
Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '[localhost]:46566' (ECDSA) to the list of known hosts.
2020/01/05 00:33:30 fuzzer started
2020/01/05 00:33:31 dialing manager at 10.0.2.10:42795
2020/01/05 00:33:31 syscalls: 2796
2020/01/05 00:33:31 code coverage: enabled
2020/01/05 00:33:31 comparison tracing: enabled
2020/01/05 00:33:31 extra coverage: enabled
2020/01/05 00:33:31 setuid sandbox: enabled
2020/01/05 00:33:31 namespace sandbox: enabled
2020/01/05 00:33:31 Android sandbox: /sys/fs/selinux/policy does not exist
2020/01/05 00:33:31 fault injection: enabled
2020/01/05 00:33:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/01/05 00:33:31 net packet injection: enabled
2020/01/05 00:33:31 net device setup: enabled
2020/01/05 00:33:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/01/05 00:33:31 devlink PCI setup: PCI device 0000:00:10.0 is not available
00:34:03 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x2}})

00:34:04 executing program 1:
perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x4b61, &(0x7f0000000100))

syzkaller login: [  172.760288][ T8242] IPVS: ftp: loaded support on port[0] = 21
[  172.760297][ T8244] IPVS: ftp: loaded support on port[0] = 21
00:34:04 executing program 2:
r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x30}, 0xc)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
write$binfmt_script(r0, &(0x7f00000009c0)=ANY=[@ANYBLOB="2321213a0f0df805000000ef33408b93e8b647dc86c66e073f092a97ce0b70cf4aa009ff688a9fc6f7ffe5e95f67a891394ce80800c84af285c61a3656f27ffe16ccdf581f01fd7c810b3cd731cd284e96576f865e5300f16187ff87f620a99b535456a2b05a87fb85e441883ad2cb62d0ed4b47de834aadecdd8861a0c980980ec3fe2601e43d026efa090fb5c220fb4011132975cecbe07a1d881461e70fc34b5eb0729c9707aaddb10f5f8693220bf6f8b8ba344a747a5a02a9a96f6f3d44008a7f70c9136c3286483d77bbe933c78f3b29e45c94781df4f5e35fa47f14f9ce01515881f49eed0b2700"/248], 0x10094)
write$binfmt_script(r0, &(0x7f00000008c0)=ANY=[@ANYRES16=0x0], 0x2)
write$binfmt_script(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="83755a8b7c9abd0b6d7982dfc9d8ffd41cdbc4a7956b05e0361b19f161b3a4c19859516522d5f3be67b3a35bc789cf00ee54a61c2b8c8eeb524ad1454c075bb62a12a085f41f221bea219d365ac692f98fcd65544faf2702bd843678c3caa842a7dd"], 0x1a000)

[  173.094193][ T8244] chnl_net:caif_netlink_parms(): no params data found
[  173.160742][ T8246] IPVS: ftp: loaded support on port[0] = 21
00:34:04 executing program 3:
pipe2(0x0, 0x80c00)

[  173.182810][ T8242] chnl_net:caif_netlink_parms(): no params data found
[  173.306597][ T8244] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.329942][ T8244] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.355643][ T8244] device bridge_slave_0 entered promiscuous mode
[  173.400240][ T8244] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.432248][ T8244] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.458704][ T8244] device bridge_slave_1 entered promiscuous mode
[  173.584328][ T8244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.612090][ T8242] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.628085][ T8242] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.647996][ T8242] device bridge_slave_0 entered promiscuous mode
[  173.666816][ T8244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  173.692996][ T8242] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.708277][ T8242] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.723283][ T8242] device bridge_slave_1 entered promiscuous mode
[  173.752117][ T8244] team0: Port device team_slave_0 added
[  173.782226][ T8244] team0: Port device team_slave_1 added
[  173.798211][ T8242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.828281][ T8242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  173.832967][ T8251] IPVS: ftp: loaded support on port[0] = 21
[  173.968368][ T8244] device hsr_slave_0 entered promiscuous mode
[  174.023903][ T8244] device hsr_slave_1 entered promiscuous mode
[  174.090220][ T8242] team0: Port device team_slave_0 added
[  174.138278][ T8242] team0: Port device team_slave_1 added
[  174.283529][ T8242] device hsr_slave_0 entered promiscuous mode
[  174.372930][ T8242] device hsr_slave_1 entered promiscuous mode
[  174.431770][ T8242] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  174.444783][ T8242] Cannot create hsr debugfs directory
[  174.537490][ T8246] chnl_net:caif_netlink_parms(): no params data found
[  174.678942][ T8244] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  174.776006][ T8244] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  174.870172][ T8244] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  174.958032][ T8244] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  175.033847][ T8246] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.053619][ T8246] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.076558][ T8246] device bridge_slave_0 entered promiscuous mode
[  175.102408][ T8246] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.116351][ T8246] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.132269][ T8246] device bridge_slave_1 entered promiscuous mode
[  175.154684][ T8251] chnl_net:caif_netlink_parms(): no params data found
[  175.186969][ T8246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  175.218262][ T8242] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  175.302988][ T8246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  175.333566][ T8242] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  175.414218][ T8242] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  175.496787][ T8242] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  175.586220][ T8246] team0: Port device team_slave_0 added
[  175.613364][ T8246] team0: Port device team_slave_1 added
[  175.650069][ T8251] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.663278][ T8251] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.677231][ T8251] device bridge_slave_0 entered promiscuous mode
[  175.733998][ T8246] device hsr_slave_0 entered promiscuous mode
[  175.812481][ T8246] device hsr_slave_1 entered promiscuous mode
[  175.891524][ T8246] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  175.903757][ T8246] Cannot create hsr debugfs directory
[  175.918039][ T8251] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.931031][ T8251] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.948146][ T8251] device bridge_slave_1 entered promiscuous mode
[  175.999275][ T8251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.026414][ T8251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  176.069758][ T8251] team0: Port device team_slave_0 added
[  176.092114][ T8251] team0: Port device team_slave_1 added
[  176.193748][ T8251] device hsr_slave_0 entered promiscuous mode
[  176.271745][ T8251] device hsr_slave_1 entered promiscuous mode
[  176.321666][ T8251] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.334820][ T8251] Cannot create hsr debugfs directory
[  176.372008][ T8246] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  176.479212][ T8246] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  176.576317][ T8246] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  176.664475][ T8246] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  176.785026][ T8244] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.839353][ T8242] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.854431][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  176.871921][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  176.888120][ T8244] 8021q: adding VLAN 0 to HW filter on device team0
[  176.924862][ T8251] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  177.066577][ T8251] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  177.195249][ T8251] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  177.338632][ T8251] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  177.393717][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.408933][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.422396][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.433619][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.470937][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  177.484817][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  177.499968][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  177.516906][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  177.532853][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  177.546007][ T3041] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.557918][ T3041] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.571974][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  177.587021][ T8242] 8021q: adding VLAN 0 to HW filter on device team0
[  177.607814][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  177.637101][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.652954][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.667932][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.679683][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.692386][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  177.706067][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  177.720479][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  177.739106][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  177.763688][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  177.776562][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  177.790887][   T34] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.801831][   T34] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.822315][ T3433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  177.834940][ T3433] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  177.848370][ T3433] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  177.873077][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  177.888022][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  177.900558][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  177.912993][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  177.928977][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  177.943445][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  177.960645][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  177.984837][ T8244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  178.001190][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  178.020585][ T8246] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.042369][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  178.061248][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  178.095187][ T8242] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  178.124481][ T8242] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  178.161785][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  178.193302][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  178.219622][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  178.240116][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  178.259784][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  178.300105][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  178.316605][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  178.336612][ T8246] 8021q: adding VLAN 0 to HW filter on device team0
[  178.357969][ T3433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  178.373504][ T3433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  178.387091][ T3433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  178.398354][ T3433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  178.419209][ T8244] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.436301][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  178.448615][   T89] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  178.462823][   T89] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.478926][   T89] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.501244][ T8242] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.520242][ T8251] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.531246][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  178.545019][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  178.558435][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  178.572073][ T8255] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.584296][ T8255] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.602993][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  178.619123][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  178.642928][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  178.655604][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  178.668318][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  178.684095][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  178.705668][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  178.727564][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  178.754887][ T8251] 8021q: adding VLAN 0 to HW filter on device team0
[  178.781740][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  178.822798][ T8246] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  178.847724][ T8246] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  178.874224][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  178.892966][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  178.916394][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  178.938325][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  178.963223][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  178.981788][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  178.998171][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.013469][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.032315][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  179.046953][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  179.062154][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  179.078748][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  179.094345][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.109164][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.123215][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  179.138135][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  179.153254][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  179.173041][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  179.185647][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  179.221619][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  179.236682][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  179.250416][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  179.264928][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  179.281716][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  179.297927][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  179.316075][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  179.334027][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  179.353985][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  179.377945][ T8251] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  179.399440][ T8251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  179.419525][ T8242] device veth0_vlan entered promiscuous mode
[  179.437490][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  179.452182][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  179.467718][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  179.480833][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  179.496013][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  179.529885][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  179.543319][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  179.562720][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  179.582637][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  179.599091][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  179.612847][ T8255] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  179.630602][ T8244] device veth0_vlan entered promiscuous mode
[  179.648256][ T8246] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.675620][ T8242] device veth1_vlan entered promiscuous mode
[  179.699463][ T8244] device veth1_vlan entered promiscuous mode
[  179.743688][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  179.764751][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  179.779889][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  179.794973][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  179.825566][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  179.850351][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  179.881097][ T8251] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.934230][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  179.962968][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  180.005321][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  180.025106][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  180.064440][ T8246] device veth0_vlan entered promiscuous mode
[  180.105070][   T89] ==================================================================
[  180.105253][   T89] BUG: KASAN: vmalloc-out-of-bounds in drm_fb_helper_dirty_work+0x44c/0x780
[  180.105261][   T89] Write of size 32 at addr ffffc9000ac97fe0 by task kworker/1:1/89
[  180.105263][   T89] 
[  180.106873][   T89] CPU: 1 PID: 89 Comm: kworker/1:1 Not tainted 5.5.0-rc4-syzkaller #0
[  180.106990][   T89] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  180.108041][   T89] Workqueue: events drm_fb_helper_dirty_work
[  180.108443][   T89] Call Trace:
[  180.108557][   T89]  dump_stack+0x197/0x210
[  180.108567][   T89]  ? drm_fb_helper_dirty_work+0x44c/0x780
[  180.108581][   T89]  print_address_description.constprop.0.cold+0x5/0x30b
[  180.108589][   T89]  ? drm_fb_helper_dirty_work+0x44c/0x780
[  180.108598][   T89]  ? drm_fb_helper_dirty_work+0x44c/0x780
[  180.108606][   T89]  __kasan_report.cold+0x1b/0x41
[  180.108617][   T89]  ? drm_fb_helper_dirty_work+0x44c/0x780
[  180.108626][   T89]  kasan_report+0x12/0x20
[  180.108635][   T89]  check_memory_region+0x134/0x1a0
[  180.108643][   T89]  memcpy+0x38/0x50
[  180.108653][   T89]  drm_fb_helper_dirty_work+0x44c/0x780
[  180.108664][   T89]  ? drm_fb_helper_prepare+0x3c0/0x3c0
[  180.108673][   T89]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  180.108682][   T89]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  180.108692][   T89]  ? trace_hardirqs_on+0x67/0x240
[  180.108708][   T89]  process_one_work+0x9af/0x1740
[  180.108721][   T89]  ? pwq_dec_nr_in_flight+0x320/0x320
[  180.108729][   T89]  ? lock_acquire+0x190/0x410
[  180.108743][   T89]  worker_thread+0x98/0xe40
[  180.108751][   T89]  ? trace_hardirqs_on+0x67/0x240
[  180.108766][   T89]  kthread+0x361/0x430
[  180.108774][   T89]  ? process_one_work+0x1740/0x1740
[  180.108781][   T89]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  180.108791][   T89]  ret_from_fork+0x24/0x30
[  180.108802][   T89] 
[  180.108804][   T89] 
[  180.108807][   T89] Memory state around the buggy address:
[  180.109160][   T89]  ffffc9000ac97e80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  180.109213][   T89]  ffffc9000ac97f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  180.109219][   T89] >ffffc9000ac97f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  180.109223][   T89]                                                        ^
[  180.109229][   T89]  ffffc9000ac98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  180.109236][   T89]  ffffc9000ac98080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  180.109239][   T89] ==================================================================
[  180.109271][   T89] Disabling lock debugging due to kernel taint
[  180.109297][   T89] Kernel panic - not syncing: panic_on_warn set ...
[  180.109306][   T89] CPU: 1 PID: 89 Comm: kworker/1:1 Tainted: G    B             5.5.0-rc4-syzkaller #0
[  180.109311][   T89] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  180.109363][   T89] Workqueue: events drm_fb_helper_dirty_work
[  180.109367][   T89] Call Trace:
[  180.109375][   T89]  dump_stack+0x197/0x210
[  180.109385][   T89]  panic+0x2e3/0x75c
[  180.109392][   T89]  ? add_taint.cold+0x16/0x16
[  180.109402][   T89]  ? trace_hardirqs_on+0x67/0x240
[  180.109410][   T89]  ? trace_hardirqs_on+0x5e/0x240
[  180.109419][   T89]  ? drm_fb_helper_dirty_work+0x44c/0x780
[  180.109425][   T89]  end_report+0x47/0x4f
[  180.109433][   T89]  ? drm_fb_helper_dirty_work+0x44c/0x780
[  180.109440][   T89]  __kasan_report.cold+0xe/0x41
[  180.109449][   T89]  ? drm_fb_helper_dirty_work+0x44c/0x780
[  180.109457][   T89]  kasan_report+0x12/0x20
[  180.109464][   T89]  check_memory_region+0x134/0x1a0
[  180.109471][   T89]  memcpy+0x38/0x50
[  180.109479][   T89]  drm_fb_helper_dirty_work+0x44c/0x780
[  180.109489][   T89]  ? drm_fb_helper_prepare+0x3c0/0x3c0
[  180.109499][   T89]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  180.109508][   T89]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  180.109529][   T89]  ? trace_hardirqs_on+0x67/0x240
[  180.109539][   T89]  process_one_work+0x9af/0x1740
[  180.109548][   T89]  ? pwq_dec_nr_in_flight+0x320/0x320
[  180.109554][   T89]  ? lock_acquire+0x190/0x410
[  180.109564][   T89]  worker_thread+0x98/0xe40
[  180.109572][   T89]  ? trace_hardirqs_on+0x67/0x240
[  180.109582][   T89]  kthread+0x361/0x430
[  180.109589][   T89]  ? process_one_work+0x1740/0x1740
[  180.109595][   T89]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  180.109602][   T89]  ret_from_fork+0x24/0x30
[  180.111413][   T89] Kernel Offset: disabled
[  180.111413][   T89] Rebooting in 86400 seconds..