[ 95.957407][ T27] audit: type=1400 audit(1580710334.659:37): avc: denied { watch } for pid=10640 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 95.995419][ T27] audit: type=1400 audit(1580710334.689:38): avc: denied { watch } for pid=10640 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 99.870344][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 99.870360][ T27] audit: type=1400 audit(1580710338.569:41): avc: denied { map } for pid=10722 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 382.440466][ T27] audit: type=1400 audit(1580710621.139:42): avc: denied { map } for pid=10730 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. [ 1003.825026][ T27] audit: type=1400 audit(1580711242.529:43): avc: denied { map } for pid=11068 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=2339 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/02/03 06:27:22 parsed 1 programs [ 1005.540881][ T27] audit: type=1400 audit(1580711244.239:44): avc: denied { integrity } for pid=11068 comm="syz-execprog" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 1005.568647][ T27] audit: type=1400 audit(1580711244.239:45): avc: denied { map } for pid=11068 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=22677 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/02/03 06:27:24 executed programs: 0 [ 1005.809294][T11085] IPVS: ftp: loaded support on port[0] = 21 [ 1005.872748][T11085] chnl_net:caif_netlink_parms(): no params data found [ 1005.909478][T11085] bridge0: port 1(bridge_slave_0) entered blocking state [ 1005.917173][T11085] bridge0: port 1(bridge_slave_0) entered disabled state [ 1005.927721][T11085] device bridge_slave_0 entered promiscuous mode [ 1005.937231][T11085] bridge0: port 2(bridge_slave_1) entered blocking state [ 1005.944844][T11085] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.953325][T11085] device bridge_slave_1 entered promiscuous mode [ 1005.970959][T11085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1005.983755][T11085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1006.003923][T11085] team0: Port device team_slave_0 added [ 1006.012655][T11085] team0: Port device team_slave_1 added [ 1006.028451][T11085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1006.035543][T11085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1006.061889][T11085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1006.075555][T11085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1006.082738][T11085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1006.109079][T11085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1006.164738][T11085] device hsr_slave_0 entered promiscuous mode [ 1006.202648][T11085] device hsr_slave_1 entered promiscuous mode [ 1006.339107][ T27] audit: type=1400 audit(1580711245.039:46): avc: denied { create } for pid=11085 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 1006.343013][T11085] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1006.371351][ T27] audit: type=1400 audit(1580711245.039:47): avc: denied { write } for pid=11085 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 1006.396962][ T27] audit: type=1400 audit(1580711245.039:48): avc: denied { read } for pid=11085 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 1006.425888][T11085] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1006.494626][T11085] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1006.555254][T11085] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1006.627785][T11085] bridge0: port 2(bridge_slave_1) entered blocking state [ 1006.635090][T11085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1006.643034][T11085] bridge0: port 1(bridge_slave_0) entered blocking state [ 1006.650098][T11085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1006.706150][T11085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1006.721407][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1006.742901][ T2966] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.761760][ T2966] bridge0: port 2(bridge_slave_1) entered disabled state [ 1006.770244][ T2966] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1006.784374][T11085] 8021q: adding VLAN 0 to HW filter on device team0 [ 1006.796595][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1006.806045][ T3127] bridge0: port 1(bridge_slave_0) entered blocking state [ 1006.813149][ T3127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1006.834273][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1006.844354][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state [ 1006.851459][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1006.869490][T11094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1006.878061][T11094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1006.887017][T11094] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1006.897198][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1006.906696][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1006.921390][T11085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1006.934400][T11085] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1006.942776][T11094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1006.951035][T11094] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1006.977838][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1006.985779][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1007.000672][T11085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1007.023595][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1007.032912][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1007.054840][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1007.063905][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1007.075701][T11085] device veth0_vlan entered promiscuous mode [ 1007.082445][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1007.090121][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1007.106532][T11085] device veth1_vlan entered promiscuous mode [ 1007.133507][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1007.141770][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1007.150996][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1007.160022][ T3127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1007.171755][T11085] device veth0_macvtap entered promiscuous mode [ 1007.183474][T11085] device veth1_macvtap entered promiscuous mode [ 1007.205237][T11085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1007.214077][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1007.222628][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1007.230585][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1007.239820][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1007.253726][T11085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1007.262264][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1007.270781][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1007.366202][ T27] audit: type=1400 audit(1580711246.069:49): avc: denied { associate } for pid=11085 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 1007.474078][ T27] audit: type=1400 audit(1580711246.179:50): avc: denied { open } for pid=11096 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 2020/02/03 06:27:29 executed programs: 86 2020/02/03 06:27:34 executed programs: 224 2020/02/03 06:27:39 executed programs: 365 2020/02/03 06:27:44 executed programs: 507 2020/02/03 06:27:49 executed programs: 649 2020/02/03 06:27:54 executed programs: 794 2020/02/03 06:27:59 executed programs: 930 2020/02/03 06:28:04 executed programs: 1070 2020/02/03 06:28:09 executed programs: 1212 2020/02/03 06:28:14 executed programs: 1353 2020/02/03 06:28:19 executed programs: 1492 2020/02/03 06:28:24 executed programs: 1629 2020/02/03 06:28:29 executed programs: 1769 2020/02/03 06:28:34 executed programs: 1908 2020/02/03 06:28:39 executed programs: 2048 2020/02/03 06:28:44 executed programs: 2190 2020/02/03 06:28:49 executed programs: 2326 2020/02/03 06:28:54 executed programs: 2467 2020/02/03 06:28:59 executed programs: 2604 2020/02/03 06:29:04 executed programs: 2742 2020/02/03 06:29:09 executed programs: 2882 2020/02/03 06:29:14 executed programs: 3021 2020/02/03 06:29:19 executed programs: 3160 2020/02/03 06:29:24 executed programs: 3299 2020/02/03 06:29:29 executed programs: 3437 2020/02/03 06:29:34 executed programs: 3576 2020/02/03 06:29:39 executed programs: 3709 2020/02/03 06:29:44 executed programs: 3844 2020/02/03 06:29:49 executed programs: 3986 2020/02/03 06:29:54 executed programs: 4128 2020/02/03 06:29:59 executed programs: 4266 2020/02/03 06:30:04 executed programs: 4403 2020/02/03 06:30:09 executed programs: 4543 2020/02/03 06:30:14 executed programs: 4685 2020/02/03 06:30:19 executed programs: 4825 2020/02/03 06:30:25 executed programs: 4964 2020/02/03 06:30:30 executed programs: 5102 2020/02/03 06:30:35 executed programs: 5240 [ 1200.794975][ T0] NOHZ: local_softirq_pending 08 [ 1200.802062][ T0] NOHZ: local_softirq_pending 08 2020/02/03 06:30:40 executed programs: 5377 2020/02/03 06:30:45 executed programs: 5517 [ 1210.915793][T13290] ================================================================== [ 1210.924213][T13290] BUG: KASAN: use-after-free in vgem_gem_dumb_create+0x238/0x250 [ 1210.931930][T13290] Read of size 8 at addr ffff88809f885908 by task syz-executor.0/13290 [ 1210.940310][T13290] [ 1210.942764][T13290] CPU: 1 PID: 13290 Comm: syz-executor.0 Not tainted 5.5.0-syzkaller #0 [ 1210.951798][T13290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1210.962138][T13290] Call Trace: [ 1210.965585][T13290] dump_stack+0x197/0x210 [ 1210.970050][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1210.975504][T13290] print_address_description.constprop.0.cold+0xd4/0x30b [ 1210.982774][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1210.988192][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1210.993605][T13290] __kasan_report.cold+0x1b/0x32 [ 1210.998547][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1211.004136][T13290] kasan_report+0x12/0x20 [ 1211.008546][T13290] __asan_report_load8_noabort+0x14/0x20 [ 1211.014290][T13290] vgem_gem_dumb_create+0x238/0x250 [ 1211.019642][T13290] drm_mode_create_dumb+0x282/0x310 [ 1211.024850][T13290] drm_mode_create_dumb_ioctl+0x26/0x30 [ 1211.030448][T13290] drm_ioctl_kernel+0x244/0x300 [ 1211.035296][T13290] ? drm_mode_create_dumb+0x310/0x310 [ 1211.040687][T13290] ? drm_setversion+0x8c0/0x8c0 [ 1211.045842][T13290] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1211.052368][T13290] ? _copy_from_user+0x12c/0x1a0 [ 1211.057449][T13290] drm_ioctl+0x54e/0xa60 [ 1211.061754][T13290] ? drm_mode_create_dumb+0x310/0x310 [ 1211.067139][T13290] ? drm_ioctl_kernel+0x300/0x300 [ 1211.072328][T13290] ? ksys_dup3+0x3e0/0x3e0 [ 1211.076828][T13290] ? ns_to_kernel_old_timeval+0x100/0x100 [ 1211.082766][T13290] ? tomoyo_file_ioctl+0x23/0x30 [ 1211.087699][T13290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.094145][T13290] ? security_file_ioctl+0x8d/0xc0 [ 1211.099251][T13290] ? drm_ioctl_kernel+0x300/0x300 [ 1211.104324][T13290] ksys_ioctl+0x123/0x180 [ 1211.108669][T13290] __x64_sys_ioctl+0x73/0xb0 [ 1211.114082][T13290] do_syscall_64+0xfa/0x790 [ 1211.118676][T13290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.124563][T13290] RIP: 0033:0x45b399 [ 1211.128443][T13290] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1211.148419][T13290] RSP: 002b:00007f4b52418c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1211.156939][T13290] RAX: ffffffffffffffda RBX: 00007f4b524196d4 RCX: 000000000045b399 [ 1211.165050][T13290] RDX: 0000000020000000 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 1211.173450][T13290] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1211.181490][T13290] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1211.189476][T13290] R13: 0000000000000285 R14: 00000000004d1588 R15: 000000000075bf2c [ 1211.197933][T13290] [ 1211.200251][T13290] Allocated by task 13290: [ 1211.204663][T13290] save_stack+0x23/0x90 [ 1211.208818][T13290] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1211.214454][T13290] kasan_kmalloc+0x9/0x10 [ 1211.218923][T13290] kmem_cache_alloc_trace+0x158/0x790 [ 1211.224308][T13290] __vgem_gem_create+0x49/0x100 [ 1211.229156][T13290] vgem_gem_dumb_create+0xd7/0x250 [ 1211.234361][T13290] drm_mode_create_dumb+0x282/0x310 [ 1211.239629][T13290] drm_mode_create_dumb_ioctl+0x26/0x30 [ 1211.245353][T13290] drm_ioctl_kernel+0x244/0x300 [ 1211.250346][T13290] drm_ioctl+0x54e/0xa60 [ 1211.254626][T13290] ksys_ioctl+0x123/0x180 [ 1211.258946][T13290] __x64_sys_ioctl+0x73/0xb0 [ 1211.263523][T13290] do_syscall_64+0xfa/0x790 [ 1211.268024][T13290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.273904][T13290] [ 1211.276220][T13290] Freed by task 13290: [ 1211.280276][T13290] save_stack+0x23/0x90 [ 1211.284478][T13290] __kasan_slab_free+0x102/0x150 [ 1211.289473][T13290] kasan_slab_free+0xe/0x10 [ 1211.294083][T13290] kfree+0x10a/0x2c0 [ 1211.297983][T13290] vgem_gem_free_object+0xbe/0xe0 [ 1211.303179][T13290] drm_gem_object_free+0x100/0x220 [ 1211.308298][T13290] drm_gem_object_put_unlocked+0x196/0x1c0 [ 1211.314100][T13290] vgem_gem_dumb_create+0x115/0x250 [ 1211.319282][T13290] drm_mode_create_dumb+0x282/0x310 [ 1211.324488][T13290] drm_mode_create_dumb_ioctl+0x26/0x30 [ 1211.330039][T13290] drm_ioctl_kernel+0x244/0x300 [ 1211.334881][T13290] drm_ioctl+0x54e/0xa60 [ 1211.339110][T13290] ksys_ioctl+0x123/0x180 [ 1211.343438][T13290] __x64_sys_ioctl+0x73/0xb0 [ 1211.348081][T13290] do_syscall_64+0xfa/0x790 [ 1211.352593][T13290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.358523][T13290] [ 1211.360845][T13290] The buggy address belongs to the object at ffff88809f885800 [ 1211.360845][T13290] which belongs to the cache kmalloc-1k of size 1024 [ 1211.375040][T13290] The buggy address is located 264 bytes inside of [ 1211.375040][T13290] 1024-byte region [ffff88809f885800, ffff88809f885c00) [ 1211.388413][T13290] The buggy address belongs to the page: [ 1211.394036][T13290] page:ffffea00027e2140 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0xffff88809f885000 [ 1211.404436][T13290] flags: 0xfffe0000000200(slab) [ 1211.409286][T13290] raw: 00fffe0000000200 ffffea000251a308 ffffea0002587d48 ffff8880aa400c40 [ 1211.417970][T13290] raw: ffff88809f885000 ffff88809f885000 0000000100000001 0000000000000000 [ 1211.426607][T13290] page dumped because: kasan: bad access detected [ 1211.433016][T13290] [ 1211.435336][T13290] Memory state around the buggy address: [ 1211.440962][T13290] ffff88809f885800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1211.449145][T13290] ffff88809f885880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1211.457263][T13290] >ffff88809f885900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1211.465310][T13290] ^ [ 1211.469633][T13290] ffff88809f885980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1211.477733][T13290] ffff88809f885a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1211.485787][T13290] ================================================================== [ 1211.494017][T13290] Disabling lock debugging due to kernel taint [ 1211.501981][T13290] Kernel panic - not syncing: panic_on_warn set ... [ 1211.508569][T13290] CPU: 1 PID: 13290 Comm: syz-executor.0 Tainted: G B 5.5.0-syzkaller #0 [ 1211.518388][T13290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.528443][T13290] Call Trace: [ 1211.531722][T13290] dump_stack+0x197/0x210 [ 1211.536090][T13290] panic+0x2e3/0x75c [ 1211.539994][T13290] ? add_taint.cold+0x16/0x16 [ 1211.544669][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1211.550031][T13290] ? preempt_schedule+0x4b/0x60 [ 1211.554960][T13290] ? ___preempt_schedule+0x16/0x18 [ 1211.560117][T13290] ? trace_hardirqs_on+0x5e/0x240 [ 1211.565133][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1211.570615][T13290] end_report+0x47/0x4f [ 1211.574763][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1211.580130][T13290] __kasan_report.cold+0xe/0x32 [ 1211.584986][T13290] ? vgem_gem_dumb_create+0x238/0x250 [ 1211.590439][T13290] kasan_report+0x12/0x20 [ 1211.594786][T13290] __asan_report_load8_noabort+0x14/0x20 [ 1211.600413][T13290] vgem_gem_dumb_create+0x238/0x250 [ 1211.605609][T13290] drm_mode_create_dumb+0x282/0x310 [ 1211.610808][T13290] drm_mode_create_dumb_ioctl+0x26/0x30 [ 1211.616422][T13290] drm_ioctl_kernel+0x244/0x300 [ 1211.621366][T13290] ? drm_mode_create_dumb+0x310/0x310 [ 1211.626763][T13290] ? drm_setversion+0x8c0/0x8c0 [ 1211.631605][T13290] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1211.637892][T13290] ? _copy_from_user+0x12c/0x1a0 [ 1211.642910][T13290] drm_ioctl+0x54e/0xa60 [ 1211.647145][T13290] ? drm_mode_create_dumb+0x310/0x310 [ 1211.652588][T13290] ? drm_ioctl_kernel+0x300/0x300 [ 1211.657723][T13290] ? ksys_dup3+0x3e0/0x3e0 [ 1211.662146][T13290] ? ns_to_kernel_old_timeval+0x100/0x100 [ 1211.667872][T13290] ? tomoyo_file_ioctl+0x23/0x30 [ 1211.672801][T13290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.679032][T13290] ? security_file_ioctl+0x8d/0xc0 [ 1211.684851][T13290] ? drm_ioctl_kernel+0x300/0x300 [ 1211.689983][T13290] ksys_ioctl+0x123/0x180 [ 1211.694305][T13290] __x64_sys_ioctl+0x73/0xb0 [ 1211.698886][T13290] do_syscall_64+0xfa/0x790 [ 1211.703439][T13290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.709431][T13290] RIP: 0033:0x45b399 [ 1211.713322][T13290] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1211.732910][T13290] RSP: 002b:00007f4b52418c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1211.741341][T13290] RAX: ffffffffffffffda RBX: 00007f4b524196d4 RCX: 000000000045b399 [ 1211.749292][T13290] RDX: 0000000020000000 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 1211.757251][T13290] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1211.765317][T13290] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1211.773357][T13290] R13: 0000000000000285 R14: 00000000004d1588 R15: 000000000075bf2c [ 1211.783264][T13290] Kernel Offset: disabled [ 1211.787593][T13290] Rebooting in 86400 seconds..