Warning: Permanently added '[localhost]:8015' (ECDSA) to the list of known hosts. [ 130.097495][ T39] audit: type=1400 audit(1595078877.741:42): avc: denied { map } for pid=9666 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/18 13:27:57 fuzzer started 2020/07/18 13:27:58 dialing manager at 10.0.2.10:45655 2020/07/18 13:27:58 syscalls: 3205 2020/07/18 13:27:58 code coverage: enabled 2020/07/18 13:27:58 comparison tracing: enabled 2020/07/18 13:27:58 extra coverage: enabled 2020/07/18 13:27:58 setuid sandbox: enabled 2020/07/18 13:27:58 namespace sandbox: enabled 2020/07/18 13:27:58 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/18 13:27:58 fault injection: enabled 2020/07/18 13:27:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/18 13:27:58 net packet injection: enabled 2020/07/18 13:27:58 net device setup: enabled 2020/07/18 13:27:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/18 13:27:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/18 13:27:58 USB emulation: enabled [ 130.968067][ T39] audit: type=1400 audit(1595078878.611:43): avc: denied { integrity } for pid=9684 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 13:28:44 executing program 0: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uhid\x00', 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)={0xb, {'syz1\x00', 'syz0\x00', 'syz0\x00', 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "8c"}}, 0x119) [ 176.627147][ T39] audit: type=1400 audit(1595078924.271:44): avc: denied { map } for pid=9689 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2068 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 13:28:44 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000005680)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)={0x214, 0x20, 0x1, 0x0, 0x0, "", [@nested={0x207, 0x0, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}, @generic="a30dfdc7a0998c31e6ec7fa3ab4c77a011be4da72d", @generic="03756636847cfea43cc37a9398590d114aeb0ec194b6bd5f429c57c21f141464fb6163fabf4d3a6f86611b54b43631bb203abd0fd4d80fb8af1965cce1bac9b8517ddd157a1ca7f53bdc17fc17c19a2a", @generic="c97f28a25ce75471009b3aa774608689e80e9e5549a16b4f1219447359cf4efb70157ee5a4b3b98bc0352cdc3141acab0826c0dba58c504241b5b372c2fa098fc432cf92feaee8a1a14d5d6743f570215f6dbc1f1abb6dff00000000000000e5630b646f2eb7b492817b1e117f5ceb0143bdee4fd2894a5ed2204892393e8212a56e4a21d9be978666df01b0c8b911253b197267440e87f1f9ede59dd000123bafb7c2fc88281be51198cc6c53e0195b64bb1a783eb67e0b9261e08608f998efa43d0caa6da96e7e0c0749f4719891bb7a310d72569b49", @generic="aaf755e6a99f6154372b", @generic="b084191f95a2f73137cbb00b2709bc660f50ac47c7f7a5055663875bae4c8a3a91a73fa3e892a5c3ba00537056504433be49dac7e7d47affc5fc17e2e0a623cca900eb7949bf85c604b29e6591b8b179e8afc7d35b5764d9e5424c5cadc025704a224d5a718f7cdb289e77a628a5d028a783215951d4a849e15f6cce6300258bce3da10232a1d3a245569b1485d2c93305f58f55e55288d58fbc1f4c67e6b01860eab61404425e34dbe0aa3a8f79696623"]}]}, 0x214}], 0x1}, 0x0) 13:28:44 executing program 2: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000040)=0xfffffffffffffffe, 0x12) [ 177.582555][ T9690] IPVS: ftp: loaded support on port[0] = 21 [ 177.583151][ T9693] IPVS: ftp: loaded support on port[0] = 21 13:28:45 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGETCMAP(r0, 0x4601, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 178.150983][ T9695] IPVS: ftp: loaded support on port[0] = 21 [ 178.324749][ T9690] chnl_net:caif_netlink_parms(): no params data found [ 178.364112][ T9693] chnl_net:caif_netlink_parms(): no params data found [ 178.365976][ T9697] IPVS: ftp: loaded support on port[0] = 21 [ 178.554999][ T9690] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.571056][ T9690] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.595295][ T9690] device bridge_slave_0 entered promiscuous mode [ 178.636103][ T9690] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.656971][ T9690] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.671945][ T9690] device bridge_slave_1 entered promiscuous mode [ 178.757166][ T9693] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.770820][ T9693] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.787631][ T9693] device bridge_slave_0 entered promiscuous mode [ 178.809984][ T9690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.837383][ T9690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.875749][ T9693] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.892741][ T9693] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.907888][ T9693] device bridge_slave_1 entered promiscuous mode [ 178.957372][ T9695] chnl_net:caif_netlink_parms(): no params data found [ 179.002607][ T9690] team0: Port device team_slave_0 added [ 179.026777][ T9693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.072610][ T9693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.124607][ T9690] team0: Port device team_slave_1 added [ 179.184062][ T9690] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.215653][ T9690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.282993][ T9690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.331955][ T9693] team0: Port device team_slave_0 added [ 179.342228][ T9690] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.352741][ T9690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.424167][ T9690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.460729][ T9697] chnl_net:caif_netlink_parms(): no params data found [ 179.520224][ T9693] team0: Port device team_slave_1 added [ 179.652749][ T9693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.667498][ T9693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.726686][ T9693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.792801][ T9695] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.831164][ T9695] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.859748][ T9695] device bridge_slave_0 entered promiscuous mode [ 179.952175][ T9690] device hsr_slave_0 entered promiscuous mode [ 179.999629][ T9690] device hsr_slave_1 entered promiscuous mode [ 180.080823][ T9693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.100830][ T9693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.147827][ T9693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.170599][ T9695] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.186324][ T9695] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.205161][ T9695] device bridge_slave_1 entered promiscuous mode [ 180.251747][ T9695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.360879][ T9693] device hsr_slave_0 entered promiscuous mode [ 180.428998][ T9693] device hsr_slave_1 entered promiscuous mode [ 180.508761][ T9693] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 180.526569][ T9693] Cannot create hsr debugfs directory [ 180.562376][ T9695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.613860][ T9697] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.633612][ T9697] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.649532][ T9697] device bridge_slave_0 entered promiscuous mode [ 180.671642][ T9697] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.686321][ T9697] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.699862][ T9697] device bridge_slave_1 entered promiscuous mode [ 180.770923][ T9695] team0: Port device team_slave_0 added [ 180.792884][ T9697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.813597][ T9695] team0: Port device team_slave_1 added [ 180.831145][ T9697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.892555][ T9697] team0: Port device team_slave_0 added [ 180.918101][ T9697] team0: Port device team_slave_1 added [ 180.934027][ T9695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.950380][ T9695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.003499][ T9695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.050756][ T9695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.065208][ T9695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.120634][ T9695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.157912][ T9697] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.179176][ T9697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.251125][ T9697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.403011][ T9695] device hsr_slave_0 entered promiscuous mode [ 181.479444][ T9695] device hsr_slave_1 entered promiscuous mode [ 181.548670][ T9695] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.564810][ T9695] Cannot create hsr debugfs directory [ 181.600653][ T9697] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.618976][ T9697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.668272][ T9697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.729537][ T39] audit: type=1400 audit(1595078929.371:45): avc: denied { create } for pid=9690 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 181.760081][ T9690] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 181.778765][ T39] audit: type=1400 audit(1595078929.371:46): avc: denied { write } for pid=9690 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 181.825955][ T39] audit: type=1400 audit(1595078929.381:47): avc: denied { read } for pid=9690 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 181.982810][ T9697] device hsr_slave_0 entered promiscuous mode [ 182.051191][ T9697] device hsr_slave_1 entered promiscuous mode [ 182.111486][ T9697] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 182.145029][ T9697] Cannot create hsr debugfs directory [ 182.184983][ T9690] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 182.271636][ T9690] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 182.382137][ T9690] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 182.576803][ T9693] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 182.696478][ T9693] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 182.796216][ T9693] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 182.882726][ T9693] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 183.026218][ T9695] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 183.142712][ T9695] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 183.236092][ T9695] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 183.314355][ T9695] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 183.469178][ T9697] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 183.554424][ T9697] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 183.659308][ T9697] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 183.713317][ T9697] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 183.865921][ T9690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.927577][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.946911][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.962192][ T9693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.977719][ T9690] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.006745][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.020363][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.041091][ T2456] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.059274][ T2456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.094681][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.110178][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.124706][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.145305][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.163458][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.178817][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.189472][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.203224][ T9693] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.220125][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.233168][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.247785][ T9717] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.257931][ T9717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.269708][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.282027][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.304823][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.320879][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.343037][ T2861] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.359683][ T2861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.383044][ T9695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.395472][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.411753][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.444560][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.457635][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.475437][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.490151][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.504353][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.518112][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.534527][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.547541][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.560187][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.577042][ T9690] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.592313][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.605224][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.620069][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.635137][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.661911][ T9697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.672660][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.684262][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.698584][ T9695] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.724627][ T9693] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 184.741806][ T9693] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.756822][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.769632][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.781202][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.791514][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.802236][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.812081][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.821613][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.840550][ T9697] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.857719][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.866957][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.875703][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 184.884610][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 184.895344][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.907239][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.918555][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.927427][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.938603][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.949785][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.960839][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.973984][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.993640][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.031931][ T9690] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.051390][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.063898][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.074164][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.084775][ T3119] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.094094][ T3119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.105641][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.118829][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.129299][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 185.139436][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.148190][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.159091][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.170636][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.184597][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.200107][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.217192][ T2456] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.230394][ T2456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.247888][ T9693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.275541][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.288769][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.299766][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.336639][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.346935][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.358362][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.370660][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 185.386752][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 185.399260][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.414598][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.432470][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.445054][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.459263][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.476719][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.487692][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 185.509393][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 185.535381][ T9697] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 185.556942][ T9697] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.576929][ T9695] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 185.600000][ T9695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.620987][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.640982][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 185.653807][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 185.664816][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.677641][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.690130][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.702618][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.729864][ T9690] device veth0_vlan entered promiscuous mode [ 185.746611][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 185.765880][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 185.791993][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 185.802962][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.815782][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 185.830267][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.847850][ T9697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.863236][ T9695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.878104][ T9690] device veth1_vlan entered promiscuous mode [ 185.895272][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 185.907312][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 185.918839][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 185.929817][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 185.941982][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 185.955675][ T9693] device veth0_vlan entered promiscuous mode [ 185.987404][ T9693] device veth1_vlan entered promiscuous mode [ 186.008235][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 186.027057][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 186.041015][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 186.053571][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 186.076294][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 186.111931][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 186.133968][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 186.164230][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 186.190071][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 186.211910][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 186.233913][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 186.270461][ T9690] device veth0_macvtap entered promiscuous mode [ 186.294148][ T9697] device veth0_vlan entered promiscuous mode [ 186.315955][ T9690] device veth1_macvtap entered promiscuous mode [ 186.332606][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 186.347978][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 186.366804][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 186.384534][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 186.416913][ T9695] device veth0_vlan entered promiscuous mode [ 186.435452][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 186.457615][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 186.482848][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 186.501913][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 186.532246][ T9697] device veth1_vlan entered promiscuous mode [ 186.569560][ T9695] device veth1_vlan entered promiscuous mode [ 186.589087][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 186.613782][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 186.637568][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 186.658819][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 186.671975][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 186.686452][ T9693] device veth0_macvtap entered promiscuous mode [ 186.703145][ T9690] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.725279][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 186.736888][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 186.747928][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 186.760395][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 186.774735][ T9693] device veth1_macvtap entered promiscuous mode [ 186.794257][ T9690] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.814664][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 186.827900][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 186.841824][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 186.885481][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 186.901592][ T2456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 186.943636][ T9697] device veth0_macvtap entered promiscuous mode [ 186.962614][ T9697] device veth1_macvtap entered promiscuous mode [ 187.088049][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 187.104432][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 187.115042][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 187.128069][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 187.142587][ T9693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 187.158901][ T9693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.173132][ T9693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.187291][ T9693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 187.201934][ T9693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.219055][ T9693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.230262][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 187.242089][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 187.254265][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 187.264393][ T3119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 187.283818][ T9695] device veth0_macvtap entered promiscuous mode [ 187.429145][ T39] audit: type=1400 audit(1595078935.081:48): avc: denied { associate } for pid=9690 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 187.437999][ T9695] device veth1_macvtap entered promiscuous mode [ 187.544794][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 187.564547][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.581583][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 187.599132][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.621273][ T9697] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.682982][ T9696] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 187.695798][ T9696] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 187.710552][ T9696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 187.728237][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 187.730810][ T9690] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 187.748198][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.786669][ T9697] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 187.823854][ T9697] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.867733][ T9697] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.881062][ T2456] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 13:28:55 executing program 0: [ 187.974279][ T9719] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 13:28:55 executing program 0: [ 187.995758][ T9719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 13:28:55 executing program 0: 13:28:55 executing program 0: 13:28:55 executing program 0: [ 188.154434][ T9695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.183852][ T9695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.205616][ T9695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.220181][ T9695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.233583][ T9695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.247361][ T9695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.264080][ T9695] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.314072][ T9720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 188.323870][ T9720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 188.336553][ T9695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 188.350416][ T9695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.365971][ T9695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 13:28:56 executing program 1: [ 188.385076][ T9695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.399288][ T9695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 188.414002][ T9695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.427645][ T9695] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.510573][ T9720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 188.522253][ T9720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 188.630159][ T9740] ================================================================== [ 188.631506][ T9740] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 188.631553][ T9740] Write of size 8 at addr ffffc90009ac1000 by task syz-executor.3/9740 [ 188.631556][ T9740] [ 188.631624][ T9740] CPU: 1 PID: 9740 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 188.631632][ T9740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 188.631635][ T9740] Call Trace: [ 188.631782][ T9740] dump_stack+0x18f/0x20d [ 188.631802][ T9740] ? bitfill_aligned+0x34a/0x400 [ 188.631811][ T9740] ? bitfill_aligned+0x34a/0x400 [ 188.631948][ T9740] print_address_description.constprop.0.cold+0x5/0x436 [ 188.633296][ T9740] ? lockdep_hardirqs_off+0x66/0xa0 [ 188.633428][ T9740] ? vprintk_func+0x97/0x1a6 [ 188.633443][ T9740] ? bitfill_aligned+0x34a/0x400 [ 188.633453][ T9740] kasan_report.cold+0x1f/0x37 [ 188.633520][ T9740] ? bitfill_aligned+0x34a/0x400 [ 188.633531][ T9740] bitfill_aligned+0x34a/0x400 [ 188.633579][ T9740] sys_fillrect+0x408/0x7a0 [ 188.633589][ T9740] ? sys_fillrect+0x7a0/0x7a0 [ 188.633699][ T9740] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 188.633710][ T9740] bit_clear_margins+0x2d5/0x4a0 [ 188.633720][ T9740] ? bit_bmove+0x210/0x210 [ 188.633742][ T9740] ? fb_get_color_depth+0x11a/0x240 [ 188.633754][ T9740] fbcon_clear_margins+0x1d5/0x230 [ 188.633765][ T9740] fbcon_switch+0xb6e/0x16c0 [ 188.633778][ T9740] ? fbcon_scroll+0x3600/0x3600 [ 188.633803][ T9740] ? fbcon_cursor+0x52b/0x650 [ 188.633813][ T9740] ? kmalloc_array.constprop.0+0x20/0x20 [ 188.633867][ T9740] ? is_console_locked+0x5/0x10 [ 188.633876][ T9740] ? fbcon_set_origin+0x26/0x50 [ 188.633928][ T9740] redraw_screen+0x2ae/0x770 [ 188.633939][ T9740] ? vc_init+0x440/0x440 [ 188.633948][ T9740] ? fb_get_color_depth+0x11a/0x240 [ 188.633959][ T9740] ? fbcon_set_palette+0x3a8/0x490 [ 188.633971][ T9740] fbcon_modechanged+0x575/0x710 [ 188.633983][ T9740] fbcon_update_vcs+0x3a/0x50 [ 188.633992][ T9740] fb_set_var+0xae8/0xd60 [ 188.634002][ T9740] ? fb_blank+0x190/0x190 [ 188.634030][ T9740] ? lock_release+0x8d0/0x8d0 [ 188.634044][ T9740] ? lock_is_held_type+0xb0/0xe0 [ 188.634064][ T9740] ? do_fb_ioctl+0x2f2/0x6c0 [ 188.634130][ T9740] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 188.634140][ T9740] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 188.634178][ T9740] ? trace_hardirqs_on+0x5f/0x220 [ 188.634190][ T9740] do_fb_ioctl+0x33f/0x6c0 [ 188.634201][ T9740] ? fb_set_suspend+0x1a0/0x1a0 [ 188.634328][ T9740] ? tomoyo_execute_permission+0x470/0x470 [ 188.634343][ T9740] ? lock_is_held_type+0xb0/0xe0 [ 188.634394][ T9740] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 188.634483][ T9740] ? do_vfs_ioctl+0x27d/0x1090 [ 188.634515][ T9740] ? __fget_files+0x294/0x400 [ 188.634528][ T9740] fb_ioctl+0xdd/0x130 [ 188.634538][ T9740] ? do_fb_ioctl+0x6c0/0x6c0 [ 188.634545][ T9740] ksys_ioctl+0x11a/0x180 [ 188.634556][ T9740] __x64_sys_ioctl+0x6f/0xb0 [ 188.634563][ T9740] ? lockdep_hardirqs_on+0x6a/0xe0 [ 188.634632][ T9740] do_syscall_64+0x60/0xe0 [ 188.634659][ T9740] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 188.635193][ T9740] RIP: 0033:0x45c049 [ 188.635372][ T9740] Code: Bad RIP value. [ 188.635378][ T9740] RSP: 002b:00007f1555af7c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.635406][ T9740] RAX: ffffffffffffffda RBX: 00000000006fb200 RCX: 000000000045c049 [ 188.635411][ T9740] RDX: 0000000020000140 RSI: 0000000000004601 RDI: 0000000000000003 [ 188.635417][ T9740] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 188.635422][ T9740] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 188.635427][ T9740] R13: 00007ffc168d7c7f R14: 00007f1555ad8000 R15: 0000000000000003 [ 188.635478][ T9740] [ 188.635481][ T9740] [ 188.635484][ T9740] Memory state around the buggy address: [ 188.635545][ T9740] ffffc90009ac0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 188.635552][ T9740] ffffc90009ac0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 188.635559][ T9740] >ffffc90009ac1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 188.635563][ T9740] ^ [ 188.635569][ T9740] ffffc90009ac1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 188.635576][ T9740] ffffc90009ac1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 188.635595][ T9740] ================================================================== [ 188.636237][ T9740] Disabling lock debugging due to kernel taint [ 188.636489][ T9740] Kernel panic - not syncing: panic_on_warn set ... [ 188.636519][ T9740] CPU: 1 PID: 9740 Comm: syz-executor.3 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 188.636608][ T9740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 188.636672][ T9740] Call Trace: [ 188.636876][ T9740] dump_stack+0x18f/0x20d [ 188.636888][ T9740] ? bitfill_aligned+0x290/0x400 [ 188.637001][ T9740] panic+0x2e3/0x75c [ 188.637011][ T9740] ? __warn_printk+0xf3/0xf3 [ 188.637021][ T9740] ? trace_hardirqs_on+0x55/0x220 [ 188.637030][ T9740] ? bitfill_aligned+0x34a/0x400 [ 188.637039][ T9740] ? bitfill_aligned+0x34a/0x400 [ 188.637047][ T9740] end_report+0x4d/0x53 [ 188.637054][ T9740] kasan_report.cold+0xd/0x37 [ 188.637076][ T9740] ? bitfill_aligned+0x34a/0x400 [ 188.637085][ T9740] bitfill_aligned+0x34a/0x400 [ 188.637094][ T9740] sys_fillrect+0x408/0x7a0 [ 188.637102][ T9740] ? sys_fillrect+0x7a0/0x7a0 [ 188.637113][ T9740] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 188.637121][ T9740] bit_clear_margins+0x2d5/0x4a0 [ 188.637128][ T9740] ? bit_bmove+0x210/0x210 [ 188.637138][ T9740] ? fb_get_color_depth+0x11a/0x240 [ 188.637146][ T9740] fbcon_clear_margins+0x1d5/0x230 [ 188.637154][ T9740] fbcon_switch+0xb6e/0x16c0 [ 188.637162][ T9740] ? fbcon_scroll+0x3600/0x3600 [ 188.637172][ T9740] ? fbcon_cursor+0x52b/0x650 [ 188.637179][ T9740] ? kmalloc_array.constprop.0+0x20/0x20 [ 188.637188][ T9740] ? is_console_locked+0x5/0x10 [ 188.637195][ T9740] ? fbcon_set_origin+0x26/0x50 [ 188.637203][ T9740] redraw_screen+0x2ae/0x770 [ 188.637211][ T9740] ? vc_init+0x440/0x440 [ 188.637333][ T9740] ? fb_get_color_depth+0x11a/0x240 [ 188.637342][ T9740] ? fbcon_set_palette+0x3a8/0x490 [ 188.637351][ T9740] fbcon_modechanged+0x575/0x710 [ 188.637360][ T9740] fbcon_update_vcs+0x3a/0x50 [ 188.637368][ T9740] fb_set_var+0xae8/0xd60 [ 188.637377][ T9740] ? fb_blank+0x190/0x190 [ 188.637386][ T9740] ? lock_release+0x8d0/0x8d0 [ 188.637396][ T9740] ? lock_is_held_type+0xb0/0xe0 [ 188.637406][ T9740] ? do_fb_ioctl+0x2f2/0x6c0 [ 188.637417][ T9740] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 188.637425][ T9740] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 188.637432][ T9740] ? trace_hardirqs_on+0x5f/0x220 [ 188.637440][ T9740] do_fb_ioctl+0x33f/0x6c0 [ 188.637448][ T9740] ? fb_set_suspend+0x1a0/0x1a0 [ 188.637457][ T9740] ? tomoyo_execute_permission+0x470/0x470 [ 188.637465][ T9740] ? lock_is_held_type+0xb0/0xe0 [ 188.637475][ T9740] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 188.637483][ T9740] ? do_vfs_ioctl+0x27d/0x1090 [ 188.637494][ T9740] ? __fget_files+0x294/0x400 [ 188.637502][ T9740] fb_ioctl+0xdd/0x130 [ 188.637510][ T9740] ? do_fb_ioctl+0x6c0/0x6c0 [ 188.637516][ T9740] ksys_ioctl+0x11a/0x180 [ 188.637523][ T9740] __x64_sys_ioctl+0x6f/0xb0 [ 188.637529][ T9740] ? lockdep_hardirqs_on+0x6a/0xe0 [ 188.637537][ T9740] do_syscall_64+0x60/0xe0 [ 188.637545][ T9740] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 188.637603][ T9740] RIP: 0033:0x45c049 [ 188.637606][ T9740] Code: Bad RIP value. [ 188.637610][ T9740] RSP: 002b:00007f1555af7c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.637618][ T9740] RAX: ffffffffffffffda RBX: 00000000006fb200 RCX: 000000000045c049 [ 188.637622][ T9740] RDX: 0000000020000140 RSI: 0000000000004601 RDI: 0000000000000003 [ 188.637627][ T9740] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 188.637632][ T9740] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 188.637636][ T9740] R13: 00007ffc168d7c7f R14: 00007f1555ad8000 R15: 0000000000000003 [ 188.638504][ T9740] Kernel Offset: disabled [ 188.638504][ T9740] Rebooting in 86400 seconds..