Warning: Permanently added '[localhost]:64283' (ECDSA) to the list of known hosts. 2020/07/26 00:47:46 fuzzer started [ 335.909531][ T41] audit: type=1400 audit(1595724465.923:42): avc: denied { map } for pid=12938 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/26 00:47:47 dialing manager at 10.0.2.10:41427 2020/07/26 00:47:48 syscalls: 3243 2020/07/26 00:47:48 code coverage: enabled 2020/07/26 00:47:48 comparison tracing: enabled 2020/07/26 00:47:48 extra coverage: enabled 2020/07/26 00:47:48 setuid sandbox: enabled 2020/07/26 00:47:48 namespace sandbox: enabled 2020/07/26 00:47:48 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/26 00:47:48 fault injection: enabled 2020/07/26 00:47:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/26 00:47:48 net packet injection: enabled 2020/07/26 00:47:48 net device setup: enabled 2020/07/26 00:47:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/26 00:47:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/26 00:47:48 USB emulation: enabled [ 338.155592][ T41] audit: type=1400 audit(1595724468.163:43): avc: denied { integrity } for pid=12957 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 00:49:39 executing program 0: r0 = socket(0x1000000010, 0x80002, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f00000001c0), 0x4) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xe}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x2c, 0x2, [@TCA_U32_SEL={0x14}, @TCA_U32_INDEV={0x14, 0x8, 'wg1\x00'}]}}]}, 0x58}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 451.979568][ T41] audit: type=1400 audit(1595724581.943:44): avc: denied { map } for pid=12958 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=24615 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 00:49:42 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 00:49:44 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)={0x58, 0x1, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @loopback}}}]}, @CTA_EXPECT_ZONE={0x6}]}, 0x58}}, 0x0) [ 454.557682][T12959] IPVS: ftp: loaded support on port[0] = 21 [ 454.770296][T12961] IPVS: ftp: loaded support on port[0] = 21 00:49:45 executing program 3: syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a9d46840b113420012710000000109021b000100000000090400800143aead00090581"], 0x0) [ 456.833707][T12959] chnl_net:caif_netlink_parms(): no params data found [ 456.868562][T12964] IPVS: ftp: loaded support on port[0] = 21 [ 457.058832][T12961] chnl_net:caif_netlink_parms(): no params data found [ 457.568291][T12968] IPVS: ftp: loaded support on port[0] = 21 [ 457.895493][T12959] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.997793][T12959] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.144207][T12959] device bridge_slave_0 entered promiscuous mode [ 458.299694][T12961] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.395820][T12961] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.486629][T12961] device bridge_slave_0 entered promiscuous mode [ 458.624477][T12959] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.715340][T12959] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.801190][T12959] device bridge_slave_1 entered promiscuous mode [ 458.935073][T12961] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.005847][T12961] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.095621][T12961] device bridge_slave_1 entered promiscuous mode [ 459.314400][T12961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.510739][T12959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.693436][T12961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 459.884210][T12959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.128148][T12959] team0: Port device team_slave_0 added [ 460.338409][T12959] team0: Port device team_slave_1 added [ 460.430268][T12961] team0: Port device team_slave_0 added [ 460.624210][T12961] team0: Port device team_slave_1 added [ 460.907746][T12961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 461.021326][T12961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 461.428255][T12961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 461.635334][T12959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 461.778574][T12959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.201179][T12959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 462.474244][T12961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 462.585322][T12961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.979072][T12961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.196781][T12959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.301302][T12959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.684017][T12959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.873580][T12964] chnl_net:caif_netlink_parms(): no params data found [ 464.127027][T12959] device hsr_slave_0 entered promiscuous mode [ 464.271137][T12959] device hsr_slave_1 entered promiscuous mode [ 464.575217][T12961] device hsr_slave_0 entered promiscuous mode [ 464.692646][T12961] device hsr_slave_1 entered promiscuous mode [ 464.833179][T12961] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 464.926503][T12961] Cannot create hsr debugfs directory [ 465.076608][T12968] chnl_net:caif_netlink_parms(): no params data found [ 465.181260][T12964] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.269907][T12964] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.348636][T12964] device bridge_slave_0 entered promiscuous mode [ 465.496569][T12964] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.580620][T12964] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.664587][T12964] device bridge_slave_1 entered promiscuous mode [ 465.782401][T12964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 465.898664][T12964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 466.208724][T12964] team0: Port device team_slave_0 added [ 466.408648][T12964] team0: Port device team_slave_1 added [ 466.525946][T12968] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.603247][T12968] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.673907][T12968] device bridge_slave_0 entered promiscuous mode [ 466.789908][T12964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 466.862839][T12964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.108930][T12964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 467.220328][T12968] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.277163][T12968] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.349020][T12968] device bridge_slave_1 entered promiscuous mode [ 467.456260][T12964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 467.507714][T12964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.672478][T12964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 467.814080][T12968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.905656][T12968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 468.054149][T12964] device hsr_slave_0 entered promiscuous mode [ 468.154103][T12964] device hsr_slave_1 entered promiscuous mode [ 468.272335][T12964] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 468.303692][T12964] Cannot create hsr debugfs directory [ 468.390619][T12968] team0: Port device team_slave_0 added [ 468.423567][T12968] team0: Port device team_slave_1 added [ 468.520199][ T41] audit: type=1400 audit(1595724598.533:45): avc: denied { create } for pid=12959 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 468.546194][T12959] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 468.700963][ T41] audit: type=1400 audit(1595724598.533:46): avc: denied { write } for pid=12959 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 468.915759][ T41] audit: type=1400 audit(1595724598.533:47): avc: denied { read } for pid=12959 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 469.214796][T12968] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 469.268338][T12968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 469.527843][T12968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 469.641674][T12968] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 469.703368][T12968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 469.947550][T12968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 470.044501][T12959] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 470.259190][T12959] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 470.385327][T12959] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 470.485963][T12961] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 470.743895][T12961] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 470.907087][T12968] device hsr_slave_0 entered promiscuous mode [ 471.002934][T12968] device hsr_slave_1 entered promiscuous mode [ 471.093905][T12968] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 471.158982][T12968] Cannot create hsr debugfs directory [ 471.255226][T12961] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 471.448530][T12961] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 471.779904][T12964] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 471.960792][T12964] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 472.225538][T12964] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 472.418628][T12964] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 472.748451][T12968] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 472.964397][T12968] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 473.109408][T12968] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 473.254519][T12968] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 473.512174][T12959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 473.596006][T12961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 473.699093][T12961] 8021q: adding VLAN 0 to HW filter on device team0 [ 473.764417][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 473.861256][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 473.927760][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 474.005927][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 474.090885][ T1224] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.169098][ T1224] bridge0: port 1(bridge_slave_0) entered forwarding state [ 474.249170][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 474.399042][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 474.473361][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 474.555814][T12959] 8021q: adding VLAN 0 to HW filter on device team0 [ 474.633251][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 474.702789][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 474.780096][ T3130] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.842252][ T3130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.907164][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 474.993142][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 475.074842][ T3130] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.145930][ T3130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 475.234752][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 475.303214][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 475.378584][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 475.446088][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 475.518826][ T3130] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.583836][ T3130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 475.656318][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 475.755615][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 475.830745][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 475.907344][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 475.993417][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 476.083400][T12964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.173983][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 476.290379][T12968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.349057][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 476.426304][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 476.503184][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 476.573667][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 476.649213][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 476.729326][T12964] 8021q: adding VLAN 0 to HW filter on device team0 [ 476.804314][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 476.870048][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 476.933878][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 477.011342][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 477.083685][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 477.157081][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 477.236948][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 477.310011][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 477.382257][T12961] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 477.483441][T12961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 477.575396][T12968] 8021q: adding VLAN 0 to HW filter on device team0 [ 477.655224][T12959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 477.746205][T12959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 477.853402][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 477.933562][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 478.005255][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 478.086928][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 478.159978][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 478.216267][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 478.280175][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 478.355416][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 478.439437][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 478.518733][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 478.593863][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 478.652972][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 478.754034][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 478.808562][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 478.874306][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 478.920653][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 478.976886][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 479.030043][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 479.089688][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 479.158742][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.205182][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 479.243549][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 479.288934][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 479.329091][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.378662][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 479.435754][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 479.482849][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 479.533121][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 479.589107][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 479.672673][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 479.737139][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 479.799677][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 479.878664][T12961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 479.947407][T12959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 480.039774][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 480.116582][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 480.195237][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 480.269759][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 480.348942][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 480.567149][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 480.660561][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 480.711144][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 480.795222][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 480.884474][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 480.955621][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 481.034828][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 481.122642][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 481.209450][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 481.270923][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 481.358170][T12968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 481.444084][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 481.515197][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 481.588592][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 481.666925][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 482.277366][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 482.414207][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 482.913442][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 483.001291][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 483.138653][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 483.300779][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 483.464633][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 483.638223][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 483.766192][T12959] device veth0_vlan entered promiscuous mode [ 483.841204][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 483.931286][T12985] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 484.041338][T12968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.150046][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 484.257997][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 484.338691][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 484.426926][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 484.530035][T12964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.619547][T12959] device veth1_vlan entered promiscuous mode [ 484.708796][T12961] device veth0_vlan entered promiscuous mode [ 484.791347][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 484.884610][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 485.056255][T12961] device veth1_vlan entered promiscuous mode [ 485.156707][T12967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 485.280961][T12967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 485.490310][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 485.600522][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 485.716864][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 485.824022][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 485.937225][T12961] device veth0_macvtap entered promiscuous mode [ 486.058298][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 486.145920][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 486.249729][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 486.350200][ T3130] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 486.454135][T12961] device veth1_macvtap entered promiscuous mode [ 486.527271][T12968] device veth0_vlan entered promiscuous mode [ 486.625136][T12967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 486.729213][T12967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 486.848869][T12968] device veth1_vlan entered promiscuous mode [ 486.960875][T12959] device veth0_macvtap entered promiscuous mode [ 487.058159][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 487.162976][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 487.266672][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 487.349502][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 487.429525][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 487.506151][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 487.590625][T12964] device veth0_vlan entered promiscuous mode [ 487.678276][T12959] device veth1_macvtap entered promiscuous mode [ 487.773093][T12964] device veth1_vlan entered promiscuous mode [ 487.865799][T12961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 487.957616][T12961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 488.047469][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 488.130523][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 488.220326][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 488.306215][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 488.456598][T12959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 488.577799][T12959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.694319][T12959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 488.796719][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 488.877823][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 488.993123][T12968] device veth0_macvtap entered promiscuous mode [ 489.064734][T12959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 489.150462][T12959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 489.236442][T12959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 489.475390][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 489.560299][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 489.639906][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 489.731049][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 489.803708][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 489.868362][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 489.916923][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 489.983874][T12964] device veth0_macvtap entered promiscuous mode [ 490.105911][T12968] device veth1_macvtap entered promiscuous mode [ 490.273923][ T41] audit: type=1400 audit(1595724620.283:48): avc: denied { associate } for pid=12961 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 490.420833][T12964] device veth1_macvtap entered promiscuous mode [ 490.538152][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 490.621074][T12961] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 490.631090][T12968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 490.720143][T12968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.792534][T12968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 490.867254][T12968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.932927][T12968] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 491.038969][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 491.085957][T12990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 491.130869][T12995] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. [ 491.206493][T12968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 491.293230][T12968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.391839][T12968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 491.468811][T12968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 491.568465][T12968] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 491.695910][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 491.806337][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 491.943923][T12964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 492.064459][T12964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.169559][T12964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 492.302859][T12964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.375144][T12964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 492.469441][T12964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 492.565215][T12964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 492.708195][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 492.819954][T12977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 492.977121][T12964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 00:50:23 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 493.084558][T12964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.172198][T12964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 493.273196][T12964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.354596][T12964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 493.437509][T12964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 493.515750][T12964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 493.599588][T13005] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. [ 493.674891][T12967] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 00:50:23 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 493.728649][T12967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 493.958029][T13009] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. 00:50:24 executing program 0: r0 = socket(0x1000000010, 0x80002, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f00000001c0), 0x4) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xe}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x2c, 0x2, [@TCA_U32_SEL={0x14}, @TCA_U32_INDEV={0x14, 0x8, 'wg1\x00'}]}}]}, 0x58}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 00:50:24 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 494.268852][T13015] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. 00:50:24 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="c6", 0x1}], 0x1) 00:50:24 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 494.558799][T13026] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. 00:50:24 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 494.614515][ T41] audit: type=1400 audit(1595724624.633:49): avc: denied { create } for pid=13027 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 494.849115][T13031] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. [ 494.874689][ T41] audit: type=1400 audit(1595724624.663:50): avc: denied { write } for pid=13027 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 495.054453][T12977] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 495.484426][T12977] usb 8-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.525242][T12977] usb 8-1: config 0 interface 0 has no altsetting 0 [ 495.556444][T12977] usb 8-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=71.12 [ 495.589257][T12977] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.657122][T12977] usb 8-1: config 0 descriptor?? [ 495.949194][ T1224] usb 8-1: USB disconnect, device number 2 [ 496.743241][ T18] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 497.184591][ T18] usb 8-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 497.257480][ T18] usb 8-1: config 0 interface 0 has no altsetting 0 [ 497.323396][ T18] usb 8-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=71.12 00:50:27 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 00:50:27 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="c6", 0x1}], 0x1) 00:50:27 executing program 2: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000040), &(0x7f0000000180)=0x8) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0xfffffffa, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x404e20, 0x0, @empty}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0xe}}], 0x4000000000000d0, 0x0) [ 497.402650][ T18] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.499424][ T18] usb 8-1: config 0 descriptor?? 00:50:27 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) lseek(0xffffffffffffffff, 0x0, 0x1) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000040), &(0x7f0000000180)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0xfffffffa, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x404e20, 0x0, @empty}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0xe}}], 0x4000000000000d0, 0x0) [ 497.545669][T13040] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. [ 497.575117][ T18] usb 8-1: can't set config #0, error -71 [ 497.648292][ T41] audit: type=1400 audit(1595724627.663:51): avc: denied { open } for pid=13041 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 497.664083][ T41] audit: type=1400 audit(1595724627.683:52): avc: denied { confidentiality } for pid=13041 comm="syz-executor.2" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 497.819571][ T41] audit: type=1400 audit(1595724627.833:53): avc: denied { name_bind } for pid=13041 comm="syz-executor.2" src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 497.964826][ T18] usb 8-1: USB disconnect, device number 3 [ 498.289271][ T41] audit: type=1400 audit(1595724628.243:54): avc: denied { name_connect } for pid=13041 comm="syz-executor.2" dest=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 00:50:28 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 00:50:29 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="c6", 0x1}], 0x1) [ 499.026541][ T41] audit: type=1400 audit(1595724628.333:55): avc: denied { node_bind } for pid=13043 comm="syz-executor.3" src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 00:50:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRES16], 0x28}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0xd}, 0x1c) sendto$inet6(r0, &(0x7f0000000200)='\n', 0xfffffdef, 0x40080, 0x0, 0x1f4) 00:50:29 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x163, &(0x7f0000000140)="c4c691019919da070000000000000022addee06dee6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e29b9ab9b71362838350808ffdb2dc4a741357baa16dacdcfac32957d83d8c0b2e3482945fef116371f8c8c0c4db583ccd9dd3bf7a0b9daf36c29d2d3673af34a91a4a8844ee497e66452419a30843900bb4ff9a7df00000000008b63a2904f6e5a78ec1701398700b1a561a0e447e77fcdaa180e9af7a2e94d67de728540376955a28767071f81c523c6e030d18d00dd9114c29b483228abd9a6a1be2278af518916c70c858f6f562eb1619687db4f577c04a906f14af3767f86808f51b69e12090f0678513f05d93e666e4d18f1f76673049b50d1ad0bbc8ee5cfe61b01feb3a3ad4c2476ddab27b7103a5c03989c507944cb5ed4b5fbbfbd9b9e7148a800017a48987d09c18ee9a49513f1aa6cf53c7b2c92500b42b910b2a6ab2ce88fef16363fc898e4b90e3aa8c7040571e8"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = getpid() tkill(r1, 0x2f) [ 499.257529][T13056] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. 00:50:29 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)=ANY=[@ANYBLOB="d400000019001905000000400000000002200000ff02ff000000800008000100ac14140018009400111a8200040090f7c10f4b7024b5f0fa4c2629000c00080008"], 0xd4}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 00:50:29 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="c6", 0x1}], 0x1) 00:50:30 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x40, 0x1, 0x8, 0x0, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8}]}]}, 0x40}}, 0x0) [ 500.279872][T13071] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.1'. 00:50:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, 0x0, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x8400, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) 00:50:30 executing program 0: writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000140)="c6", 0x1}], 0x1) 00:50:30 executing program 0: writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000140)="c6", 0x1}], 0x1) 00:50:30 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 00:50:30 executing program 3: sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x20, 0x1, 0x7, 0x0, 0x0, 0x0, {}, [@NFACCT_PKTS={0xc}]}, 0x20}}, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) move_pages(0x0, 0x2c9, &(0x7f0000000000), &(0x7f000026bfec), &(0x7f0000002000), 0x0) [ 501.260784][T13090] ================================================================== [ 501.261839][T13090] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 501.261839][T13090] Write of size 8 at addr ffffc90009d71000 by task syz-executor.2/13090 [ 501.261839][T13090] [ 501.261839][T13090] CPU: 2 PID: 13090 Comm: syz-executor.2 Not tainted 5.8.0-rc6-syzkaller #0 [ 501.261839][T13090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 501.261839][T13090] Call Trace: [ 501.261839][T13090] dump_stack+0x18f/0x20d [ 501.261839][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.261839][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.261839][T13090] print_address_description.constprop.0.cold+0x5/0x436 [ 501.261839][T13090] ? lockdep_hardirqs_off+0x66/0xa0 [ 501.261839][T13090] ? vprintk_func+0x97/0x1a6 [ 501.261839][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.261839][T13090] kasan_report.cold+0x1f/0x37 [ 501.261839][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.261839][T13090] bitfill_aligned+0x34a/0x400 [ 501.261839][T13090] sys_fillrect+0x408/0x7a0 [ 501.261839][T13090] ? sys_fillrect+0x7a0/0x7a0 [ 501.261839][T13090] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 501.261839][T13090] bit_clear_margins+0x2d5/0x4a0 [ 501.261839][T13090] ? bit_bmove+0x210/0x210 [ 501.261839][T13090] fbcon_clear_margins+0x1d5/0x230 [ 501.261839][T13090] fbcon_switch+0xb6e/0x16c0 [ 501.261839][T13090] ? fbcon_scroll+0x3600/0x3600 [ 501.261839][T13090] ? fbcon_cursor+0x52b/0x650 [ 501.261839][T13090] ? kmalloc_array.constprop.0+0x20/0x20 [ 501.261839][T13090] ? is_console_locked+0x5/0x10 [ 501.261839][T13090] ? fbcon_set_origin+0x26/0x50 [ 501.261839][T13090] redraw_screen+0x2ae/0x770 [ 501.261839][T13090] ? vc_init+0x440/0x440 [ 501.261839][T13090] ? fb_get_color_depth+0x11a/0x240 [ 501.261839][T13090] ? fbcon_set_palette+0x3a8/0x490 [ 501.261839][T13090] fbcon_modechanged+0x575/0x710 [ 501.261839][T13090] fbcon_update_vcs+0x3a/0x50 [ 501.261839][T13090] fb_set_var+0xae8/0xd60 [ 501.261839][T13090] ? fb_blank+0x190/0x190 [ 501.261839][T13090] ? lock_release+0x8d0/0x8d0 [ 501.261839][T13090] ? lock_is_held_type+0xb0/0xe0 [ 501.261839][T13090] ? do_fb_ioctl+0x2f2/0x6c0 [ 501.261839][T13090] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 501.261839][T13090] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 501.261839][T13090] ? trace_hardirqs_on+0x5f/0x220 [ 501.261839][T13090] do_fb_ioctl+0x33f/0x6c0 [ 501.261839][T13090] ? fb_set_suspend+0x1a0/0x1a0 [ 501.261839][T13090] ? lockdep_hardirqs_on+0x6a/0xe0 [ 501.261839][T13090] ? _raw_spin_unlock_irq+0x55/0x80 [ 501.261839][T13090] ? finish_task_switch+0x147/0x750 [ 501.261839][T13090] ? finish_task_switch+0x119/0x750 [ 501.261839][T13090] ? __switch_to+0x4fb/0xe80 [ 501.261839][T13090] ? __schedule+0x927/0x2250 [ 501.261839][T13090] ? io_schedule_timeout+0x140/0x140 [ 501.261839][T13090] ? preempt_schedule_irq+0x88/0x150 [ 501.261839][T13090] ? lockdep_hardirqs_off+0x66/0xa0 [ 501.261839][T13090] fb_ioctl+0xdd/0x130 [ 501.261839][T13090] ? do_fb_ioctl+0x6c0/0x6c0 [ 501.261839][T13090] ksys_ioctl+0x11a/0x180 [ 501.261839][T13090] __x64_sys_ioctl+0x6f/0xb0 [ 501.261839][T13090] ? lockdep_hardirqs_on+0x6a/0xe0 [ 501.261839][T13090] do_syscall_64+0x60/0xe0 [ 501.261839][T13090] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.261839][T13090] RIP: 0033:0x45c1f9 [ 501.261839][T13090] Code: Bad RIP value. [ 501.261839][T13090] RSP: 002b:00007f4f4c200c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 501.261839][T13090] RAX: ffffffffffffffda RBX: 00000000006fc0c0 RCX: 000000000045c1f9 [ 501.261839][T13090] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000005 [ 501.261839][T13090] RBP: 00000000004a920e R08: 0000000000000000 R09: 0000000000000000 [ 501.261839][T13090] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bfa0 [ 501.261839][T13090] R13: 00007fff18c796ff R14: 00007f4f4c1e1000 R15: 0000000000000003 [ 501.261839][T13090] [ 501.261839][T13090] [ 501.261839][T13090] Memory state around the buggy address: [ 501.261839][T13090] ffffc90009d70f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 501.261839][T13090] ffffc90009d70f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 501.261839][T13090] >ffffc90009d71000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 501.261839][T13090] ^ [ 501.261839][T13090] ffffc90009d71080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 501.261839][T13090] ffffc90009d71100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 501.261839][T13090] ================================================================== [ 501.261839][T13090] Disabling lock debugging due to kernel taint [ 501.330879][T13090] Kernel panic - not syncing: panic_on_warn set ... [ 501.331329][T13090] CPU: 2 PID: 13090 Comm: syz-executor.2 Tainted: G B 5.8.0-rc6-syzkaller #0 [ 501.331335][T13090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 501.331456][T13090] Call Trace: [ 501.331851][T13090] dump_stack+0x18f/0x20d [ 501.331851][T13090] ? bitfill_aligned+0x2e0/0x400 [ 501.331851][T13090] panic+0x2e3/0x75c [ 501.331851][T13090] ? __warn_printk+0xf3/0xf3 [ 501.331851][T13090] ? preempt_schedule_common+0x59/0xc0 [ 501.331851][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.331851][T13090] ? preempt_schedule_thunk+0x16/0x18 [ 501.331851][T13090] ? trace_hardirqs_on+0x55/0x220 [ 501.331851][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.331851][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.331851][T13090] end_report+0x4d/0x53 [ 501.331851][T13090] kasan_report.cold+0xd/0x37 [ 501.331851][T13090] ? bitfill_aligned+0x34a/0x400 [ 501.331851][T13090] bitfill_aligned+0x34a/0x400 [ 501.331851][T13090] sys_fillrect+0x408/0x7a0 [ 501.331851][T13090] ? sys_fillrect+0x7a0/0x7a0 [ 501.331851][T13090] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 501.331851][T13090] bit_clear_margins+0x2d5/0x4a0 [ 501.331851][T13090] ? bit_bmove+0x210/0x210 [ 501.331851][T13090] fbcon_clear_margins+0x1d5/0x230 [ 501.331851][T13090] fbcon_switch+0xb6e/0x16c0 [ 501.331851][T13090] ? fbcon_scroll+0x3600/0x3600 [ 501.331851][T13090] ? fbcon_cursor+0x52b/0x650 [ 501.331851][T13090] ? kmalloc_array.constprop.0+0x20/0x20 [ 501.331851][T13090] ? is_console_locked+0x5/0x10 [ 501.331851][T13090] ? fbcon_set_origin+0x26/0x50 [ 501.331851][T13090] redraw_screen+0x2ae/0x770 [ 501.331851][T13090] ? vc_init+0x440/0x440 [ 501.331851][T13090] ? fb_get_color_depth+0x11a/0x240 [ 501.331851][T13090] ? fbcon_set_palette+0x3a8/0x490 [ 501.331851][T13090] fbcon_modechanged+0x575/0x710 [ 501.331851][T13090] fbcon_update_vcs+0x3a/0x50 [ 501.331851][T13090] fb_set_var+0xae8/0xd60 [ 501.331851][T13090] ? fb_blank+0x190/0x190 [ 501.331851][T13090] ? lock_release+0x8d0/0x8d0 [ 501.331851][T13090] ? lock_is_held_type+0xb0/0xe0 [ 501.331851][T13090] ? do_fb_ioctl+0x2f2/0x6c0 [ 501.331851][T13090] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 501.331851][T13090] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 501.331851][T13090] ? trace_hardirqs_on+0x5f/0x220 [ 501.331851][T13090] do_fb_ioctl+0x33f/0x6c0 [ 501.331851][T13090] ? fb_set_suspend+0x1a0/0x1a0 [ 501.331851][T13090] ? lockdep_hardirqs_on+0x6a/0xe0 [ 501.331851][T13090] ? _raw_spin_unlock_irq+0x55/0x80 [ 501.331851][T13090] ? finish_task_switch+0x147/0x750 [ 501.331851][T13090] ? finish_task_switch+0x119/0x750 [ 501.331851][T13090] ? __switch_to+0x4fb/0xe80 [ 501.331851][T13090] ? __schedule+0x927/0x2250 [ 501.331851][T13090] ? io_schedule_timeout+0x140/0x140 [ 501.331851][T13090] ? preempt_schedule_irq+0x88/0x150 [ 501.331851][T13090] ? lockdep_hardirqs_off+0x66/0xa0 [ 501.331851][T13090] fb_ioctl+0xdd/0x130 [ 501.331851][T13090] ? do_fb_ioctl+0x6c0/0x6c0 [ 501.331851][T13090] ksys_ioctl+0x11a/0x180 [ 501.331851][T13090] __x64_sys_ioctl+0x6f/0xb0 [ 501.331851][T13090] ? lockdep_hardirqs_on+0x6a/0xe0 [ 501.331851][T13090] do_syscall_64+0x60/0xe0 [ 501.331851][T13090] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.331851][T13090] RIP: 0033:0x45c1f9 [ 501.331851][T13090] Code: Bad RIP value. [ 501.331851][T13090] RSP: 002b:00007f4f4c200c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 501.331851][T13090] RAX: ffffffffffffffda RBX: 00000000006fc0c0 RCX: 000000000045c1f9 [ 501.331851][T13090] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000005 [ 501.331851][T13090] RBP: 00000000004a920e R08: 0000000000000000 R09: 0000000000000000 [ 501.331851][T13090] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bfa0 [ 501.331851][T13090] R13: 00007fff18c796ff R14: 00007f4f4c1e1000 R15: 0000000000000003 [ 501.331851][T13090] Kernel Offset: disabled [ 501.331851][T13090] Rebooting in 86400 seconds..