Warning: Permanently added '[localhost]:24449' (ECDSA) to the list of known hosts. 2020/07/16 20:50:24 fuzzer started 2020/07/16 20:50:25 dialing manager at 10.0.2.10:42701 2020/07/16 20:50:28 syscalls: 3183 2020/07/16 20:50:28 code coverage: enabled 2020/07/16 20:50:28 comparison tracing: enabled 2020/07/16 20:50:28 extra coverage: enabled 2020/07/16 20:50:28 setuid sandbox: enabled 2020/07/16 20:50:28 namespace sandbox: enabled 2020/07/16 20:50:28 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/16 20:50:28 fault injection: enabled 2020/07/16 20:50:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/16 20:50:28 net packet injection: enabled 2020/07/16 20:50:28 net device setup: enabled 2020/07/16 20:50:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/16 20:50:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/16 20:50:28 USB emulation: enabled 20:51:07 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000140)=[{0x4, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x2, 0x0, 0x3, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x8}}], 0x54) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) dup3(r1, r0, 0x0) 20:51:07 executing program 1: r0 = memfd_create(&(0x7f0000000ac0)='\x03\x11&\xe8\\\x19\xd8\x87o\xb0i\xddi_t-\xfc\xd7\xa8\x9a1{-\xbf!\xd9\xfe\xce\x85\xd6\x9cY\xf4o\xef\x90\xcf\xce\xe7\xfa\xce\xb0\xa02\x19\x93\x1a%CZ\xca\x81\x00\\\x1d\x1c)42\xb2\xdd\xd1\x87|\xe1X\x1abq\xedo\xa2+z\xf6i$\x84s\xd2e\x05\x00\xd1g\x93\xaf7\x17\xfa\x10\x99\x87\xce\xd5Q\xab;OOPr:i\xd2\xb3-i\x00\xbc\x19M\"\xd5s\x85\xa7Bo|\x95\xd0\xbc\xbc-\x80lS\t-H\x86Y\xe2\xde\xd4K\\\x1dF\x87b\xf2y=\f\x12\x8aw\xfc\x17\xa69/w\xeaH\x80\x90.\xf4\xbf:\x95!RO\x0f\xf3\x02\x01\xa0)\vL/\x81Zo\x0e\v<\xf1_\xd3\xde\x0eB\x01\x8f~\x1f\\@DW/\x02\x8a\xaf\xad\xb2=7\xfc\x8b\x1a\x8b\x15\xc0\xfc2\x0eI1Iv\xc9f\x8b\xc5M\xaf\xdf#H\x02\xc6\xa0\x92\x80\x14:\xa9\x82\a\xc6+Z\xea\xa4m\xabL\xb1\x15)\xd4<\xe5\xe4x&\x84\xa3\n\xca\xaey\x87\xf5\xb3<\x8c\xeb\xbe0\xe9\xe7\xbau\x9b\xf5\xcb\xc8\xfb\x97\xca\xa5\xe0J,\xa0\xef\xe7\xe2\x96\xba\a\xb8\x19\x9d\xd4\xf6\xe7\"\xea7\x06\xa7o\xadB\x05\xdb\x11\xc7\xbcM\xab2\x87\xa8F\x19p\xeb#a;g\x8cyn\xfb3\x95x\xee7\xf7\x02Q$\xfc\x86\xd4\x8cy\x0f\x1b\x1e\xb5\xcf\xd4\xa9\xba\xe4L\xf9\xee\xb3;TP:,\xa8*Z,Du\a\x99\xfb*\x9d\x9a\xed\xd4t\xf4\xad\xf8\x8dj\xfd\xe2\x1e)3>.;\xf8\x16\xed\xdbJ\xd1\x84K\xe6(jA\x15\x88\xeb]\x82\x85\x0f\xac\xf3\x12}pi\x0f\xe2d\x9e\x0f\\\n\b\x19\x8c!\xc1b\x1c\x15\x89\x1e\x87\xd0\xd6\xef\x05,WI\xce]\xdc\xb3N;:\xd3\xe3\xe3\x02\xc8\xf1\xa6\x92\x06S\x81\xc2\x99\x9eU\xd3\x15R\x1d\a \x0e\x12f\x04\x83?\x96\x18s\x80xw\x99\xcb\x87\x1dj+mp\x18|\xbe;\x12\'y\xc1\x17\xda\x8eb\'\xbel\xe4\xe3\xdaM\a\"|\xe3\xbd|LRk\x01\x1a\x17\x81\xe2\x87k\xe8\xf2\x90\xb4\xe8\xf2\xb3V\x15\xce\xc8NqRJ\x05\xd6tm\xff\b@\xb4\x05\x93\xc7\xcf\xb7M\x13\x96_m0|\x9f\x93\xd6\xe6\xd1\xaa\x1b1\xed\xbfAzI\xb5\xbf\x02\xe59\xb2\xb4\xed\x1a\xab\xe2\x1eS\xd5N0\x9c\x00\xd66fD\xd4\xcbO2v\xa0\xa4\xc8\xf2\\\xee\xa0\xcc\xbf9\xe1\xad\x82\x86\x83\xe7\xac\xaf\xdc\xb5\x04\x80\xe4k\x9dZ\x92i\xa7P\x8b\xe7\x03q.\xff?\xa3\x1e\x97\x9cW\x17ipm>(\x8d\xf8\xf9\xa4\xb4.\x0f\xaeM\x9c\x99\x81\x14\xbf\xbb\xae\xc2:\x1f1\x95%\x96\x86Y\xa8\xab\x85Y)\x85v\x1e\xe9B\xc2IF/9\xa4B\xec\xcc\x9e\xd1\xf8\xeaN\x01\xe0t$SW\xe1\x15\xe5\x1c\xb3,-\x98\xdb\x97\xbc\xf0\xf8[&\x8f\x11\x9fV\x113x\xad\x93\xb8\x87fm\x16\xba\'4\xb9\xaa\x1e\x96p?i\xb4\x98Siym#\x80po\xe9\x87\xde\xb0\x1d\xe3\x01\xe9\xd4\x19\x9b)\xe5urWi\xc6\xb4\x91\xa7\xd2t\xb99\xae\x0fBy\xe5/8N\xb9\xf2\xa2\xfd\x15\xfb\xb4\xa6W\x94%v\x96\xac\x10!\xbfI\x1e\xa4\xe2%\xbf\xd4\xc7\x16__\xcf\xc6~<$@\xa4 \x02X\xf6\r\xe7W\x00\x0f\xba6\xe1o\xf1f\xddN\x06\x00\xbcs\xf9\x13N\xb9r\xe8\xfdxR;\b\xfd\x1db\xba\x84\x9e\xe2\xaa\x90\xbe\x8f.\x9d*O\xb6\xa0b\xe7\x10\x1c\x00'/984, 0x0) pwrite64(r0, 0x0, 0x0, 0x0) 20:51:07 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f0000000540)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0305602, &(0x7f00000000c0)={0x0, 0x2}) syzkaller login: [ 152.721889][ T8378] IPVS: ftp: loaded support on port[0] = 21 [ 152.722017][ T8377] IPVS: ftp: loaded support on port[0] = 21 20:51:08 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) [ 153.095576][ T8377] chnl_net:caif_netlink_parms(): no params data found [ 153.119590][ T8378] chnl_net:caif_netlink_parms(): no params data found [ 153.126635][ T8380] IPVS: ftp: loaded support on port[0] = 21 [ 153.275346][ T8384] IPVS: ftp: loaded support on port[0] = 21 [ 153.279634][ T8377] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.296309][ T8377] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.310033][ T8377] device bridge_slave_0 entered promiscuous mode [ 153.340775][ T8378] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.357869][ T8378] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.373039][ T8378] device bridge_slave_0 entered promiscuous mode [ 153.390620][ T8378] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.404968][ T8378] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.421615][ T8378] device bridge_slave_1 entered promiscuous mode [ 153.442099][ T8377] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.458494][ T8377] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.473093][ T8377] device bridge_slave_1 entered promiscuous mode [ 153.516013][ T8377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.538048][ T8377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.559897][ T8378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.580440][ T8378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.640672][ T8378] team0: Port device team_slave_0 added [ 153.654318][ T8377] team0: Port device team_slave_0 added [ 153.671128][ T8377] team0: Port device team_slave_1 added [ 153.688519][ T8378] team0: Port device team_slave_1 added [ 153.748662][ T8377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.761255][ T8377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.816845][ T8377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.850234][ T8377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.861159][ T8377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.909737][ T8377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.936026][ T8378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.949990][ T8378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.992883][ T8378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.012612][ T8378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.023747][ T8378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.058185][ T8378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.079369][ T8380] chnl_net:caif_netlink_parms(): no params data found [ 154.201059][ T8377] device hsr_slave_0 entered promiscuous mode [ 154.260712][ T8377] device hsr_slave_1 entered promiscuous mode [ 154.403264][ T8378] device hsr_slave_0 entered promiscuous mode [ 154.497834][ T8378] device hsr_slave_1 entered promiscuous mode [ 154.557736][ T8378] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 154.573408][ T8378] Cannot create hsr debugfs directory [ 154.631467][ T8384] chnl_net:caif_netlink_parms(): no params data found [ 154.751446][ T8380] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.768010][ T8380] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.784787][ T8380] device bridge_slave_0 entered promiscuous mode [ 154.831919][ T8380] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.853150][ T8380] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.868800][ T8380] device bridge_slave_1 entered promiscuous mode [ 154.966906][ T8380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.998163][ T8380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.017763][ T8384] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.034138][ T8384] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.059181][ T8384] device bridge_slave_0 entered promiscuous mode [ 155.121264][ T8384] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.146921][ T8384] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.168390][ T8384] device bridge_slave_1 entered promiscuous mode [ 155.230015][ T8380] team0: Port device team_slave_0 added [ 155.256438][ T8378] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 155.352880][ T8384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.399292][ T8380] team0: Port device team_slave_1 added [ 155.452441][ T8378] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 155.543285][ T8384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.601666][ T8380] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.645811][ T8380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.786949][ T8380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.836236][ T8380] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.858913][ T8380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.945302][ T8380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.983313][ T8378] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 156.056627][ T8378] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 156.199428][ T8384] team0: Port device team_slave_0 added [ 156.243501][ T8384] team0: Port device team_slave_1 added [ 156.340618][ T8380] device hsr_slave_0 entered promiscuous mode [ 156.404397][ T8380] device hsr_slave_1 entered promiscuous mode [ 156.477891][ T8380] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.502065][ T8380] Cannot create hsr debugfs directory [ 156.518370][ T8377] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 156.611103][ T8377] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 156.735587][ T8377] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 156.831065][ T8377] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.914509][ T8384] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.930157][ T8384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.002405][ T8384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.034994][ T8384] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.059352][ T8384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.144956][ T8384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.301369][ T8384] device hsr_slave_0 entered promiscuous mode [ 157.429911][ T8384] device hsr_slave_1 entered promiscuous mode [ 157.527944][ T8384] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.553575][ T8384] Cannot create hsr debugfs directory [ 157.748729][ T8380] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 158.097029][ T8380] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 158.185906][ T8380] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 158.291424][ T8380] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 158.518695][ T8384] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 158.611888][ T8384] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 158.704002][ T8384] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 158.780195][ T8384] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 158.886568][ T8377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.915492][ T8378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.976089][ T8007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.021513][ T8007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.052376][ T8377] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.072029][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.088258][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.116070][ T8378] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.191854][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.216280][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 159.237635][ T1219] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.253739][ T1219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.322628][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 159.335935][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.354536][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 159.374652][ T3843] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.386876][ T3843] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.403168][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 159.432734][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.446990][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.462980][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.475770][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.490595][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 159.521540][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.536665][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.551705][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.562044][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.572978][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 159.584924][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 159.596830][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 159.610755][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 159.624573][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 159.637948][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 159.668806][ T8380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.683833][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 159.697148][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 159.708922][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 159.723014][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 159.736245][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.751261][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.767157][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 159.782045][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 159.812600][ T8378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.839060][ T8378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.860149][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 159.878875][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.898882][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.942175][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.955368][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.971726][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.987208][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.006665][ T8380] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.026988][ T8384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.041067][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.055165][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.074846][ T8377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.096399][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.110704][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.124784][ T1219] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.137158][ T1219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.149994][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.162543][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.176881][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.196782][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.212783][ T1219] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.226123][ T1219] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.243261][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.283956][ T8384] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.308078][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.328169][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.350555][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.394697][ T8378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.425011][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.449251][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.467378][ T8402] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.486635][ T8402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.504704][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.521564][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.534905][ T8402] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.547374][ T8402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.563888][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.582865][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.600194][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.612843][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.629340][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.654943][ T8377] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.704413][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.726378][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.746772][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.765148][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 160.784331][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.800812][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.816458][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.835163][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.848229][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.864374][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.880574][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.918949][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.939296][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.959635][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.975535][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.002444][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 161.017327][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.036354][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 161.051980][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.070462][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.091618][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.121844][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.159628][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.188012][ T8380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.219165][ T8378] device veth0_vlan entered promiscuous mode [ 161.250724][ T8378] device veth1_vlan entered promiscuous mode [ 161.268897][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 161.300134][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.322283][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.341783][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 161.358642][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.374956][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.393562][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.419595][ T8384] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.452487][ T8384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.488486][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 161.510126][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.530282][ T3843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.553923][ T8377] device veth0_vlan entered promiscuous mode [ 161.592037][ T8380] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.612135][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.628787][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.644350][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.660325][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.682848][ T8377] device veth1_vlan entered promiscuous mode [ 161.712568][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 161.727348][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 161.751413][ T8384] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.772248][ T8378] device veth0_macvtap entered promiscuous mode [ 161.795570][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.811123][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.834766][ T8378] device veth1_macvtap entered promiscuous mode [ 161.847320][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 161.865232][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 161.889365][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 161.902868][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.928498][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.942344][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.956018][ T8378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.970002][ T8377] device veth0_macvtap entered promiscuous mode [ 161.986245][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 161.999607][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 162.017721][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.038532][ T8378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.065256][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 162.082565][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 162.097035][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 162.110786][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 162.130709][ T8377] device veth1_macvtap entered promiscuous mode [ 162.162661][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 162.176701][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 162.190363][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 162.209330][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 162.222318][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 162.240395][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 162.256500][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 162.272235][ T8380] device veth0_vlan entered promiscuous mode [ 162.295042][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 162.308294][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 162.325472][ T8384] device veth0_vlan entered promiscuous mode [ 162.471052][ T8380] device veth1_vlan entered promiscuous mode [ 162.489376][ T8377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 162.506881][ T8377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.527329][ T8377] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.544907][ T8384] device veth1_vlan entered promiscuous mode [ 162.563544][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 162.576581][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 162.589181][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 162.602504][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.618418][ T8377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 162.635209][ T8377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.651665][ T8377] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.672011][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 162.685308][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 162.755417][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 162.769098][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 162.876705][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 162.952682][ T8402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 162.978854][ T8378] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 163.106778][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 163.142655][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 163.179721][ T8380] device veth0_macvtap entered promiscuous mode [ 163.291913][ T8384] device veth0_macvtap entered promiscuous mode [ 163.344618][ T8380] device veth1_macvtap entered promiscuous mode 20:51:18 executing program 1: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000c40)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, 0x0) [ 163.434979][ T8384] device veth1_macvtap entered promiscuous mode 20:51:18 executing program 1: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000c40)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, 0x0) [ 163.465013][ T8380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 163.508496][ T8380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 20:51:18 executing program 1: perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x30, 0x7, 0x6, 0x203, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8}]}, 0x30}}, 0x8000) [ 163.544020][ T8380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 163.571099][ T8380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 20:51:18 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000140)=[{0x4, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x2, 0x0, 0x3, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x8}}], 0x54) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) dup3(r1, r0, 0x0) [ 163.617291][ T8380] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.648652][ T8380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 20:51:18 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000140)=[{0x4, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x2, 0x0, 0x3, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x8}}], 0x54) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) dup3(r1, r0, 0x0) [ 163.674844][ T8380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.709839][ T8380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 163.737978][ T8380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.763826][ T8380] batman_adv: batadv0: Interface activated: batadv_slave_1 20:51:18 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000140)=[{0x4, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x2, 0x0, 0x3, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x8}}], 0x54) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) dup3(r1, r0, 0x0) [ 163.784088][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 163.806742][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 163.848577][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 163.880861][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 163.902933][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 163.931396][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 163.949288][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 163.964627][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 163.987554][ T8384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.006634][ T8384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.024433][ T8384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.041771][ T8384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.061290][ T8384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.081828][ T8384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.100415][ T8384] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.118996][ T8384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 164.137814][ T8384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.157158][ T8384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 164.174432][ T8384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.193545][ T8384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 164.213186][ T8384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.234440][ T8384] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.248778][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 164.262896][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 164.279745][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 164.294343][ T2859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 20:51:19 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0xa925, 0x1, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$SNDRV_PCM_IOCTL_PREPARE(r2, 0x4140, 0x0) [ 164.779280][ T8444] ================================================================== [ 164.780589][ T8444] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 164.780739][ T8444] Write of size 8 at addr ffffc900099c1000 by task syz-executor.3/8444 [ 164.780743][ T8444] [ 164.781522][ T8444] CPU: 1 PID: 8444 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 164.781643][ T8444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 164.781668][ T8444] Call Trace: [ 164.782063][ T8444] dump_stack+0x18f/0x20d [ 164.782111][ T8444] ? bitfill_aligned+0x34a/0x400 [ 164.782122][ T8444] ? bitfill_aligned+0x34a/0x400 [ 164.782225][ T8444] print_address_description.constprop.0.cold+0x5/0x436 [ 164.783455][ T8444] ? lockdep_hardirqs_off+0x66/0xa0 [ 164.783558][ T8444] ? vprintk_func+0x97/0x1a6 [ 164.783577][ T8444] ? bitfill_aligned+0x34a/0x400 [ 164.783587][ T8444] kasan_report.cold+0x1f/0x37 [ 164.783668][ T8444] ? bitfill_aligned+0x34a/0x400 [ 164.783683][ T8444] bitfill_aligned+0x34a/0x400 [ 164.783759][ T8444] sys_fillrect+0x408/0x7a0 [ 164.783773][ T8444] ? sys_fillrect+0x7a0/0x7a0 [ 164.783915][ T8444] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 164.783930][ T8444] bit_clear_margins+0x2d5/0x4a0 [ 164.783945][ T8444] ? bit_bmove+0x210/0x210 [ 164.783984][ T8444] ? fb_get_color_depth+0x11a/0x240 [ 164.783999][ T8444] fbcon_clear_margins+0x1d5/0x230 [ 164.784014][ T8444] fbcon_switch+0xb6e/0x16c0 [ 164.784031][ T8444] ? fbcon_scroll+0x3600/0x3600 [ 164.784054][ T8444] ? fbcon_cursor+0x52b/0x650 [ 164.784066][ T8444] ? kmalloc_array.constprop.0+0x20/0x20 [ 164.784097][ T8444] ? is_console_locked+0x5/0x10 [ 164.784108][ T8444] ? fbcon_set_origin+0x26/0x50 [ 164.784194][ T8444] redraw_screen+0x2ae/0x770 [ 164.784209][ T8444] ? vc_init+0x440/0x440 [ 164.784220][ T8444] ? fb_get_color_depth+0x11a/0x240 [ 164.784234][ T8444] ? fbcon_set_palette+0x3a8/0x490 [ 164.784259][ T8444] fbcon_modechanged+0x575/0x710 [ 164.784276][ T8444] fbcon_update_vcs+0x3a/0x50 [ 164.784289][ T8444] fb_set_var+0xae8/0xd60 [ 164.784305][ T8444] ? fb_blank+0x190/0x190 [ 164.784349][ T8444] ? lock_release+0x8d0/0x8d0 [ 164.784366][ T8444] ? lock_is_held_type+0xb0/0xe0 [ 164.784387][ T8444] ? do_fb_ioctl+0x2f2/0x6c0 [ 164.784412][ T8444] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 164.784429][ T8444] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 164.784471][ T8444] ? trace_hardirqs_on+0x5f/0x220 [ 164.784490][ T8444] do_fb_ioctl+0x33f/0x6c0 [ 164.784508][ T8444] ? fb_set_suspend+0x1a0/0x1a0 [ 164.784523][ T8444] ? lock_downgrade+0x820/0x820 [ 164.784540][ T8444] ? trace_hardirqs_on+0x5f/0x220 [ 164.784551][ T8444] ? lockdep_hardirqs_on+0x6a/0xe0 [ 164.784633][ T8444] ? tomoyo_path_number_perm+0x244/0x4d0 [ 164.784650][ T8444] ? tomoyo_execute_permission+0x470/0x470 [ 164.784680][ T8444] ? __might_fault+0xef/0x1d0 [ 164.784743][ T8444] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 164.784843][ T8444] ? do_vfs_ioctl+0x27d/0x1090 [ 164.784857][ T8444] ? generic_block_fiemap+0x60/0x60 [ 164.784871][ T8444] fb_compat_ioctl+0x175/0xc10 [ 164.784882][ T8444] ? fb_open+0x430/0x430 [ 164.784926][ T8444] ? __fget_files+0x294/0x400 [ 164.784946][ T8444] ? fb_open+0x430/0x430 [ 164.784958][ T8444] __do_compat_sys_ioctl+0x1d3/0x230 [ 164.785067][ T8444] do_syscall_32_irqs_on+0x3f/0x60 [ 164.785102][ T8444] do_fast_syscall_32+0x7f/0x120 [ 164.785118][ T8444] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 164.786055][ T8444] RIP: 0023:0xf7f21569 [ 164.786286][ T8444] Code: Bad RIP value. [ 164.786294][ T8444] RSP: 002b:00000000f5d1c0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 164.786338][ T8444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 164.786345][ T8444] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.786352][ T8444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 164.786360][ T8444] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 164.786367][ T8444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 164.786404][ T8444] [ 164.786408][ T8444] [ 164.786412][ T8444] Memory state around the buggy address: [ 164.786636][ T8444] ffffc900099c0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.786672][ T8444] ffffc900099c0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.786683][ T8444] >ffffc900099c1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 164.786687][ T8444] ^ [ 164.786696][ T8444] ffffc900099c1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 164.786706][ T8444] ffffc900099c1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 164.786710][ T8444] ================================================================== [ 164.787187][ T8444] Disabling lock debugging due to kernel taint [ 164.787345][ T8444] Kernel panic - not syncing: panic_on_warn set ... [ 164.787367][ T8444] CPU: 1 PID: 8444 Comm: syz-executor.3 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 164.787527][ T8444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 164.787553][ T8444] Call Trace: [ 164.787734][ T8444] dump_stack+0x18f/0x20d [ 164.787750][ T8444] ? bitfill_aligned+0x2b0/0x400 [ 164.787888][ T8444] panic+0x2e3/0x75c [ 164.787901][ T8444] ? __warn_printk+0xf3/0xf3 [ 164.787915][ T8444] ? trace_hardirqs_on+0x55/0x220 [ 164.787928][ T8444] ? bitfill_aligned+0x34a/0x400 [ 164.787938][ T8444] ? bitfill_aligned+0x34a/0x400 [ 164.787946][ T8444] end_report+0x4d/0x53 [ 164.787955][ T8444] kasan_report.cold+0xd/0x37 [ 164.787968][ T8444] ? bitfill_aligned+0x34a/0x400 [ 164.787979][ T8444] bitfill_aligned+0x34a/0x400 [ 164.787991][ T8444] sys_fillrect+0x408/0x7a0 [ 164.788002][ T8444] ? sys_fillrect+0x7a0/0x7a0 [ 164.788016][ T8444] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 164.788026][ T8444] bit_clear_margins+0x2d5/0x4a0 [ 164.788038][ T8444] ? bit_bmove+0x210/0x210 [ 164.788052][ T8444] ? fb_get_color_depth+0x11a/0x240 [ 164.788065][ T8444] fbcon_clear_margins+0x1d5/0x230 [ 164.788077][ T8444] fbcon_switch+0xb6e/0x16c0 [ 164.788090][ T8444] ? fbcon_scroll+0x3600/0x3600 [ 164.788103][ T8444] ? fbcon_cursor+0x52b/0x650 [ 164.788115][ T8444] ? kmalloc_array.constprop.0+0x20/0x20 [ 164.788126][ T8444] ? is_console_locked+0x5/0x10 [ 164.788134][ T8444] ? fbcon_set_origin+0x26/0x50 [ 164.788148][ T8444] redraw_screen+0x2ae/0x770 [ 164.788171][ T8444] ? vc_init+0x440/0x440 [ 164.788181][ T8444] ? fb_get_color_depth+0x11a/0x240 [ 164.788192][ T8444] ? fbcon_set_palette+0x3a8/0x490 [ 164.788201][ T8444] fbcon_modechanged+0x575/0x710 [ 164.788213][ T8444] fbcon_update_vcs+0x3a/0x50 [ 164.788223][ T8444] fb_set_var+0xae8/0xd60 [ 164.788231][ T8444] ? fb_blank+0x190/0x190 [ 164.788231][ T8444] ? lock_release+0x8d0/0x8d0 [ 164.788231][ T8444] ? lock_is_held_type+0xb0/0xe0 [ 164.788231][ T8444] ? do_fb_ioctl+0x2f2/0x6c0 [ 164.788231][ T8444] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 164.788231][ T8444] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 164.788231][ T8444] ? trace_hardirqs_on+0x5f/0x220 [ 164.788231][ T8444] do_fb_ioctl+0x33f/0x6c0 [ 164.788231][ T8444] ? fb_set_suspend+0x1a0/0x1a0 [ 164.788231][ T8444] ? lock_downgrade+0x820/0x820 [ 164.788231][ T8444] ? trace_hardirqs_on+0x5f/0x220 [ 164.788231][ T8444] ? lockdep_hardirqs_on+0x6a/0xe0 [ 164.788231][ T8444] ? tomoyo_path_number_perm+0x244/0x4d0 [ 164.788231][ T8444] ? tomoyo_execute_permission+0x470/0x470 [ 164.788231][ T8444] ? __might_fault+0xef/0x1d0 [ 164.788231][ T8444] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 164.788231][ T8444] ? do_vfs_ioctl+0x27d/0x1090 [ 164.788231][ T8444] ? generic_block_fiemap+0x60/0x60 [ 164.788231][ T8444] fb_compat_ioctl+0x175/0xc10 [ 164.788231][ T8444] ? fb_open+0x430/0x430 [ 164.788231][ T8444] ? __fget_files+0x294/0x400 [ 164.788231][ T8444] ? fb_open+0x430/0x430 [ 164.788231][ T8444] __do_compat_sys_ioctl+0x1d3/0x230 [ 164.788231][ T8444] do_syscall_32_irqs_on+0x3f/0x60 [ 164.788231][ T8444] do_fast_syscall_32+0x7f/0x120 [ 164.788231][ T8444] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 164.788231][ T8444] RIP: 0023:0xf7f21569 [ 164.788231][ T8444] Code: Bad RIP value. [ 164.788231][ T8444] RSP: 002b:00000000f5d1c0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 164.788231][ T8444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 164.788231][ T8444] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.788231][ T8444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 164.788231][ T8444] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 164.788231][ T8444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 164.788231][ T8444] Kernel Offset: disabled [ 164.788231][ T8444] Rebooting in 86400 seconds..