Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts. 2019/12/06 13:53:03 fuzzer started syzkaller login: [ 48.911277] kauditd_printk_skb: 2 callbacks suppressed [ 48.911291] audit: type=1400 audit(1575640383.204:36): avc: denied { map } for pid=7712 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/12/06 13:53:04 dialing manager at 10.128.0.105:45553 2019/12/06 13:53:04 syscalls: 2679 2019/12/06 13:53:04 code coverage: enabled 2019/12/06 13:53:04 comparison tracing: enabled 2019/12/06 13:53:04 extra coverage: extra coverage is not supported by the kernel 2019/12/06 13:53:04 setuid sandbox: enabled 2019/12/06 13:53:04 namespace sandbox: enabled 2019/12/06 13:53:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/06 13:53:04 fault injection: enabled 2019/12/06 13:53:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/06 13:53:04 net packet injection: enabled 2019/12/06 13:53:04 net device setup: enabled 2019/12/06 13:53:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/06 13:53:04 devlink PCI setup: PCI device 0000:00:10.0 is not available 13:54:59 executing program 0: [ 165.135361] audit: type=1400 audit(1575640499.434:37): avc: denied { map } for pid=7731 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4955 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 165.235595] IPVS: ftp: loaded support on port[0] = 21 13:54:59 executing program 1: [ 165.346598] chnl_net:caif_netlink_parms(): no params data found [ 165.453026] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.459834] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.467953] device bridge_slave_0 entered promiscuous mode [ 165.493932] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.500430] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.514083] device bridge_slave_1 entered promiscuous mode [ 165.536609] IPVS: ftp: loaded support on port[0] = 21 13:54:59 executing program 2: [ 165.557753] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.584804] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.652835] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.660938] team0: Port device team_slave_0 added [ 165.686394] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 165.695090] team0: Port device team_slave_1 added [ 165.705161] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 165.724770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 13:55:00 executing program 3: [ 165.815912] device hsr_slave_0 entered promiscuous mode [ 165.852361] device hsr_slave_1 entered promiscuous mode [ 165.892888] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 165.901107] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 165.936605] IPVS: ftp: loaded support on port[0] = 21 [ 165.985170] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.991766] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.999016] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.005409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.017774] IPVS: ftp: loaded support on port[0] = 21 [ 166.046790] chnl_net:caif_netlink_parms(): no params data found 13:55:00 executing program 4: [ 166.239897] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 166.247491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.340753] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 166.347532] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.354672] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.362128] device bridge_slave_0 entered promiscuous mode [ 166.369928] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.376517] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.383802] device bridge_slave_1 entered promiscuous mode 13:55:00 executing program 5: [ 166.402415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.404752] IPVS: ftp: loaded support on port[0] = 21 [ 166.414751] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.434758] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.443805] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 166.480544] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.492545] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 166.498651] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.511860] chnl_net:caif_netlink_parms(): no params data found [ 166.525439] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.533603] chnl_net:caif_netlink_parms(): no params data found [ 166.544902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.568420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.577490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.585282] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.591875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.619958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.649039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.657403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.665130] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.671464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.682813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 166.691386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 166.700693] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 166.708733] team0: Port device team_slave_0 added [ 166.714801] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.722251] team0: Port device team_slave_1 added [ 166.754558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.762667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.774662] IPVS: ftp: loaded support on port[0] = 21 [ 166.784156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.793176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.801078] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.820865] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.842827] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.857306] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.867090] device bridge_slave_0 entered promiscuous mode [ 166.874751] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.881119] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.889144] device bridge_slave_0 entered promiscuous mode [ 166.897754] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.904793] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.911766] device bridge_slave_1 entered promiscuous mode [ 166.922823] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 166.936731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.949948] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.957278] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.964913] device bridge_slave_1 entered promiscuous mode [ 166.978320] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.992900] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 167.016217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 167.084575] device hsr_slave_0 entered promiscuous mode [ 167.122396] device hsr_slave_1 entered promiscuous mode [ 167.187708] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 167.224225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.232136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.242442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 167.251804] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 167.260242] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 167.268975] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 167.279360] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 167.287386] team0: Port device team_slave_0 added [ 167.294709] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 167.302381] team0: Port device team_slave_1 added [ 167.308083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.315828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.323600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.331056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.340291] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 167.369771] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.380905] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 167.387173] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.400628] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 167.413369] team0: Port device team_slave_0 added [ 167.428560] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.448844] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 167.458185] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 167.465752] team0: Port device team_slave_1 added [ 167.487937] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.495623] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.554026] device hsr_slave_0 entered promiscuous mode [ 167.592942] device hsr_slave_1 entered promiscuous mode [ 167.634297] chnl_net:caif_netlink_parms(): no params data found [ 167.694099] device hsr_slave_0 entered promiscuous mode [ 167.732274] device hsr_slave_1 entered promiscuous mode [ 167.793107] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 167.800674] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 167.818108] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 167.828019] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 167.837874] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 167.846308] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 167.898331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 167.905188] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 167.927182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.940923] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.947741] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.956169] device bridge_slave_0 entered promiscuous mode [ 167.966228] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.973856] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.981164] device bridge_slave_1 entered promiscuous mode [ 168.007209] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.026262] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.046105] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 168.058364] chnl_net:caif_netlink_parms(): no params data found [ 168.068744] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.087469] audit: type=1400 audit(1575640502.384:38): avc: denied { associate } for pid=7732 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 168.112807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.123114] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 168.155916] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 168.168658] team0: Port device team_slave_0 added [ 168.219558] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 168.252368] team0: Port device team_slave_1 added 13:55:02 executing program 0: socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x80003, 0x11) setsockopt$inet6_int(r3, 0x29, 0x7, 0x0, 0x0) [ 168.295569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 168.312265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.323552] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.329933] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.355540] device bridge_slave_0 entered promiscuous mode [ 168.364333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.371218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.379118] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 168.386915] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 168.408428] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 168.415511] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.422502] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.430196] device bridge_slave_1 entered promiscuous mode [ 168.484231] device hsr_slave_0 entered promiscuous mode [ 168.522258] device hsr_slave_1 entered promiscuous mode 13:55:02 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x8) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x405}) [ 168.575005] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 168.584487] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 168.599270] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 168.606693] 8021q: adding VLAN 0 to HW filter on device team0 13:55:02 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x8) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x405}) [ 168.620633] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.632908] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 1029 (only 16 groups) [ 168.644998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.662154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.671488] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 168.680285] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 168.687334] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.698426] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 168.709127] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 1029 (only 16 groups) [ 168.713288] 8021q: adding VLAN 0 to HW filter on device bond0 13:55:03 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x8) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x405}) [ 168.731311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.750593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.764982] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 168.771133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.781858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.801593] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.801754] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 1029 (only 16 groups) [ 168.808052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.809028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 13:55:03 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x8) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)={0x405}) [ 168.832808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.840551] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.846963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.868557] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 13:55:03 executing program 0: tkill(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = epoll_create1(0x0) r3 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_MOD(r2, 0x2, r3, 0x0) [ 168.881105] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 168.897763] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 1029 (only 16 groups) [ 168.900757] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 168.915722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.934878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.948028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.956499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.964480] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.970835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.978129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.985159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.992660] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 168.999954] team0: Port device team_slave_0 added [ 169.010189] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 169.019598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 13:55:03 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_elf64(r0, &(0x7f0000000200)={{0x1b, 0x48, 0x50, 0x9b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) [ 169.042851] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 169.069410] team0: Port device team_slave_1 added [ 169.070377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.071032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.071387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.071609] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.071631] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.085268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 169.087474] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 169.087483] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.090104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 169.093554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 169.095259] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 169.097663] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 169.100087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 169.117083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 169.119919] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 169.127215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 169.133768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.134251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.134555] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.134584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.134918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.135319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.135599] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.135627] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.135955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.136591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.137197] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.137651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.138165] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.138622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.138980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.139337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.139931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.359908] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 169.375013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 169.384876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 169.403015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.410746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.418086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.426233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.434970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.449441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.459177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 169.479503] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 169.486395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.495601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.502460] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.509545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.576863] device hsr_slave_0 entered promiscuous mode [ 169.622302] device hsr_slave_1 entered promiscuous mode [ 169.673655] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 169.681383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 169.695957] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 169.702816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.710561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.718392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.726907] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 169.736291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 169.749678] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 169.757182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.767907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.776015] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 169.788808] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 169.797550] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 169.805403] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 169.814468] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 169.821707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.828823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.836762] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.844577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.855452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.863067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 169.869735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 169.876761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.883747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.892315] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 169.900906] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.912260] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 169.918481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.928267] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 169.944766] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 169.952701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.960301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.968575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.976237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.984592] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 169.990655] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.000342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 170.014581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.039893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.048519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.059139] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 170.065629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.075581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 170.089108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 170.103839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.111707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.119599] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.125997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.133305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.141094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.149062] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.155470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.165288] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 170.176774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 170.192744] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 170.199064] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.212484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.222582] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 170.243462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 170.255886] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 170.270094] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 170.282480] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 170.289254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.297622] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 170.304514] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 170.316651] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.325977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 170.339045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.350792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.363936] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.371790] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.395816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.432947] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 13:55:04 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @aes128, 0x0, "990d67358757c295"}) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x9) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xedc0) open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) [ 170.459745] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 170.478145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.489775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 13:55:04 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000004c0)=""/102400, 0x19000) 13:55:04 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_elf64(r0, &(0x7f0000000200)={{0x1b, 0x29, 0x4b, 0x9b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) [ 170.513828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.547408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.564722] hrtimer: interrupt took 52694 ns [ 170.573455] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 170.625825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 170.639521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.652710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.670647] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 170.706751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.716987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.729011] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 170.736110] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.769350] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 170.778586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.787371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.800940] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.807406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.822479] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 170.830494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 170.843380] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 170.849630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.860718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.868805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.876658] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.883323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.890709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 170.897705] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 170.906880] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 170.915558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.926051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 170.936741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.946075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 170.956968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.964657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.975945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.983705] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.003092] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 171.019853] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 171.027482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.040411] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.049224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.057287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 13:55:05 executing program 4: getsockname$packet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) mlockall(0x3) dup(0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001280)={'veth0\x00'}) syz_open_procfs(0x0, &(0x7f00000000c0)='smaps_rollup\x00') keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff) [ 171.073881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 171.089458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.098401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.114024] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 171.120125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.143586] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 171.151451] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 171.158335] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 171.168528] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 171.184427] 8021q: adding VLAN 0 to HW filter on device batadv0 13:55:05 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b3a, 0x3) 13:55:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @aes128, 0x8, "990d67358757c295"}) wait4(0x0, 0x0, 0x80000000, 0x0) tkill(0x0, 0x9) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xffff00000}, {0x80000006}]}, 0x10) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$vcsu(0xffffffffffffff9c, 0x0, 0x2, 0x0) pipe(&(0x7f00000002c0)) creat(0x0, 0x0) 13:55:05 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_elf64(r0, &(0x7f0000000200)={{0x1b, 0x29, 0x4b, 0x9b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) 13:55:05 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000004c0)=""/102400, 0x19000) 13:55:05 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000004c0)=""/102400, 0x19000) 13:55:05 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x401000000001, 0x0) perf_event_open(0x0, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) close(r0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x2, 0x0) r1 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x208200) sendfile(r0, r1, 0x0, 0x8000fffffffe) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x0) 13:55:05 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000004c0)=""/102400, 0x19000) 13:55:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x64f0807f, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x373, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x0) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r2, 0x0, 0xedc0) socket$inet6(0xa, 0x401000000001, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) 13:55:05 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000004c0)=""/102400, 0x19000) 13:55:06 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ttyS3\x00', 0x41, 0x0) 13:55:06 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000004c0)=""/102400, 0x19000) [ 171.820599] ================================================================== [ 171.820653] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0 [ 171.820674] Read of size 2 at addr ffff8880a5bb1400 by task syz-executor.0/7851 [ 171.820679] [ 171.820695] CPU: 1 PID: 7851 Comm: syz-executor.0 Not tainted 4.19.88-syzkaller #0 [ 171.820705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.820711] Call Trace: [ 171.820730] dump_stack+0x197/0x210 [ 171.820748] ? vcs_scr_readw+0xc2/0xd0 [ 171.820766] print_address_description.cold+0x7c/0x20d [ 171.820782] ? vcs_scr_readw+0xc2/0xd0 [ 171.820796] kasan_report.cold+0x8c/0x2ba [ 171.820817] __asan_report_load2_noabort+0x14/0x20 [ 171.820831] vcs_scr_readw+0xc2/0xd0 [ 171.820846] vcs_write+0x646/0xcf0 [ 171.820875] ? vcs_size+0x240/0x240 [ 171.820891] ? find_get_entry+0x3e1/0xa00 [ 171.820912] __vfs_write+0x114/0x810 [ 171.820924] ? ondemand_readahead+0x54b/0xcd0 [ 171.820936] ? vcs_size+0x240/0x240 [ 171.820950] ? kernel_read+0x120/0x120 [ 171.820965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.820980] ? copy_page_to_iter+0x45a/0xd50 [ 171.821017] __kernel_write+0x110/0x390 [ 171.821035] write_pipe_buf+0x15d/0x1f0 [ 171.821050] ? do_splice_direct+0x2a0/0x2a0 [ 171.821072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.821086] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 171.821100] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.821117] __splice_from_pipe+0x391/0x7d0 [ 171.821132] ? do_splice_direct+0x2a0/0x2a0 [ 171.821153] ? do_splice_direct+0x2a0/0x2a0 [ 171.821167] splice_from_pipe+0x108/0x170 [ 171.821183] ? splice_shrink_spd+0xd0/0xd0 [ 171.821209] ? security_file_permission+0x89/0x230 [ 171.821228] default_file_splice_write+0x3c/0x90 [ 171.821241] ? generic_splice_sendpage+0x50/0x50 [ 171.821257] direct_splice_actor+0x123/0x190 [ 171.821274] splice_direct_to_actor+0x2e7/0x890 [ 171.821289] ? generic_pipe_buf_nosteal+0x10/0x10 [ 171.821306] ? do_splice_to+0x180/0x180 [ 171.821323] ? security_file_permission+0x89/0x230 [ 171.821340] ? rw_verify_area+0x118/0x360 [ 171.821356] do_splice_direct+0x1da/0x2a0 [ 171.821373] ? splice_direct_to_actor+0x890/0x890 [ 171.821392] ? security_file_permission+0x89/0x230 [ 171.821409] ? rw_verify_area+0x118/0x360 [ 171.821427] do_sendfile+0x597/0xce0 [ 171.821447] ? do_compat_pwritev64+0x1c0/0x1c0 [ 171.821459] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.821473] ? put_timespec64+0xda/0x140 [ 171.821498] __x64_sys_sendfile64+0x1dd/0x220 [ 171.821514] ? __ia32_sys_sendfile+0x230/0x230 [ 171.821528] ? do_syscall_64+0x26/0x620 [ 171.821544] ? lockdep_hardirqs_on+0x415/0x5d0 [ 171.821560] ? trace_hardirqs_on+0x67/0x220 [ 171.821578] do_syscall_64+0xfd/0x620 [ 171.821598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.821610] RIP: 0033:0x45a6f9 [ 171.821623] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.821632] RSP: 002b:00007fa91331fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 171.821646] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a6f9 [ 171.821655] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 171.821671] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 171.821680] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fa9133206d4 [ 171.821690] R13: 00000000004c8fb9 R14: 00000000004e0b38 R15: 00000000ffffffff [ 171.821710] [ 171.821717] Allocated by task 1: [ 171.821731] save_stack+0x45/0xd0 [ 171.821745] kasan_kmalloc+0xce/0xf0 [ 171.821756] __kmalloc+0x15d/0x750 [ 171.821768] vc_do_resize+0x262/0x14a0 [ 171.821778] vc_resize+0x4d/0x60 [ 171.821789] fbcon_init+0x1062/0x1b00 [ 171.821800] visual_init+0x337/0x620 [ 171.821811] do_bind_con_driver+0x549/0x8c0 [ 171.821823] do_take_over_console+0x449/0x590 [ 171.821835] do_fbcon_takeover+0x116/0x220 [ 171.821847] fbcon_event_notify+0x1786/0x1dba [ 171.821860] notifier_call_chain+0xc2/0x230 [ 171.821874] blocking_notifier_call_chain+0x94/0xb0 [ 171.821886] fb_notifier_call_chain+0x25/0x30 [ 171.821898] register_framebuffer+0x61d/0xa70 [ 171.821910] vga16fb_probe+0x711/0x825 [ 171.821921] platform_drv_probe+0x93/0x160 [ 171.821931] really_probe+0x4a0/0x650 [ 171.821941] driver_probe_device+0x103/0x1b0 [ 171.821951] __device_attach_driver+0x225/0x290 [ 171.821963] bus_for_each_drv+0x16c/0x1f0 [ 171.821973] __device_attach+0x237/0x350 [ 171.821984] device_initial_probe+0x1b/0x20 [ 171.821995] bus_probe_device+0x1f7/0x2a0 [ 171.822007] device_add+0xb42/0x1760 [ 171.822019] platform_device_add+0x366/0x6f0 [ 171.822032] vga16fb_init+0x15f/0x1d6 [ 171.822044] do_one_initcall+0x107/0x78c [ 171.822058] kernel_init_freeable+0x4d4/0x5c8 [ 171.822070] kernel_init+0x12/0x1c4 [ 171.822083] ret_from_fork+0x24/0x30 [ 171.822086] [ 171.822093] Freed by task 0: [ 171.822097] (stack is not available) [ 171.822100] [ 171.822111] The buggy address belongs to the object at ffff8880a5bb0140 [ 171.822111] which belongs to the cache kmalloc-8192 of size 8192 [ 171.822123] The buggy address is located 4800 bytes inside of [ 171.822123] 8192-byte region [ffff8880a5bb0140, ffff8880a5bb2140) [ 171.822127] The buggy address belongs to the page: [ 171.822140] page:ffffea000296ec00 count:1 mapcount:0 mapping:ffff88812c315080 index:0x0 compound_mapcount: 0 [ 171.822154] flags: 0xfffe0000008100(slab|head) [ 171.822172] raw: 00fffe0000008100 ffffea00029bea08 ffffea00028c4208 ffff88812c315080 [ 171.822188] raw: 0000000000000000 ffff8880a5bb0140 0000000100000001 0000000000000000 [ 171.822194] page dumped because: kasan: bad access detected [ 171.822198] [ 171.822202] Memory state around the buggy address: [ 171.822213] ffff8880a5bb1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 171.822224] ffff8880a5bb1380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 171.822235] >ffff8880a5bb1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 171.822240] ^ [ 171.822250] ffff8880a5bb1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 171.822261] ffff8880a5bb1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 171.822266] ================================================================== [ 171.822271] Disabling lock debugging due to kernel taint [ 171.845291] Kernel panic - not syncing: panic_on_warn set ... [ 171.845291] [ 171.845310] CPU: 1 PID: 7851 Comm: syz-executor.0 Tainted: G B 4.19.88-syzkaller #0 [ 171.845319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.845323] Call Trace: [ 171.845346] dump_stack+0x197/0x210 [ 171.845364] ? vcs_scr_readw+0xc2/0xd0 [ 171.845376] panic+0x26a/0x50e [ 171.845387] ? __warn_printk+0xf3/0xf3 [ 171.845400] ? vcs_scr_readw+0xc2/0xd0 [ 171.845415] ? preempt_schedule+0x4b/0x60 [ 171.845431] ? ___preempt_schedule+0x16/0x18 [ 171.845447] ? trace_hardirqs_on+0x5e/0x220 [ 171.845461] ? vcs_scr_readw+0xc2/0xd0 [ 171.845474] kasan_end_report+0x47/0x4f [ 171.845487] kasan_report.cold+0xa9/0x2ba [ 171.845505] __asan_report_load2_noabort+0x14/0x20 [ 171.845518] vcs_scr_readw+0xc2/0xd0 [ 171.845532] vcs_write+0x646/0xcf0 [ 171.845552] ? vcs_size+0x240/0x240 [ 171.845566] ? find_get_entry+0x3e1/0xa00 [ 171.845583] __vfs_write+0x114/0x810 [ 171.845595] ? ondemand_readahead+0x54b/0xcd0 [ 171.845607] ? vcs_size+0x240/0x240 [ 171.845619] ? kernel_read+0x120/0x120 [ 171.845633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.845646] ? copy_page_to_iter+0x45a/0xd50 [ 171.845679] __kernel_write+0x110/0x390 [ 171.845693] write_pipe_buf+0x15d/0x1f0 [ 171.845707] ? do_splice_direct+0x2a0/0x2a0 [ 171.845720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.845733] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 171.845745] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.845766] __splice_from_pipe+0x391/0x7d0 [ 171.845779] ? do_splice_direct+0x2a0/0x2a0 [ 171.845795] ? do_splice_direct+0x2a0/0x2a0 [ 171.845806] splice_from_pipe+0x108/0x170 [ 171.845818] ? splice_shrink_spd+0xd0/0xd0 [ 171.845836] ? security_file_permission+0x89/0x230 [ 171.845850] default_file_splice_write+0x3c/0x90 [ 171.845863] ? generic_splice_sendpage+0x50/0x50 [ 171.845875] direct_splice_actor+0x123/0x190 [ 171.845890] splice_direct_to_actor+0x2e7/0x890 [ 171.845903] ? generic_pipe_buf_nosteal+0x10/0x10 [ 171.845916] ? do_splice_to+0x180/0x180 [ 171.845928] ? security_file_permission+0x89/0x230 [ 171.845941] ? rw_verify_area+0x118/0x360 [ 171.845952] do_splice_direct+0x1da/0x2a0 [ 171.845966] ? splice_direct_to_actor+0x890/0x890 [ 171.845980] ? security_file_permission+0x89/0x230 [ 171.845993] ? rw_verify_area+0x118/0x360 [ 171.846004] do_sendfile+0x597/0xce0 [ 171.846019] ? do_compat_pwritev64+0x1c0/0x1c0 [ 171.846030] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.846045] ? put_timespec64+0xda/0x140 [ 171.846064] __x64_sys_sendfile64+0x1dd/0x220 [ 171.846078] ? __ia32_sys_sendfile+0x230/0x230 [ 171.846091] ? do_syscall_64+0x26/0x620 [ 171.846106] ? lockdep_hardirqs_on+0x415/0x5d0 [ 171.846119] ? trace_hardirqs_on+0x67/0x220 [ 171.846134] do_syscall_64+0xfd/0x620 [ 171.846150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.846161] RIP: 0033:0x45a6f9 [ 171.846177] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.846186] RSP: 002b:00007fa91331fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 171.846198] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a6f9 [ 171.846206] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 171.846214] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 171.846222] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fa9133206d4 [ 171.846230] R13: 00000000004c8fb9 R14: 00000000004e0b38 R15: 00000000ffffffff [ 171.847491] Kernel Offset: disabled [ 172.796005] Rebooting in 86400 seconds..