promiscuous mode [ 154.324016][ T9228] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.338507][ T9228] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.356029][ T9228] device bridge_slave_0 entered promiscuous mode [ 154.373304][ T9226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.392843][ T9230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.419819][ T9224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.440941][ T9228] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.458950][ T9228] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.482004][ T9228] device bridge_slave_1 entered promiscuous mode [ 154.515605][ T9226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.546849][ T9230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.576147][ T9224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.632964][ T9230] team0: Port device team_slave_0 added [ 154.644711][ T9228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.666663][ T9226] team0: Port device team_slave_0 added [ 154.683709][ T9224] team0: Port device team_slave_0 added [ 154.695730][ T9230] team0: Port device team_slave_1 added [ 154.707365][ T9228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.732024][ T9226] team0: Port device team_slave_1 added [ 154.751441][ T9224] team0: Port device team_slave_1 added [ 154.824371][ T9228] team0: Port device team_slave_0 added [ 154.892944][ T9230] device hsr_slave_0 entered promiscuous mode [ 154.979868][ T9230] device hsr_slave_1 entered promiscuous mode [ 155.123167][ T9226] device hsr_slave_0 entered promiscuous mode [ 155.189768][ T9226] device hsr_slave_1 entered promiscuous mode [ 155.249500][ T9226] debugfs: Directory 'hsr0' with parent '/' already present! [ 155.262571][ T9228] team0: Port device team_slave_1 added [ 155.332716][ T9224] device hsr_slave_0 entered promiscuous mode [ 155.430346][ T9224] device hsr_slave_1 entered promiscuous mode [ 155.509436][ T9224] debugfs: Directory 'hsr0' with parent '/' already present! [ 155.640056][ T9228] device hsr_slave_0 entered promiscuous mode [ 155.733143][ T9228] device hsr_slave_1 entered promiscuous mode [ 155.789553][ T9228] debugfs: Directory 'hsr0' with parent '/' already present! [ 155.831479][ T38] audit: type=1400 audit(1575482899.306:44): avc: denied { create } for pid=9224 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 155.867635][ T38] audit: type=1400 audit(1575482899.306:45): avc: denied { write } for pid=9224 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 155.902683][ T38] audit: type=1400 audit(1575482899.306:46): avc: denied { read } for pid=9224 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 155.938772][ T9226] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 156.018091][ T9226] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 156.081056][ T9224] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 156.151689][ T9230] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 156.215008][ T9230] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 156.330954][ T9226] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 156.401570][ T9226] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 156.471335][ T9224] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 156.537680][ T9224] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 156.621927][ T9230] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 156.671779][ T9230] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 156.805242][ T9228] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 156.871435][ T9224] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.951598][ T9228] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 157.036679][ T9228] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 157.095700][ T9228] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 157.356165][ T9226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.406216][ T9224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.434261][ T9230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.467056][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.490468][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.529919][ T9226] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.567306][ T9224] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.583061][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.602280][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.620640][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.635264][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.650236][ T3022] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.672420][ T3022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.706607][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.744544][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.766573][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.788613][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.812755][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.840513][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.855386][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.876826][ T9230] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.907121][ T9228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.918442][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.940812][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.957906][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.975310][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.995969][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.017138][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.032012][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.043771][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.064589][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.082199][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.100091][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.119986][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.144156][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.164108][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.207477][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.236505][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.258464][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.274695][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.300368][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.331451][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.364985][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.397724][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.419493][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.447779][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.473885][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.512248][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.528629][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.548115][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.561672][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.581963][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.600002][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.622377][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.634952][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.660961][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.686566][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.720513][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.756539][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.794831][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.833602][ T9228] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.878858][ T9230] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 158.936857][ T9230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.999013][ T9226] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.064808][ T9226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.104308][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.147460][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.184872][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.224069][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.260509][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 159.296777][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 159.337027][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.377155][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.405738][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 159.434405][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 159.456966][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.475529][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 159.512924][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.537174][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.558705][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.578348][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 159.607029][ T3211] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.623358][ T3211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.651111][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.678869][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.706264][ T3211] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.729823][ T3211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.757857][ T3211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 159.792191][ T9224] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.863585][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.916241][ T9228] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 159.944529][ T9228] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.987281][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.008323][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.042193][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.063067][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.082047][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.100454][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.117880][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.140546][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.165247][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.180106][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.202760][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.217826][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.243491][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.261549][ T3952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.300453][ T9226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.327600][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.337030][ T38] audit: type=1400 audit(1575482903.796:47): avc: denied { associate } for pid=9226 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 160.356476][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.356602][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.356713][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.370477][ T9224] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.560254][ T9230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.583465][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.596607][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.623774][ T9228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.636886][ T9241] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.667754][ T9241] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.788290][ T38] audit: type=1400 audit(1575482904.256:48): avc: denied { create } for pid=9243 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [ 160.817284][ T9251] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 18:08:24 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000021000500d25a80648c63940d0600fc00100003400200a06d053582c137153e370900018000f01700d1bd", 0x2e}], 0x1}, 0x0) [ 160.818176][ T9251] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 160.926477][ T38] audit: type=1400 audit(1575482904.276:49): avc: denied { write } for pid=9243 comm="syz-executor.1" path="socket:[35276]" dev="sockfs" ino=35276 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [ 161.125659][ T9259] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 18:08:24 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:24 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) [ 161.167508][ T38] audit: type=1400 audit(1575482904.546:50): avc: denied { map } for pid=9255 comm="syz-executor.0" path=2F6D656D66643ABCF6202864656C6574656429 dev="tmpfs" ino=37014 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 161.211078][ T9259] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 18:08:24 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:24 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:25 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$netlink(0x10, 0x3, 0xa) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") splice(r0, 0x0, r2, 0x0, 0x40000000004ffe0, 0x0) 18:08:25 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:25 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:25 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:25 executing program 3: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:25 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:25 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:25 executing program 2: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 1: 18:08:26 executing program 3: 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r3, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 2: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 1: 18:08:26 executing program 3: 18:08:26 executing program 2: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$unix(r1, &(0x7f0000000400), 0xff26, 0x0, 0x0, 0xffffffffffffff21) recvmmsg(r1, &(0x7f0000006480)=[{{0x0, 0x0, &(0x7f0000006400)=[{&(0x7f0000005000)=""/95, 0x5f}], 0x1}}], 0x1, 0x0, 0x0) 18:08:26 executing program 1: fsetxattr(0xffffffffffffffff, &(0x7f00000000c0)=@known='security.selinux\x00', 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$admmidi(0x0, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) open(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) 18:08:26 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) [ 162.667648][ T38] audit: type=1400 audit(1575482906.136:51): avc: denied { open } for pid=9320 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) r3 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) write(0xffffffffffffffff, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 1: 18:08:26 executing program 3: r0 = socket(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000034c0)={@local, @empty, @empty, 0x0, 0x40, 0x0, 0x0, 0x0, 0x1000000}) 18:08:26 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 1: 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) write(0xffffffffffffffff, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$sock(r2, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="018ee9f82e", 0xe}, {&(0x7f0000000140)="5531f5e79d1230ddde98e2f96ff18ba13900c35e67d75c5a6810890239fb4c7dde6a19", 0x23}, {&(0x7f0000000180)="e31520aa566f0e3686390a8b9a5e851d473b7f3f48f1cab37f45b3adf98590fe0fc1bb355a5d7ba1193e0f1b8da27a3185d39bb2f03d0265a8220e0b301f45542d83e05d01a32b5d4d26b012d5763340bebd3fc37f86adfa618871ae0af56300de382edf1aa89e0d", 0x68}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000480)="92", 0x20000481}], 0x1}}], 0x2, 0x0) 18:08:26 executing program 2: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r2 = dup2(r0, r1) fchdir(r2) write(0xffffffffffffffff, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 3: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8202e4a0ffffffff"], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket(0x2, 0x2, 0x0) connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x10) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f00000000c0)="071400000f370025ff149b33ff0f000000000000", 0x14) r1 = socket(0x2, 0x2, 0x0) bind(r1, &(0x7f0000000000)=@un=@abs={0x0, 0xd}, 0x10) r2 = socket(0x2, 0x2, 0x0) dup2(r1, r2) connect$unix(r2, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x10) write(r0, 0x0, 0x0) 18:08:26 executing program 2: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') dup2(r0, r1) r2 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 2: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, {0x0, 0x0, 0x4}}) 18:08:26 executing program 3: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8202e4a0ffffffff"], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket(0x2, 0x2, 0x0) connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x10) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f00000000c0)="071400000f370025ff149b33ff0f000000000000", 0x14) r1 = socket(0x2, 0x2, 0x0) bind(r1, &(0x7f0000000000)=@un=@abs={0x0, 0xd}, 0x10) r2 = socket(0x2, 0x2, 0x0) dup2(r1, r2) connect$unix(r2, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x10) write(r0, 0x0, 0x0) 18:08:26 executing program 1: socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) socket$inet6(0xa, 0x400000000001, 0x0) sched_setattr(0x0, &(0x7f0000000400)={0x30}, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b4}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 18:08:26 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') dup2(r0, r1) r2 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="290000005200190f00003fffffffda060200000000e80001040000040d000a00ea1100000005000000", 0x29}], 0x1) recvmmsg(r0, &(0x7f0000006f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 18:08:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="290000005200190f00003fffffffda060200000000e80001040000040d000a00ea1100000005000000", 0x29}], 0x1) recvmmsg(r0, &(0x7f0000006f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') dup2(r0, r1) r2 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:26 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 18:08:26 executing program 0: pipe2(&(0x7f00000000c0), 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') fchdir(0xffffffffffffffff) r0 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r0, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:27 executing program 1: socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) socket$inet6(0xa, 0x400000000001, 0x0) sched_setattr(0x0, &(0x7f0000000400)={0x30}, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b4}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 18:08:27 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 18:08:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="290000005200190f00003fffffffda060200000000e80001040000040d000a00ea1100000005000000", 0x29}], 0x1) recvmmsg(r0, &(0x7f0000006f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 18:08:27 executing program 0: pipe2(&(0x7f00000000c0), 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') fchdir(0xffffffffffffffff) r0 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r0, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="290000005200190f00003fffffffda060200000000e80001040000040d000a00ea1100000005000000", 0x29}], 0x1) recvmmsg(r0, &(0x7f0000006f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 18:08:27 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x4}}) 18:08:27 executing program 0: pipe2(&(0x7f00000000c0), 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') fchdir(0xffffffffffffffff) r0 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r0, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000006f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 18:08:28 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x0, @loopback}, {0x2, 0x0, @loopback}, {0x2, 0x0, @local}, 0x27}) connect(r0, &(0x7f0000000100)=@in6={0xa, 0x4e21, 0x7, @empty, 0x101}, 0x80) 18:08:28 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x4}}) 18:08:28 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = dup2(r0, 0xffffffffffffffff) fchdir(r1) r2 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000006f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 18:08:28 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = dup2(r0, 0xffffffffffffffff) fchdir(r1) r2 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:28 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x4}}) 18:08:28 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x0, @loopback}, {0x2, 0x0, @loopback}, {0x2, 0x0, @local}, 0x27}) connect(r0, &(0x7f0000000100)=@in6={0xa, 0x4e21, 0x7, @empty, 0x101}, 0x80) 18:08:28 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00') r1 = dup2(r0, 0xffffffffffffffff) fchdir(r1) r2 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:28 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}) 18:08:28 executing program 0: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r1 = dup2(0xffffffffffffffff, r0) fchdir(r1) r2 = memfd_create(&(0x7f00000002c0)='\xbc\xf6', 0x0) write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:08:28 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x4000000000000078, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @local={0xac, 0x14, 0xffffffffffffffff}, {[@timestamp={0x44, 0x4}]}}, @igmp={0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}}}}}, 0x0) [ 165.036505][ T4289] kobject: 'loop1' (000000007bd8ad3c): kobject_uevent_env [ 165.036563][ T4289] kobject: 'loop1' (000000007bd8ad3c): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 165.050893][ T4289] kobject: 'loop0' (00000000c8bca2be): kobject_uevent_env [ 165.050933][ T4289] kobject: 'loop0' (00000000c8bca2be): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 165.069203][ T9476] ================================================================== [ 165.069203][ T9476] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x356/0x410 [ 165.069203][ T9476] Write of size 8 at addr ffffc90008b11000 by task syz-executor.2/9476 [ 165.069203][ T9476] [ 165.069203][ T9476] CPU: 2 PID: 9476 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 165.069203][ T9476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 165.069203][ T9476] Call Trace: [ 165.069203][ T9476] dump_stack+0x197/0x210 [ 165.069203][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.069203][ T9476] print_address_description.constprop.0.cold+0x5/0x30b [ 165.069203][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.069203][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.069203][ T9476] __kasan_report.cold+0x1b/0x41 [ 165.069203][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.069203][ T9476] kasan_report+0x12/0x20 [ 165.069203][ T9476] __asan_report_store8_noabort+0x17/0x20 [ 165.069203][ T9476] bitfill_aligned+0x356/0x410 [ 165.069203][ T9476] sys_fillrect+0x421/0x7c0 [ 165.069203][ T9476] ? sys_fillrect+0x7c0/0x7c0 [ 165.069203][ T9476] drm_fb_helper_sys_fillrect+0x21/0x190 [ 165.069203][ T9476] bit_clear_margins+0x30b/0x530 [ 165.069203][ T9476] ? bit_bmove+0x270/0x270 [ 165.069203][ T9476] ? fb_get_color_depth.part.0+0xcf/0x200 [ 165.069203][ T9476] fbcon_clear_margins+0x1e9/0x250 [ 165.069203][ T9476] fbcon_switch+0xd7f/0x17f0 [ 165.069203][ T9476] ? fbcon_set_def_font+0x360/0x360 [ 165.069203][ T9476] ? fbcon_cursor+0x48c/0x660 [ 165.069203][ T9476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.069203][ T9476] ? fbcon_set_origin+0x2b/0x50 [ 165.069203][ T9476] ? fbcon_scrolldelta+0x1220/0x1220 [ 165.069203][ T9476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.069203][ T9476] redraw_screen+0x2b6/0x7d0 [ 165.069203][ T9476] ? fb_get_color_depth.part.0+0xcf/0x200 [ 165.069203][ T9476] ? respond_string+0x2c0/0x2c0 [ 165.069203][ T9476] ? fbcon_set_palette+0x3c4/0x4a0 [ 165.069203][ T9476] fbcon_modechanged+0x5c3/0x790 [ 165.069203][ T9476] fbcon_update_vcs+0x42/0x50 [ 165.069203][ T9476] fb_set_var+0xb32/0xdd0 [ 165.069203][ T9476] ? fb_blank+0x1a0/0x1a0 [ 165.069203][ T9476] ? lock_acquire+0x190/0x410 [ 165.069203][ T9476] ? __mutex_lock+0x458/0x13c0 [ 165.069203][ T9476] ? down+0x50/0x90 [ 165.069203][ T9476] ? do_fb_ioctl+0x335/0x7d0 [ 165.069203][ T9476] do_fb_ioctl+0x390/0x7d0 [ 165.069203][ T9476] ? fb_mmap+0x520/0x520 [ 165.069203][ T9476] ? tomoyo_path_number_perm+0x214/0x520 [ 165.069203][ T9476] ? find_held_lock+0x35/0x130 [ 165.069203][ T9476] ? tomoyo_path_number_perm+0x214/0x520 [ 165.069203][ T9476] ? lock_downgrade+0x920/0x920 [ 165.069203][ T9476] ? lockdep_hardirqs_on+0x421/0x5e0 [ 165.069203][ T9476] ? tomoyo_path_number_perm+0x454/0x520 [ 165.069203][ T9476] ? ___might_sleep+0x163/0x2c0 [ 165.069203][ T9476] fb_ioctl+0xe6/0x130 [ 165.069203][ T9476] ? do_fb_ioctl+0x7d0/0x7d0 [ 165.069203][ T9476] do_vfs_ioctl+0x977/0x14e0 [ 165.069203][ T9476] ? compat_ioctl_preallocate+0x220/0x220 [ 165.069203][ T9476] ? selinux_file_mprotect+0x620/0x620 [ 165.069203][ T9476] ? __fget+0x37f/0x550 [ 165.069203][ T9476] ? ksys_dup3+0x3e0/0x3e0 [ 165.069203][ T9476] ? ns_to_kernel_old_timeval+0x100/0x100 [ 165.069203][ T9476] ? tomoyo_file_ioctl+0x23/0x30 [ 165.069203][ T9476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.069203][ T9476] ? security_file_ioctl+0x8d/0xc0 [ 165.069203][ T9476] ksys_ioctl+0xab/0xd0 [ 165.069203][ T9476] __x64_sys_ioctl+0x73/0xb0 [ 165.069203][ T9476] do_syscall_64+0xfa/0x790 [ 165.069203][ T9476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 165.069203][ T9476] RIP: 0033:0x45a759 [ 165.069203][ T9476] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 165.069203][ T9476] RSP: 002b:00007f8280324c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.069203][ T9476] RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045a759 [ 165.069203][ T9476] RDX: 0000000020000040 RSI: 0000000000004601 RDI: 0000000000000003 [ 165.069203][ T9476] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 165.069203][ T9476] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82803256d4 [ 165.069203][ T9476] R13: 00000000004a9e78 R14: 00000000006ec2d8 R15: 00000000ffffffff [ 165.069203][ T9476] [ 165.069203][ T9476] [ 165.069203][ T9476] Memory state around the buggy address: [ 165.069203][ T9476] ffffc90008b10f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 165.069203][ T9476] ffffc90008b10f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 165.069203][ T9476] >ffffc90008b11000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 165.069203][ T9476] ^ [ 165.069203][ T9476] ffffc90008b11080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 165.069203][ T9476] ffffc90008b11100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 165.069203][ T9476] ================================================================== [ 165.069203][ T9476] Disabling lock debugging due to kernel taint [ 165.077969][ T9476] Kernel panic - not syncing: panic_on_warn set ... [ 165.078016][ T9476] CPU: 2 PID: 9476 Comm: syz-executor.2 Tainted: G B 5.4.0-syzkaller #0 [ 165.078023][ T9476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 165.078025][ T9476] Call Trace: [ 165.078088][ T9476] dump_stack+0x197/0x210 [ 165.078101][ T9476] panic+0x2e3/0x75c [ 165.078110][ T9476] ? add_taint.cold+0x16/0x16 [ 165.078119][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.078131][ T9476] ? preempt_schedule+0x4b/0x60 [ 165.078142][ T9476] ? ___preempt_schedule+0x16/0x18 [ 165.078151][ T9476] ? trace_hardirqs_on+0x5e/0x240 [ 165.078160][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.078167][ T9476] end_report+0x47/0x4f [ 165.078174][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.078180][ T9476] __kasan_report.cold+0xe/0x41 [ 165.078188][ T9476] ? bitfill_aligned+0x356/0x410 [ 165.078195][ T9476] kasan_report+0x12/0x20 [ 165.078203][ T9476] __asan_report_store8_noabort+0x17/0x20 [ 165.078210][ T9476] bitfill_aligned+0x356/0x410 [ 165.078218][ T9476] sys_fillrect+0x421/0x7c0 [ 165.078225][ T9476] ? sys_fillrect+0x7c0/0x7c0 [ 165.078235][ T9476] drm_fb_helper_sys_fillrect+0x21/0x190 [ 165.078245][ T9476] bit_clear_margins+0x30b/0x530 [ 165.078254][ T9476] ? bit_bmove+0x270/0x270 [ 165.078262][ T9476] ? fb_get_color_depth.part.0+0xcf/0x200 [ 165.078272][ T9476] fbcon_clear_margins+0x1e9/0x250 [ 165.078280][ T9476] fbcon_switch+0xd7f/0x17f0 [ 165.078290][ T9476] ? fbcon_set_def_font+0x360/0x360 [ 165.078302][ T9476] ? fbcon_cursor+0x48c/0x660 [ 165.078311][ T9476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.078319][ T9476] ? fbcon_set_origin+0x2b/0x50 [ 165.078326][ T9476] ? fbcon_scrolldelta+0x1220/0x1220 [ 165.078334][ T9476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.078348][ T9476] redraw_screen+0x2b6/0x7d0 [ 165.078355][ T9476] ? fb_get_color_depth.part.0+0xcf/0x200 [ 165.078363][ T9476] ? respond_string+0x2c0/0x2c0 [ 165.078371][ T9476] ? fbcon_set_palette+0x3c4/0x4a0 [ 165.078380][ T9476] fbcon_modechanged+0x5c3/0x790 [ 165.078390][ T9476] fbcon_update_vcs+0x42/0x50 [ 165.078396][ T9476] fb_set_var+0xb32/0xdd0 [ 165.078404][ T9476] ? fb_blank+0x1a0/0x1a0 [ 165.078412][ T9476] ? lock_acquire+0x190/0x410 [ 165.078424][ T9476] ? __mutex_lock+0x458/0x13c0 [ 165.078434][ T9476] ? down+0x50/0x90 [ 165.078449][ T9476] ? do_fb_ioctl+0x335/0x7d0 [ 165.078460][ T9476] do_fb_ioctl+0x390/0x7d0 [ 165.078468][ T9476] ? fb_mmap+0x520/0x520 [ 165.078476][ T9476] ? tomoyo_path_number_perm+0x214/0x520 [ 165.078487][ T9476] ? find_held_lock+0x35/0x130 [ 165.078494][ T9476] ? tomoyo_path_number_perm+0x214/0x520 [ 165.078505][ T9476] ? lock_downgrade+0x920/0x920 [ 165.078512][ T9476] ? lockdep_hardirqs_on+0x421/0x5e0 [ 165.078520][ T9476] ? tomoyo_path_number_perm+0x454/0x520 [ 165.078533][ T9476] ? ___might_sleep+0x163/0x2c0 [ 165.078541][ T9476] fb_ioctl+0xe6/0x130 [ 165.078547][ T9476] ? do_fb_ioctl+0x7d0/0x7d0 [ 165.078555][ T9476] do_vfs_ioctl+0x977/0x14e0 [ 165.078563][ T9476] ? compat_ioctl_preallocate+0x220/0x220 [ 165.078571][ T9476] ? selinux_file_mprotect+0x620/0x620 [ 165.078577][ T9476] ? __fget+0x37f/0x550 [ 165.078586][ T9476] ? ksys_dup3+0x3e0/0x3e0 [ 165.078595][ T9476] ? ns_to_kernel_old_timeval+0x100/0x100 [ 165.078604][ T9476] ? tomoyo_file_ioctl+0x23/0x30 [ 165.078612][ T9476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.078620][ T9476] ? security_file_ioctl+0x8d/0xc0 [ 165.078628][ T9476] ksys_ioctl+0xab/0xd0 [ 165.078635][ T9476] __x64_sys_ioctl+0x73/0xb0 [ 165.078645][ T9476] do_syscall_64+0xfa/0x790 [ 165.078655][ T9476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 165.078661][ T9476] RIP: 0033:0x45a759 [ 165.078669][ T9476] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 165.078673][ T9476] RSP: 002b:00007f8280324c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.078680][ T9476] RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045a759 [ 165.078685][ T9476] RDX: 0000000020000040 RSI: 0000000000004601 RDI: 0000000000000003 [ 165.078689][ T9476] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 165.078693][ T9476] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82803256d4 [ 165.078698][ T9476] R13: 00000000004a9e78 R14: 00000000006ec2d8 R15: 00000000ffffffff [ 165.086321][ T9476] Kernel Offset: disabled [ 165.086321][ T9476] Rebooting in 86400 seconds..