Warning: Permanently added '[localhost]:44978' (ECDSA) to the list of known hosts. 2020/07/15 08:42:44 fuzzer started 2020/07/15 08:42:44 dialing manager at 10.0.2.10:42091 2020/07/15 08:42:44 syscalls: 3178 2020/07/15 08:42:44 code coverage: enabled 2020/07/15 08:42:44 comparison tracing: enabled 2020/07/15 08:42:44 extra coverage: enabled 2020/07/15 08:42:44 setuid sandbox: enabled 2020/07/15 08:42:44 namespace sandbox: enabled 2020/07/15 08:42:44 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/15 08:42:44 fault injection: enabled 2020/07/15 08:42:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/15 08:42:44 net packet injection: enabled 2020/07/15 08:42:44 net device setup: enabled 2020/07/15 08:42:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/15 08:42:44 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/15 08:42:44 USB emulation: enabled 08:43:37 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(r5, 0x10e, 0xa, &(0x7f0000000080)=0x3, 0x4) splice(r0, 0x0, r4, 0x0, 0x4ffdc, 0x0) 08:43:37 executing program 1: syz_mount_image$tmpfs(&(0x7f00000002c0)='tmpfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000380)='./bus\x00') r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0) ftruncate(r0, 0x2081fe) r1 = open(&(0x7f0000000200)='./bus\x00', 0x10103e, 0x0) ftruncate(r1, 0x0) 08:43:37 executing program 2: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5}]}}}]}, 0x3c}}, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) splice(r0, 0x0, r2, 0x0, 0x10000004ffe6, 0x0) syzkaller login: [ 206.595718][ T8521] IPVS: ftp: loaded support on port[0] = 21 [ 206.629227][ T8523] IPVS: ftp: loaded support on port[0] = 21 08:43:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x40}) [ 207.033711][ T8525] IPVS: ftp: loaded support on port[0] = 21 [ 207.393860][ T8526] IPVS: ftp: loaded support on port[0] = 21 [ 207.432074][ T8523] chnl_net:caif_netlink_parms(): no params data found [ 207.578878][ T8521] chnl_net:caif_netlink_parms(): no params data found [ 207.926862][ T8523] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.012246][ T8523] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.076596][ T8523] device bridge_slave_0 entered promiscuous mode [ 208.153758][ T8521] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.201682][ T8521] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.243031][ T8521] device bridge_slave_0 entered promiscuous mode [ 208.288473][ T8521] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.323571][ T8521] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.357450][ T8521] device bridge_slave_1 entered promiscuous mode [ 208.420739][ T8523] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.459946][ T8523] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.506743][ T8523] device bridge_slave_1 entered promiscuous mode [ 208.550165][ T8525] chnl_net:caif_netlink_parms(): no params data found [ 208.611467][ T8521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.697259][ T8521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.756265][ T8523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.828138][ T8523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.888852][ T8521] team0: Port device team_slave_0 added [ 208.962940][ T8521] team0: Port device team_slave_1 added [ 208.996576][ T8523] team0: Port device team_slave_0 added [ 209.054749][ T8523] team0: Port device team_slave_1 added [ 209.111401][ T8526] chnl_net:caif_netlink_parms(): no params data found [ 209.151559][ T8521] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.192259][ T8521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.286617][ T8521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.328776][ T8525] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.356368][ T8525] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.386903][ T8525] device bridge_slave_0 entered promiscuous mode [ 209.418292][ T8523] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.446195][ T8523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.543280][ T8523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.586185][ T8521] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.615863][ T8521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.757811][ T8521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.800087][ T8525] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.823660][ T8525] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.849095][ T8525] device bridge_slave_1 entered promiscuous mode [ 209.873380][ T8523] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.899664][ T8523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.002917][ T8523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.077342][ T8525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.115930][ T8525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.253745][ T8521] device hsr_slave_0 entered promiscuous mode [ 210.321335][ T8521] device hsr_slave_1 entered promiscuous mode [ 210.481523][ T8523] device hsr_slave_0 entered promiscuous mode [ 210.539786][ T8523] device hsr_slave_1 entered promiscuous mode [ 210.599347][ T8523] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 210.630814][ T8523] Cannot create hsr debugfs directory [ 210.664635][ T8525] team0: Port device team_slave_0 added [ 210.715298][ T8525] team0: Port device team_slave_1 added [ 210.753128][ T8526] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.771448][ T8526] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.794782][ T8526] device bridge_slave_0 entered promiscuous mode [ 210.822500][ T8526] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.851022][ T8526] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.878221][ T8526] device bridge_slave_1 entered promiscuous mode [ 210.917401][ T8525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.941402][ T8525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.006113][ T8525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.041709][ T8525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.057609][ T8525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.117613][ T8525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.164738][ T8526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.207473][ T8526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.331557][ T8525] device hsr_slave_0 entered promiscuous mode [ 211.401754][ T8525] device hsr_slave_1 entered promiscuous mode [ 211.489385][ T8525] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.510403][ T8525] Cannot create hsr debugfs directory [ 211.528588][ T8526] team0: Port device team_slave_0 added [ 211.543400][ T8526] team0: Port device team_slave_1 added [ 211.650986][ T8526] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.684507][ T8526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.760771][ T8526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.812594][ T8526] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.830420][ T8526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.893969][ T8526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.021777][ T8526] device hsr_slave_0 entered promiscuous mode [ 212.110975][ T8526] device hsr_slave_1 entered promiscuous mode [ 212.179246][ T8526] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 212.194695][ T8526] Cannot create hsr debugfs directory [ 212.256229][ T8521] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 212.358135][ T8521] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 212.464345][ T8521] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 212.547981][ T8521] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 212.699158][ T8523] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 212.764170][ T8523] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 212.851970][ T8523] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 212.922664][ T8523] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 213.066602][ T8525] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 213.162599][ T8525] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 213.251461][ T8525] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 213.366513][ T8525] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 213.530700][ T8526] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 213.613204][ T8526] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 213.702115][ T8526] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 213.789451][ T8526] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 214.016154][ T8521] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.058121][ T8523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.141280][ T3137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.189730][ T3137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.241896][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.277210][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.317432][ T8521] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.341040][ T8523] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.375454][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.403468][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.427081][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.451129][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.489744][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.525548][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.553709][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.579763][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.631746][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.664529][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.715528][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.757452][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.796014][ T3844] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.833075][ T3844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.868070][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.910440][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.940311][ T3844] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.968379][ T3844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.003046][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.041351][ T8525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.086109][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.124539][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.155956][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.189986][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.245510][ T8525] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.277047][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.307756][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 215.330744][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.355739][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.376194][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.403232][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 215.440403][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 215.473862][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 215.509811][ T8521] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 215.546014][ T8521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 215.574504][ T8526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.597074][ T3137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 215.621189][ T3137] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 215.645220][ T3137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 215.668873][ T3137] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.695320][ T3137] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 215.732813][ T8526] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.758385][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.789652][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.817434][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.840247][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.861621][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 215.886516][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 215.910288][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.934687][ T8538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.958599][ T8538] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.981009][ T8538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.017987][ T8523] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 216.070225][ T8523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 216.105942][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.131617][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 216.158872][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.179929][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.210290][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.236157][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.256364][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.499330][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.642382][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.693942][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.716591][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.852852][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.933713][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 216.954792][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 216.975150][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.014329][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.042187][ T8547] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.065793][ T8547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.092104][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 217.110890][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 217.127434][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.180003][ T8523] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.236610][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.295933][ T8521] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.340745][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.376804][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.410255][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.437715][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.459505][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.482216][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.503428][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.526462][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.546739][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 217.568083][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 217.593590][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.616509][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.647373][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 217.697373][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 217.731556][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 217.753335][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 217.797273][ T8526] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 217.823601][ T8526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 217.846969][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 217.864919][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 217.888097][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 217.907243][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 217.931514][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 217.962287][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 217.985538][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 218.007794][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 218.028061][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 218.041708][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 218.058497][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.072655][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.106940][ T8521] device veth0_vlan entered promiscuous mode [ 218.134807][ T8525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.180771][ T8521] device veth1_vlan entered promiscuous mode [ 218.195606][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 218.214411][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 218.235273][ T8523] device veth0_vlan entered promiscuous mode [ 218.268464][ T8526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.286093][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 218.306966][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 218.327749][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 218.342495][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 218.356567][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 218.375496][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 218.413995][ T8523] device veth1_vlan entered promiscuous mode [ 218.450664][ T8525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.487005][ T8521] device veth0_macvtap entered promiscuous mode [ 218.512137][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 218.530822][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 218.552105][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 218.576896][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 218.615482][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 218.634930][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 218.660504][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 218.697530][ T8521] device veth1_macvtap entered promiscuous mode [ 218.727680][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 218.752823][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 218.801339][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 218.857492][ T8523] device veth0_macvtap entered promiscuous mode [ 218.902481][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 218.945726][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 218.980991][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.008506][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 219.043939][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 219.078878][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.109830][ T8528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.140674][ T8526] device veth0_vlan entered promiscuous mode [ 219.171295][ T8521] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.214435][ T8523] device veth1_macvtap entered promiscuous mode [ 219.255053][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 219.295266][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 219.349557][ T8526] device veth1_vlan entered promiscuous mode [ 219.383118][ T8521] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.437748][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 219.460801][ T8547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 219.514662][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 219.532665][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.570997][ T8525] device veth0_vlan entered promiscuous mode [ 219.591548][ T8523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 219.620173][ T8523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.664487][ T8523] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.723836][ T8523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 219.788675][ T8523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.848960][ T8523] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.886578][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.924125][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.970188][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 220.010540][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 220.046648][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 220.071181][ T3247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 220.328487][ T8525] device veth1_vlan entered promiscuous mode [ 220.373455][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 220.498901][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 220.730662][ T8526] device veth0_macvtap entered promiscuous mode [ 220.834865][ T8526] device veth1_macvtap entered promiscuous mode [ 221.054038][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 221.088910][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 221.112311][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 221.132760][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 221.153080][ T8525] device veth0_macvtap entered promiscuous mode [ 221.155695][ T8521] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 221.179977][ T8525] device veth1_macvtap entered promiscuous mode [ 221.245236][ T8526] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 221.299546][ T8526] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.358837][ T8526] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 221.393871][ T8526] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.450606][ T8526] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.587943][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 221.622965][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 221.681094][ T8526] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 221.778685][ T8526] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.840443][ T8526] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 221.900881][ T8526] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.967150][ T8526] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.005915][ T8525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 222.040874][ T8525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.070262][ T8525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 222.101256][ T8525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.132462][ T8525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 222.167326][ T8525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.210002][ T8525] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.236841][ T8553] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.0'. [ 222.296972][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 222.343485][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 222.423291][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 222.487044][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 222.628954][ T8525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 08:43:54 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(r5, 0x10e, 0xa, &(0x7f0000000080)=0x3, 0x4) splice(r0, 0x0, r4, 0x0, 0x4ffdc, 0x0) [ 222.691291][ T8525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.882149][ T8525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 222.922729][ T8525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.962314][ T8525] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 223.001827][ T8525] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.042541][ T8525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.083077][ T8566] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.0'. 08:43:54 executing program 1: syz_mount_image$tmpfs(&(0x7f00000002c0)='tmpfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000380)='./bus\x00') r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0) ftruncate(r0, 0x2081fe) r1 = open(&(0x7f0000000200)='./bus\x00', 0x10103e, 0x0) ftruncate(r1, 0x0) [ 223.125248][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 223.160162][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 08:43:55 executing program 1: syz_mount_image$tmpfs(&(0x7f00000002c0)='tmpfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000380)='./bus\x00') r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0) ftruncate(r0, 0x2081fe) r1 = open(&(0x7f0000000200)='./bus\x00', 0x10103e, 0x0) ftruncate(r1, 0x0) 08:43:55 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@my=0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x0}, 0x10) shutdown(r3, 0x0) 08:43:55 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(r5, 0x10e, 0xa, &(0x7f0000000080)=0x3, 0x4) splice(r0, 0x0, r4, 0x0, 0x4ffdc, 0x0) [ 223.653662][ T8584] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.816262][ T8592] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 223.826355][ T8592] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) 08:43:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x40}) [ 224.103126][ T8595] ================================================================== [ 224.107004][ T8595] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 224.107388][ T8595] Write of size 8 at addr ffffc900097b1000 by task syz-executor.3/8595 [ 224.107391][ T8595] [ 224.107728][ T8595] CPU: 3 PID: 8595 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 224.107734][ T8595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 224.108055][ T8595] Call Trace: [ 224.109313][ T8595] dump_stack+0x18f/0x20d [ 224.109313][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.109313][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.109313][ T8595] print_address_description.constprop.0.cold+0x5/0x436 [ 224.109313][ T8595] ? lockdep_hardirqs_off+0x66/0xa0 [ 224.109313][ T8595] ? vprintk_func+0x97/0x1a6 [ 224.109313][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.109313][ T8595] kasan_report.cold+0x1f/0x37 [ 224.109313][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.109313][ T8595] bitfill_aligned+0x34a/0x400 [ 224.109313][ T8595] sys_fillrect+0x408/0x7a0 [ 224.109313][ T8595] ? sys_fillrect+0x7a0/0x7a0 [ 224.109313][ T8595] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 224.109313][ T8595] bit_clear_margins+0x2d5/0x4a0 [ 224.109313][ T8595] ? bit_bmove+0x210/0x210 [ 224.109313][ T8595] ? fb_get_color_depth+0x11a/0x240 [ 224.109313][ T8595] fbcon_clear_margins+0x1d5/0x230 [ 224.109313][ T8595] fbcon_switch+0xb6e/0x16c0 [ 224.109313][ T8595] ? fbcon_scroll+0x3600/0x3600 [ 224.109313][ T8595] ? fbcon_cursor+0x52b/0x650 [ 224.109313][ T8595] ? kmalloc_array.constprop.0+0x20/0x20 [ 224.109313][ T8595] ? is_console_locked+0x5/0x10 [ 224.109313][ T8595] ? fbcon_set_origin+0x26/0x50 [ 224.109313][ T8595] redraw_screen+0x2ae/0x770 [ 224.109313][ T8595] ? vc_init+0x440/0x440 [ 224.109313][ T8595] ? fb_get_color_depth+0x11a/0x240 [ 224.109313][ T8595] ? fbcon_set_palette+0x3a8/0x490 [ 224.109313][ T8595] fbcon_modechanged+0x575/0x710 [ 224.109313][ T8595] fbcon_set_all_vcs+0x3b6/0x470 [ 224.109313][ T8595] fbcon_update_vcs+0x26/0x50 [ 224.109313][ T8595] fb_set_var+0xae8/0xd60 [ 224.109313][ T8595] ? fb_blank+0x190/0x190 [ 224.109313][ T8595] ? lock_release+0x8d0/0x8d0 [ 224.109313][ T8595] ? lock_is_held_type+0xb0/0xe0 [ 224.109313][ T8595] ? do_fb_ioctl+0x2f2/0x6c0 [ 224.109313][ T8595] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 224.109313][ T8595] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 224.109313][ T8595] ? trace_hardirqs_on+0x5f/0x220 [ 224.109313][ T8595] do_fb_ioctl+0x33f/0x6c0 [ 224.109313][ T8595] ? fb_set_suspend+0x1a0/0x1a0 [ 224.109313][ T8595] ? lock_downgrade+0x820/0x820 [ 224.109313][ T8595] ? trace_hardirqs_on+0x5f/0x220 [ 224.109313][ T8595] ? lockdep_hardirqs_on+0x6a/0xe0 [ 224.109313][ T8595] ? tomoyo_path_number_perm+0x244/0x4d0 [ 224.109313][ T8595] ? tomoyo_execute_permission+0x470/0x470 [ 224.109313][ T8595] ? __might_fault+0xef/0x1d0 [ 224.109313][ T8595] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 224.109313][ T8595] ? do_vfs_ioctl+0x27d/0x1090 [ 224.109313][ T8595] ? generic_block_fiemap+0x60/0x60 [ 224.109313][ T8595] fb_compat_ioctl+0x175/0xc10 [ 224.109313][ T8595] ? fb_open+0x430/0x430 [ 224.109313][ T8595] ? __fget_files+0x294/0x400 [ 224.109313][ T8595] ? fb_open+0x430/0x430 [ 224.109313][ T8595] __do_compat_sys_ioctl+0x1d3/0x230 [ 224.109313][ T8595] do_syscall_32_irqs_on+0x3f/0x60 [ 224.109313][ T8595] do_fast_syscall_32+0x7f/0x120 [ 224.109313][ T8595] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 224.109313][ T8595] RIP: 0023:0xf7f55569 [ 224.109313][ T8595] Code: Bad RIP value. [ 224.109313][ T8595] RSP: 002b:00000000f5d500bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 224.109313][ T8595] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004601 [ 224.109313][ T8595] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.109313][ T8595] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 224.109313][ T8595] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 224.109313][ T8595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.109313][ T8595] [ 224.109313][ T8595] [ 224.109313][ T8595] Memory state around the buggy address: [ 224.109313][ T8595] ffffc900097b0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 224.109313][ T8595] ffffc900097b0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 224.109313][ T8595] >ffffc900097b1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 224.109313][ T8595] ^ [ 224.109313][ T8595] ffffc900097b1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 224.109313][ T8595] ffffc900097b1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 224.109313][ T8595] ================================================================== [ 224.109313][ T8595] Disabling lock debugging due to kernel taint [ 224.152711][ T8595] Kernel panic - not syncing: panic_on_warn set ... [ 224.152757][ T8595] CPU: 3 PID: 8595 Comm: syz-executor.3 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 224.152775][ T8595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 224.152840][ T8595] Call Trace: [ 224.153047][ T8595] dump_stack+0x18f/0x20d [ 224.153095][ T8595] ? bitfill_aligned+0x300/0x400 [ 224.153432][ T8595] panic+0x2e3/0x75c [ 224.153441][ T8595] ? __warn_printk+0xf3/0xf3 [ 224.153452][ T8595] ? preempt_schedule_common+0x59/0xc0 [ 224.153460][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.153469][ T8595] ? preempt_schedule_thunk+0x16/0x18 [ 224.153477][ T8595] ? trace_hardirqs_on+0x55/0x220 [ 224.153485][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.153493][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.153500][ T8595] end_report+0x4d/0x53 [ 224.153507][ T8595] kasan_report.cold+0xd/0x37 [ 224.153515][ T8595] ? bitfill_aligned+0x34a/0x400 [ 224.153523][ T8595] bitfill_aligned+0x34a/0x400 [ 224.153626][ T8595] sys_fillrect+0x408/0x7a0 [ 224.153634][ T8595] ? sys_fillrect+0x7a0/0x7a0 [ 224.153646][ T8595] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 224.153723][ T8595] bit_clear_margins+0x2d5/0x4a0 [ 224.153731][ T8595] ? bit_bmove+0x210/0x210 [ 224.153744][ T8595] ? fb_get_color_depth+0x11a/0x240 [ 224.153753][ T8595] fbcon_clear_margins+0x1d5/0x230 [ 224.153810][ T8595] fbcon_switch+0xb6e/0x16c0 [ 224.153819][ T8595] ? fbcon_scroll+0x3600/0x3600 [ 224.153830][ T8595] ? fbcon_cursor+0x52b/0x650 [ 224.153838][ T8595] ? kmalloc_array.constprop.0+0x20/0x20 [ 224.153848][ T8595] ? is_console_locked+0x5/0x10 [ 224.153854][ T8595] ? fbcon_set_origin+0x26/0x50 [ 224.153865][ T8595] redraw_screen+0x2ae/0x770 [ 224.153904][ T8595] ? vc_init+0x440/0x440 [ 224.153913][ T8595] ? fb_get_color_depth+0x11a/0x240 [ 224.153920][ T8595] ? fbcon_set_palette+0x3a8/0x490 [ 224.153928][ T8595] fbcon_modechanged+0x575/0x710 [ 224.153941][ T8595] fbcon_set_all_vcs+0x3b6/0x470 [ 224.153951][ T8595] fbcon_update_vcs+0x26/0x50 [ 224.153960][ T8595] fb_set_var+0xae8/0xd60 [ 224.153968][ T8595] ? fb_blank+0x190/0x190 [ 224.153976][ T8595] ? lock_release+0x8d0/0x8d0 [ 224.153984][ T8595] ? lock_is_held_type+0xb0/0xe0 [ 224.153995][ T8595] ? do_fb_ioctl+0x2f2/0x6c0 [ 224.154006][ T8595] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 224.154023][ T8595] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 224.154030][ T8595] ? trace_hardirqs_on+0x5f/0x220 [ 224.154039][ T8595] do_fb_ioctl+0x33f/0x6c0 [ 224.154047][ T8595] ? fb_set_suspend+0x1a0/0x1a0 [ 224.154054][ T8595] ? lock_downgrade+0x820/0x820 [ 224.154062][ T8595] ? trace_hardirqs_on+0x5f/0x220 [ 224.154068][ T8595] ? lockdep_hardirqs_on+0x6a/0xe0 [ 224.154079][ T8595] ? tomoyo_path_number_perm+0x244/0x4d0 [ 224.154087][ T8595] ? tomoyo_execute_permission+0x470/0x470 [ 224.154095][ T8595] ? __might_fault+0xef/0x1d0 [ 224.154109][ T8595] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 224.154116][ T8595] ? do_vfs_ioctl+0x27d/0x1090 [ 224.154123][ T8595] ? generic_block_fiemap+0x60/0x60 [ 224.154131][ T8595] fb_compat_ioctl+0x175/0xc10 [ 224.154139][ T8595] ? fb_open+0x430/0x430 [ 224.154147][ T8595] ? __fget_files+0x294/0x400 [ 224.154155][ T8595] ? fb_open+0x430/0x430 [ 224.154163][ T8595] __do_compat_sys_ioctl+0x1d3/0x230 [ 224.154172][ T8595] do_syscall_32_irqs_on+0x3f/0x60 [ 224.154180][ T8595] do_fast_syscall_32+0x7f/0x120 [ 224.154189][ T8595] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 224.154231][ T8595] RIP: 0023:0xf7f55569 [ 224.154234][ T8595] Code: Bad RIP value. [ 224.154238][ T8595] RSP: 002b:00000000f5d500bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 224.154247][ T8595] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004601 [ 224.154253][ T8595] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 224.154257][ T8595] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 224.154261][ T8595] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 224.154266][ T8595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.159654][ T8595] Kernel Offset: disabled [ 224.159654][ T8595] Rebooting in 86400 seconds..