[ 162.309048][ T39] audit: type=1400 audit(1594806470.948:41): avc: denied { map } for pid=9813 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:21714' (ECDSA) to the list of known hosts. 2020/07/15 09:47:54 fuzzer started [ 165.552652][ T39] audit: type=1400 audit(1594806474.188:42): avc: denied { map } for pid=9825 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/15 09:47:54 dialing manager at 10.0.2.10:46325 [ 166.140285][ T39] audit: type=1400 audit(1594806474.778:43): avc: denied { integrity } for pid=9843 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 2020/07/15 09:47:54 syscalls: 3200 2020/07/15 09:47:54 code coverage: enabled 2020/07/15 09:47:54 comparison tracing: enabled 2020/07/15 09:47:54 extra coverage: enabled 2020/07/15 09:47:54 setuid sandbox: enabled 2020/07/15 09:47:54 namespace sandbox: enabled 2020/07/15 09:47:54 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/15 09:47:54 fault injection: enabled 2020/07/15 09:47:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/15 09:47:54 net packet injection: enabled 2020/07/15 09:47:54 net device setup: enabled 2020/07/15 09:47:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/15 09:47:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/15 09:47:54 USB emulation: enabled 09:48:39 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x100}) [ 210.826325][ T39] audit: type=1400 audit(1594806519.458:44): avc: denied { map } for pid=9847 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1061 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 09:48:39 executing program 1: add_key$user(&(0x7f0000000180)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r0, r1}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={'vmac64(aes)\x00'}}) 09:48:39 executing program 2: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x0, 0x0) preadv(r0, &(0x7f0000001b00)=[{&(0x7f0000001b40)=""/102400, 0x19008}], 0x6, 0x0) [ 211.599216][ T9850] IPVS: ftp: loaded support on port[0] = 21 [ 211.599252][ T9849] IPVS: ftp: loaded support on port[0] = 21 09:48:40 executing program 3: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000040004c000100480001000700010078740000380002802a0006eb250000006e676c65000000000000000000000000000000000000473c0600000180ffffffffffff00080002"], 0x1}}, 0x0) write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[], 0xfffffecc) r4 = socket$netlink(0x10, 0x3, 0x0) splice(r2, 0x0, r4, 0x0, 0x4ffe0, 0x0) [ 211.906008][ T9853] IPVS: ftp: loaded support on port[0] = 21 [ 212.078678][ T9854] IPVS: ftp: loaded support on port[0] = 21 [ 212.117555][ T9849] chnl_net:caif_netlink_parms(): no params data found [ 212.200698][ T9850] chnl_net:caif_netlink_parms(): no params data found [ 212.456836][ T9853] chnl_net:caif_netlink_parms(): no params data found [ 212.486344][ T9850] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.505770][ T9850] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.527547][ T9850] device bridge_slave_0 entered promiscuous mode [ 212.559635][ T9850] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.577050][ T9850] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.593537][ T9850] device bridge_slave_1 entered promiscuous mode [ 212.637170][ T9849] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.658135][ T9849] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.677209][ T9849] device bridge_slave_0 entered promiscuous mode [ 212.700117][ T9849] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.719496][ T9849] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.742716][ T9849] device bridge_slave_1 entered promiscuous mode [ 212.819162][ T9849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.881274][ T9850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.929130][ T9849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.002435][ T9850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.155320][ T9849] team0: Port device team_slave_0 added [ 213.209050][ T9850] team0: Port device team_slave_0 added [ 213.249995][ T9853] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.288380][ T9853] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.391440][ C1] hrtimer: interrupt took 37958477 ns [ 213.749102][ T9853] device bridge_slave_0 entered promiscuous mode [ 213.987017][ T9849] team0: Port device team_slave_1 added [ 214.099956][ T9850] team0: Port device team_slave_1 added [ 214.178484][ T9853] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.205948][ T9853] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.236877][ T9853] device bridge_slave_1 entered promiscuous mode [ 214.455450][ T9853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 214.501996][ T9850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 214.535413][ T9850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.608348][ T9850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.667738][ T9850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.687548][ T9850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.747499][ T9850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 214.776515][ T9849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 214.790150][ T9849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.828465][ T9849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.852883][ T9853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 214.878365][ T9854] chnl_net:caif_netlink_parms(): no params data found [ 214.895805][ T9849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.914652][ T9849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.005964][ T9849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.201872][ T9850] device hsr_slave_0 entered promiscuous mode [ 215.289718][ T9850] device hsr_slave_1 entered promiscuous mode [ 215.399312][ T9853] team0: Port device team_slave_0 added [ 215.444856][ T9853] team0: Port device team_slave_1 added [ 215.598865][ T9849] device hsr_slave_0 entered promiscuous mode [ 215.774218][ T9849] device hsr_slave_1 entered promiscuous mode [ 215.843435][ T9849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 215.856430][ T9849] Cannot create hsr debugfs directory [ 215.929230][ T9853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.953161][ T9853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.040360][ T9853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.095130][ T9853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.112049][ T9853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.202990][ T9853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.266978][ T9854] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.278550][ T9854] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.298192][ T9854] device bridge_slave_0 entered promiscuous mode [ 216.317994][ T9854] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.345860][ T9854] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.370881][ T9854] device bridge_slave_1 entered promiscuous mode [ 216.477094][ T9853] device hsr_slave_0 entered promiscuous mode [ 216.553780][ T9853] device hsr_slave_1 entered promiscuous mode [ 216.633519][ T9853] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 216.659064][ T9853] Cannot create hsr debugfs directory [ 216.726020][ T9854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.759958][ T9854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.906586][ T9854] team0: Port device team_slave_0 added [ 216.955195][ T9854] team0: Port device team_slave_1 added [ 217.052256][ T9854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.073003][ T9854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.139814][ T9854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.255987][ T9854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.276821][ T9854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.352190][ T9854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.415658][ T39] audit: type=1400 audit(1594806526.048:45): avc: denied { create } for pid=9850 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 217.461647][ T9850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 217.488957][ T39] audit: type=1400 audit(1594806526.058:46): avc: denied { write } for pid=9850 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 217.558707][ T39] audit: type=1400 audit(1594806526.078:47): avc: denied { read } for pid=9850 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 217.676514][ T9850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 217.807161][ T9850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 217.906440][ T9854] device hsr_slave_0 entered promiscuous mode [ 218.014052][ T9854] device hsr_slave_1 entered promiscuous mode [ 218.093496][ T9854] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.113569][ T9854] Cannot create hsr debugfs directory [ 218.127666][ T9849] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 218.226873][ T9849] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 218.345549][ T9850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 218.441270][ T9849] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 218.550586][ T9849] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 218.760427][ T9853] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 218.840418][ T9853] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 218.936370][ T9853] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 219.021238][ T9853] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 219.345471][ T9854] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 219.501573][ T9854] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 219.609402][ T9854] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 219.699517][ T9854] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 219.952517][ T9850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.032457][ T9849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.070462][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.118204][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.165234][ T9853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.194348][ T9850] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.234918][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.270962][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.300117][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.335778][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.380445][ T9853] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.424745][ T9849] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.460892][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.494164][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.524921][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.547078][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.588750][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.618633][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.640584][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.668886][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.686875][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.709051][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.734383][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.750998][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.765920][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.787588][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.821720][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.851486][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.870193][ T1217] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.883407][ T1217] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.917749][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.950094][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.979494][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.006528][ T1217] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.026362][ T1217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.075614][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.094088][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.112405][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.127000][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.142377][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.159584][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.177210][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.194277][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.222468][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.252650][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.295818][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.332637][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.361482][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.384519][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.408871][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.437971][ T9854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.468903][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.493513][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.514337][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.538870][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.557101][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.584795][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.623649][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.660162][ T9854] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.676713][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.704095][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.726582][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.737941][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.754408][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.779324][ T9849] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 221.820363][ T9849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.855781][ T9850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.885028][ T9850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.916328][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.958159][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.989465][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.014263][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 222.045147][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.068369][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 222.096124][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 222.142117][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.168295][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.194810][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.222759][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.248341][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.278847][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.311661][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.359369][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.404761][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.470099][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.531768][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.582241][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.631043][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.696095][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 222.754145][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.840443][ T9850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.965793][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.019875][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.078475][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.139579][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.198932][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.260970][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.330119][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.330465][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.441288][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.534895][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.592872][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.647522][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 223.705952][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.774062][ T9849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.843034][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.917745][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.969003][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.028560][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.090452][ T9853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.154746][ T9854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 224.194843][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 224.242051][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 224.284480][ T9850] device veth0_vlan entered promiscuous mode [ 224.329777][ T9850] device veth1_vlan entered promiscuous mode [ 224.375127][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 224.424112][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 224.471778][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 224.515774][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 224.560346][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 224.632331][ T9854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.687479][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 224.738406][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.799916][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 224.843761][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 224.904228][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 224.949822][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 224.992455][ T9849] device veth0_vlan entered promiscuous mode [ 225.029011][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 225.068029][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 225.125985][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 225.175420][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 225.221221][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 225.275790][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 225.334577][ T9849] device veth1_vlan entered promiscuous mode [ 225.377277][ T9850] device veth0_macvtap entered promiscuous mode [ 225.433835][ T9853] device veth0_vlan entered promiscuous mode [ 225.514208][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 225.555750][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 225.587027][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 225.630526][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 225.657729][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 225.696342][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 225.740058][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 225.774065][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 225.812140][ T9850] device veth1_macvtap entered promiscuous mode [ 225.865333][ T9854] device veth0_vlan entered promiscuous mode [ 225.893350][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 225.912905][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 225.938873][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 225.968660][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 226.004798][ T9867] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 226.046507][ T9853] device veth1_vlan entered promiscuous mode [ 226.088419][ T9854] device veth1_vlan entered promiscuous mode [ 226.141382][ T9850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 226.174463][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 226.219672][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 226.256951][ T9850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 226.309811][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 226.371630][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 226.420960][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 226.464658][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 226.519095][ T9853] device veth0_macvtap entered promiscuous mode [ 226.561598][ T9849] device veth0_macvtap entered promiscuous mode [ 226.662210][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 226.764879][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 226.811052][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 226.852653][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 226.908367][ T9853] device veth1_macvtap entered promiscuous mode [ 226.954399][ T9849] device veth1_macvtap entered promiscuous mode [ 227.278001][ T9849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 227.331915][ T9849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.406473][ T9849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.470279][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 227.525865][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 227.589720][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 227.656123][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 227.954217][ T9854] device veth0_macvtap entered promiscuous mode [ 227.958609][ T39] audit: type=1400 audit(1594806536.598:48): avc: denied { associate } for pid=9850 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 228.063009][ T9854] device veth1_macvtap entered promiscuous mode [ 228.297721][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 228.357067][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 228.407478][ T9849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 228.468402][ T9849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.527305][ T9849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 228.571247][ T9853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 228.638296][ T9853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.705102][ T9853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 228.753662][ T9853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 228.806265][ T9853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 228.860223][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 228.904723][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 228.946677][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 228.987552][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 229.025567][ T9850] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 229.307616][ T9853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 229.381706][ T9853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.470955][ T9853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 229.570771][ T9853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 229.691934][ T9853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 229.807389][ T9854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 230.310469][ T9854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.544676][ T9854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 230.650849][ T9854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.724034][ T9854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 230.799135][ T9854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.799575][ T9883] could not allocate digest TFM handle vmac64(aes) [ 230.916093][ T9881] could not allocate digest TFM handle vmac64(aes) [ 231.426957][ T9854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 231.675148][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 231.821541][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 231.879767][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 231.942869][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 09:49:00 executing program 1: openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) [ 232.398302][ T9854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 232.466933][ T9854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.516255][ T9854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 232.572743][ T9854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.609306][ T9854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 09:49:01 executing program 1: openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) [ 232.656644][ T9854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.722420][ T9854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.802572][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 09:49:01 executing program 1: openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) [ 232.847153][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 09:49:01 executing program 1: openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) [ 233.201664][ T9901] ================================================================== [ 233.203291][ T9901] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 233.203291][ T9901] Write of size 8 at addr ffffc900095b1000 by task syz-executor.0/9901 [ 233.203291][ T9901] [ 233.203291][ T9901] CPU: 3 PID: 9901 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 233.203291][ T9901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 233.203291][ T9901] Call Trace: [ 233.203291][ T9901] dump_stack+0x18f/0x20d [ 233.203291][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.203291][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.203291][ T9901] print_address_description.constprop.0.cold+0x5/0x436 [ 233.203291][ T9901] ? lockdep_hardirqs_off+0x66/0xa0 [ 233.203291][ T9901] ? vprintk_func+0x97/0x1a6 [ 233.203291][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.203291][ T9901] kasan_report.cold+0x1f/0x37 [ 233.203291][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.203291][ T9901] bitfill_aligned+0x34a/0x400 [ 233.203291][ T9901] sys_fillrect+0x408/0x7a0 [ 233.203291][ T9901] ? sys_fillrect+0x7a0/0x7a0 [ 233.203291][ T9901] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 233.203291][ T9901] bit_clear_margins+0x2d5/0x4a0 [ 233.203291][ T9901] ? bit_bmove+0x210/0x210 [ 233.203291][ T9901] ? fb_get_color_depth+0x11a/0x240 [ 233.203291][ T9901] fbcon_clear_margins+0x1d5/0x230 [ 233.203291][ T9901] fbcon_switch+0xb6e/0x16c0 [ 233.203291][ T9901] ? fbcon_scroll+0x3600/0x3600 [ 233.203291][ T9901] ? fbcon_cursor+0x52b/0x650 [ 233.203291][ T9901] ? kmalloc_array.constprop.0+0x20/0x20 [ 233.203291][ T9901] ? is_console_locked+0x5/0x10 [ 233.203291][ T9901] ? fbcon_set_origin+0x26/0x50 [ 233.203291][ T9901] redraw_screen+0x2ae/0x770 [ 233.203291][ T9901] ? vc_init+0x440/0x440 [ 233.203291][ T9901] fbcon_modechanged+0x575/0x710 [ 233.203291][ T9901] fbcon_update_vcs+0x3a/0x50 [ 233.203291][ T9901] fb_set_var+0xae8/0xd60 [ 233.203291][ T9901] ? fb_blank+0x190/0x190 [ 233.203291][ T9901] ? lock_release+0x8d0/0x8d0 [ 233.203291][ T9901] ? lock_is_held_type+0xb0/0xe0 [ 233.203291][ T9901] ? do_fb_ioctl+0x2f2/0x6c0 [ 233.203291][ T9901] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 233.203291][ T9901] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 233.203291][ T9901] ? trace_hardirqs_on+0x5f/0x220 [ 233.203291][ T9901] do_fb_ioctl+0x33f/0x6c0 [ 233.203291][ T9901] ? fb_set_suspend+0x1a0/0x1a0 [ 233.203291][ T9901] ? tomoyo_execute_permission+0x470/0x470 [ 233.203291][ T9901] ? lock_is_held_type+0xb0/0xe0 [ 233.203291][ T9901] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 233.203291][ T9901] ? do_vfs_ioctl+0x27d/0x1090 [ 233.203291][ T9901] ? __fget_files+0x294/0x400 [ 233.203291][ T9901] fb_ioctl+0xdd/0x130 [ 233.203291][ T9901] ? do_fb_ioctl+0x6c0/0x6c0 [ 233.203291][ T9901] ksys_ioctl+0x11a/0x180 [ 233.203291][ T9901] __x64_sys_ioctl+0x6f/0xb0 [ 233.203291][ T9901] ? lockdep_hardirqs_on+0x6a/0xe0 [ 233.203291][ T9901] do_syscall_64+0x60/0xe0 [ 233.203291][ T9901] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 233.203291][ T9901] RIP: 0033:0x45c939 [ 233.203291][ T9901] Code: Bad RIP value. [ 233.203291][ T9901] RSP: 002b:00007fad8cd9fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.203291][ T9901] RAX: ffffffffffffffda RBX: 000000000074bf00 RCX: 000000000045c939 [ 233.203291][ T9901] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 233.203291][ T9901] RBP: 00000000006fa580 R08: 0000000000000000 R09: 0000000000000000 [ 233.203291][ T9901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad8cda06d4 [ 233.203291][ T9901] R13: 0000000000000311 R14: 00000000006ee140 R15: 00000000004ac68f [ 233.203291][ T9901] [ 233.203291][ T9901] [ 233.203291][ T9901] Memory state around the buggy address: [ 233.203291][ T9901] ffffc900095b0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 233.203291][ T9901] ffffc900095b0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 233.203291][ T9901] >ffffc900095b1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 233.203291][ T9901] ^ [ 233.203291][ T9901] ffffc900095b1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 233.203291][ T9901] ffffc900095b1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 233.203291][ T9901] ================================================================== [ 233.203291][ T9901] Disabling lock debugging due to kernel taint [ 233.242497][ T9901] Kernel panic - not syncing: panic_on_warn set ... [ 233.242707][ T9901] CPU: 3 PID: 9901 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 233.242713][ T9901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 233.242803][ T9901] Call Trace: [ 233.243496][ T9901] dump_stack+0x18f/0x20d [ 233.243508][ T9901] ? bitfill_aligned+0x300/0x400 [ 233.243517][ T9901] panic+0x2e3/0x75c [ 233.243526][ T9901] ? __warn_printk+0xf3/0xf3 [ 233.243575][ T9901] ? preempt_schedule_common+0x59/0xc0 [ 233.243584][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.243593][ T9901] ? preempt_schedule_thunk+0x16/0x18 [ 233.243601][ T9901] ? trace_hardirqs_on+0x55/0x220 [ 233.243609][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.243609][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.243609][ T9901] end_report+0x4d/0x53 [ 233.243609][ T9901] kasan_report.cold+0xd/0x37 [ 233.243609][ T9901] ? bitfill_aligned+0x34a/0x400 [ 233.243609][ T9901] bitfill_aligned+0x34a/0x400 [ 233.243609][ T9901] sys_fillrect+0x408/0x7a0 [ 233.243609][ T9901] ? sys_fillrect+0x7a0/0x7a0 [ 233.243609][ T9901] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 233.243609][ T9901] bit_clear_margins+0x2d5/0x4a0 [ 233.243609][ T9901] ? bit_bmove+0x210/0x210 [ 233.243609][ T9901] ? fb_get_color_depth+0x11a/0x240 [ 233.243609][ T9901] fbcon_clear_margins+0x1d5/0x230 [ 233.243609][ T9901] fbcon_switch+0xb6e/0x16c0 [ 233.243609][ T9901] ? fbcon_scroll+0x3600/0x3600 [ 233.243609][ T9901] ? fbcon_cursor+0x52b/0x650 [ 233.243609][ T9901] ? kmalloc_array.constprop.0+0x20/0x20 [ 233.243609][ T9901] ? is_console_locked+0x5/0x10 [ 233.243609][ T9901] ? fbcon_set_origin+0x26/0x50 [ 233.243609][ T9901] redraw_screen+0x2ae/0x770 [ 233.243609][ T9901] ? vc_init+0x440/0x440 [ 233.243609][ T9901] fbcon_modechanged+0x575/0x710 [ 233.243609][ T9901] fbcon_update_vcs+0x3a/0x50 [ 233.243609][ T9901] fb_set_var+0xae8/0xd60 [ 233.243609][ T9901] ? fb_blank+0x190/0x190 [ 233.243609][ T9901] ? lock_release+0x8d0/0x8d0 [ 233.243609][ T9901] ? lock_is_held_type+0xb0/0xe0 [ 233.243609][ T9901] ? do_fb_ioctl+0x2f2/0x6c0 [ 233.243609][ T9901] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 233.243609][ T9901] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 233.243609][ T9901] ? trace_hardirqs_on+0x5f/0x220 [ 233.243609][ T9901] do_fb_ioctl+0x33f/0x6c0 [ 233.243609][ T9901] ? fb_set_suspend+0x1a0/0x1a0 [ 233.243609][ T9901] ? tomoyo_execute_permission+0x470/0x470 [ 233.243609][ T9901] ? lock_is_held_type+0xb0/0xe0 [ 233.243609][ T9901] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 233.243609][ T9901] ? do_vfs_ioctl+0x27d/0x1090 [ 233.243609][ T9901] ? __fget_files+0x294/0x400 [ 233.243609][ T9901] fb_ioctl+0xdd/0x130 [ 233.243609][ T9901] ? do_fb_ioctl+0x6c0/0x6c0 [ 233.243609][ T9901] ksys_ioctl+0x11a/0x180 [ 233.243609][ T9901] __x64_sys_ioctl+0x6f/0xb0 [ 233.243609][ T9901] ? lockdep_hardirqs_on+0x6a/0xe0 [ 233.243609][ T9901] do_syscall_64+0x60/0xe0 [ 233.243609][ T9901] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 233.243609][ T9901] RIP: 0033:0x45c939 [ 233.243609][ T9901] Code: Bad RIP value. [ 233.243609][ T9901] RSP: 002b:00007fad8cd9fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.243609][ T9901] RAX: ffffffffffffffda RBX: 000000000074bf00 RCX: 000000000045c939 [ 233.243609][ T9901] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 233.243609][ T9901] RBP: 00000000006fa580 R08: 0000000000000000 R09: 0000000000000000 [ 233.243609][ T9901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad8cda06d4 [ 233.243609][ T9901] R13: 0000000000000311 R14: 00000000006ee140 R15: 00000000004ac68f [ 233.243609][ T9901] Kernel Offset: disabled [ 233.243609][ T9901] Rebooting in 86400 seconds..