Warning: Permanently added '[localhost]:12329' (ECDSA) to the list of known hosts. 2020/07/13 04:04:49 fuzzer started 2020/07/13 04:04:50 dialing manager at 10.0.2.10:33551 2020/07/13 04:04:50 syscalls: 3144 2020/07/13 04:04:50 code coverage: enabled 2020/07/13 04:04:50 comparison tracing: enabled 2020/07/13 04:04:50 extra coverage: enabled 2020/07/13 04:04:50 setuid sandbox: enabled 2020/07/13 04:04:50 namespace sandbox: enabled 2020/07/13 04:04:50 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/13 04:04:50 fault injection: enabled 2020/07/13 04:04:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/13 04:04:50 net packet injection: enabled 2020/07/13 04:04:50 net device setup: enabled 2020/07/13 04:04:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/13 04:04:50 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/13 04:04:50 USB emulation: enabled 04:05:32 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=',|', 0x2}], 0x1}, 0xc100) sendmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000440)="b10b938636ea69df7b5a9984bb1bc72ef58d96e56e11df900a707f4946b1637e2096c584b9a1b4e017163fbdb35160a56c11dfbe74df97d36d19ad6a91c6fb4ad19581b8cf707131830f7a22b1b263c9da0e443c5e969ed6a0d3bc508bf75c3147447379f585759ceba0de5cda46291dc1b8f106a83e1cde43a862d95413ce2616b261ed9f79913ae781b3b843ea1b4429a750b8ccb1952a7b863d0bada9f61df6609fe368eaf47c0ce9e46a22b0d75b063deeaa94285d0c43353046e0a308296a76b0b0145f8af9aa0ed0e18bc50509eaef21c8e03842a97df3a462ea3f9d5f83bf1d4d2875f0d5b24e941483f86b8cfe4ac769bd3e594fb173dd873c7d9a3fd20939ad1d5867881ed77a078007b4972aba36cae02004373a6a74d74cb15a52c5f8426cb6f235d38048fd91f5d6100fd58a335df10add227d804167ba191c7a035c5a2a916e7fef18a6033578820b3e0be26a22f2c149f40a0335cadcca64a5e44179e6ce4d7f7c16e8a96c5b", 0x16d}], 0x1}, 0x8000) sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001480)="d09a0e63c9476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1b0171f89091b1dd3238d03dbb686df460963245dedf2973ee555af99499e44ad420dbf65fd46fbc99a1274429e2d5783751815828ec8cb3553110cca66460215353d19f6d8bbd8fb264eddea60b18e16c31aa5e200000491634ac2fd10e2cd30bcd7fede24263a7fff16e53ea293f3551b7147c33a44ea437fb1515c3e8d4f162fdebf8ebe11ae6fcd9372c8d8f19556ae091fe94215ae9434da412f6fa4cb6561e5f78ff9707844ee5d573fb294437722d9a06dfa61748c32c73d759933a8dd344c947d3efdbe90d0eb049df5fbb0c19f6785264b619c530d97395d44b04f7e2a280d658c7871ad373b792678c49227999651ef3b2ee1bc2b8f3035db376e8e09aa3837233c8713065a8ad131d24f6c42a3220d0e07c3d3e95d59a5dd10c09716b5f874ecf53aadfa5050ff40f2c3c4a629b6445e5836100afff5a8977583653b40ca316f8f11416e5c1bd5499636ddae25fc4970b37209cf5c0bf8e432160c258d14223baa52798e09858645773dd97e68a95310da713cff077b06000000d4f145e9199c126a7f235e5674a3c7f5c7129ac7c1a3319590249b6d34ef6c3d8b94c6fc7cdcbddb053243053f7bc1f230d3bc7dfc4359e33992d0a3946b914a093287a76ac4a249b5b86cc75476466e409553355fefab75e9268a8751ffc9481fcff1f49c475699595b315e2147ee038b7291600c6b1cf7c8f24d587b9464a67e5ccec17820e711b98f4f7d5053642068a3fff704c3fe26ba862b53e2622d6e8b4a4c815fb2ea90ef63e141209dd292fdf886ee3e64b90f47ce22661c7a21f7bc10df0248079b7be17284eb54e5ab", 0x27b}], 0x1}, 0x0) 04:05:32 executing program 1: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)={0x40002016}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000180)) ppoll(&(0x7f0000000100)=[{r1}], 0x1, &(0x7f0000000140)={0x0, 0x989680}, 0x0, 0x0) 04:05:32 executing program 2: openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, 0x0}, 0x44e716d1}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x500) syzkaller login: [ 206.046732][ T8319] IPVS: ftp: loaded support on port[0] = 21 [ 206.046721][ T8317] IPVS: ftp: loaded support on port[0] = 21 04:05:33 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @bcast, @rose, @rose, @null]}, 0x48) [ 206.367765][ T8320] IPVS: ftp: loaded support on port[0] = 21 [ 206.685381][ T8322] IPVS: ftp: loaded support on port[0] = 21 [ 206.714434][ T8317] chnl_net:caif_netlink_parms(): no params data found [ 206.759090][ T8319] chnl_net:caif_netlink_parms(): no params data found [ 206.992151][ T8320] chnl_net:caif_netlink_parms(): no params data found [ 207.045526][ T8319] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.071024][ T8319] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.100447][ T8319] device bridge_slave_0 entered promiscuous mode [ 207.134454][ T8319] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.150420][ T8319] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.168538][ T8319] device bridge_slave_1 entered promiscuous mode [ 207.196373][ T8317] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.212061][ T8317] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.230771][ T8317] device bridge_slave_0 entered promiscuous mode [ 207.262415][ T8317] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.286072][ T8317] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.301437][ T8317] device bridge_slave_1 entered promiscuous mode [ 207.367523][ T8319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.406269][ T8317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.427227][ T8319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.458696][ T8322] chnl_net:caif_netlink_parms(): no params data found [ 207.479119][ T8317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.522070][ T8319] team0: Port device team_slave_0 added [ 207.564272][ T8319] team0: Port device team_slave_1 added [ 207.604394][ T8317] team0: Port device team_slave_0 added [ 207.642550][ T8317] team0: Port device team_slave_1 added [ 207.669845][ T8320] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.694105][ T8320] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.713639][ T8320] device bridge_slave_0 entered promiscuous mode [ 207.731183][ T8319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.747777][ T8319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.823387][ T8319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.867424][ T8320] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.881241][ T8320] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.897284][ T8320] device bridge_slave_1 entered promiscuous mode [ 207.921735][ T8319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.937103][ T8319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.997177][ T8319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.029181][ T8317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.042675][ T8317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.099748][ T8317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.137693][ T8317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.151321][ T8317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.213788][ T8317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.242291][ T8320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.361445][ T8319] device hsr_slave_0 entered promiscuous mode [ 208.428608][ T8319] device hsr_slave_1 entered promiscuous mode [ 208.521576][ T8320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.559028][ T8322] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.587959][ T8322] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.605229][ T8322] device bridge_slave_0 entered promiscuous mode [ 208.629717][ T8322] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.645251][ T8322] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.661636][ T8322] device bridge_slave_1 entered promiscuous mode [ 208.759457][ T8317] device hsr_slave_0 entered promiscuous mode [ 208.827012][ T8317] device hsr_slave_1 entered promiscuous mode [ 208.878126][ T8317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.893761][ T8317] Cannot create hsr debugfs directory [ 208.927719][ T8320] team0: Port device team_slave_0 added [ 208.957378][ T8322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.978475][ T8320] team0: Port device team_slave_1 added [ 209.013126][ T8322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.061616][ T8320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.075604][ T8320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.129757][ T8320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.154023][ T8320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.168676][ T8320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.226868][ T8320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.266359][ T8322] team0: Port device team_slave_0 added [ 209.311271][ T8322] team0: Port device team_slave_1 added [ 209.392565][ T8322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.428318][ T8322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.538958][ T8322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.565200][ T8322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.585110][ T8322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.657564][ T8322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.749355][ T8320] device hsr_slave_0 entered promiscuous mode [ 209.797525][ T8320] device hsr_slave_1 entered promiscuous mode [ 209.856953][ T8320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 209.874543][ T8320] Cannot create hsr debugfs directory [ 210.120885][ T8322] device hsr_slave_0 entered promiscuous mode [ 210.217465][ T8322] device hsr_slave_1 entered promiscuous mode [ 210.266868][ T8322] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 210.280511][ T8322] Cannot create hsr debugfs directory [ 210.350060][ T8317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 210.438914][ T8317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 210.554053][ T8317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 210.651265][ T8317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 210.823180][ T8319] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 210.926233][ T8319] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 211.030684][ T8319] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 211.114946][ T8319] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 211.277352][ T8320] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 211.393003][ T8320] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 211.511637][ T8320] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 211.623383][ T8320] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 211.732790][ T8322] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 211.799232][ T8322] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 211.934750][ T8322] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 212.000062][ T8322] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 212.221865][ T8317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.253940][ T8319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.284044][ T8320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.303376][ T8317] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.325576][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.340908][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.355162][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.379740][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.405159][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.422072][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.440051][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.460883][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.495513][ T8319] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.525174][ T8322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.549015][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.572285][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.594649][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.624310][ T8344] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.642900][ T8344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.663605][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.683715][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.701404][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.757940][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.781149][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.807893][ T8344] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.829263][ T8344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.853982][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.880978][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.899871][ T8344] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.924065][ T8344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.942912][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.962218][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.980941][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.001176][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.021220][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.038462][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.053864][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.068532][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.084508][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.102986][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.118511][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.134823][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.156939][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.173146][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.189622][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.205681][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.220919][ T8319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.247761][ T8320] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.261218][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.274638][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.292748][ T8317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 213.308269][ T8317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 213.329873][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.341697][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.355314][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.367113][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.379090][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.391001][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.402646][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.421786][ T8322] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.448016][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.460274][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.474013][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.484848][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.495981][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.507218][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.519130][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.536315][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.554423][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.567282][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.581909][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.597377][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.612958][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.625662][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.638367][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.652368][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.669222][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.689606][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.718817][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.748695][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.781097][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.821422][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.872343][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.922270][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.963654][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.998346][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.028856][ T8322] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 214.059006][ T8322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 214.101616][ T8319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.137545][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.164164][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.195438][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.226112][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.255226][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.274167][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.291092][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.307068][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.323190][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.338414][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.352746][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.370477][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 214.397306][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 214.416909][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.432884][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.457718][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.475040][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.493929][ T8317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.518858][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.542054][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.571247][ T8320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.607190][ T8322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.638150][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 214.652091][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 214.668820][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 214.687878][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 214.725800][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 214.743318][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 214.780142][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 214.815634][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 214.858782][ T8319] device veth0_vlan entered promiscuous mode [ 214.881995][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 214.905652][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 214.932668][ T8320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.955799][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 214.972615][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 214.993202][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 215.014244][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 215.053311][ T8319] device veth1_vlan entered promiscuous mode [ 215.097500][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 215.134647][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 215.158480][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 215.192478][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 215.222388][ T8317] device veth0_vlan entered promiscuous mode [ 215.249480][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 215.262501][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.281540][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 215.300813][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 215.321853][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 215.338457][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.363181][ T8317] device veth1_vlan entered promiscuous mode [ 215.401025][ T8322] device veth0_vlan entered promiscuous mode [ 215.426447][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 215.443513][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 215.462376][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 215.487440][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 215.505815][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 215.523068][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.542590][ T8320] device veth0_vlan entered promiscuous mode [ 215.576237][ T8322] device veth1_vlan entered promiscuous mode [ 215.605960][ T8320] device veth1_vlan entered promiscuous mode [ 215.643725][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 215.659873][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 215.676275][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 215.703839][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 215.733422][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 215.758382][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 215.778583][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 215.808888][ T8319] device veth0_macvtap entered promiscuous mode [ 215.826431][ T8319] device veth1_macvtap entered promiscuous mode [ 215.846504][ T8317] device veth0_macvtap entered promiscuous mode [ 215.871805][ T8317] device veth1_macvtap entered promiscuous mode [ 215.891427][ T8319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.912588][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 215.924694][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 215.938335][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 215.950934][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 215.963045][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 215.975187][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 215.989198][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 216.009873][ T8319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.032702][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 216.048164][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.064192][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.080111][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 216.101472][ T8322] device veth0_macvtap entered promiscuous mode [ 216.126507][ T8322] device veth1_macvtap entered promiscuous mode [ 216.155588][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 216.187312][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 216.211590][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 216.234911][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.275221][ T8320] device veth0_macvtap entered promiscuous mode [ 216.314752][ T8317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 216.345314][ T8317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.370681][ T8317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.391793][ T8320] device veth1_macvtap entered promiscuous mode [ 216.409588][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 216.429227][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 216.448265][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 216.467274][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 216.633008][ T8317] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.657875][ T8317] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.694475][ T8317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.778293][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.804509][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 216.866087][ T8322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 216.901201][ T8322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.934692][ T8322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 216.964859][ T8322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.989397][ T8322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.018586][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 217.040183][ T2851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 217.063849][ T8322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 217.089114][ T8322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.108486][ T8322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 217.126322][ T8322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.149744][ T8322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.218336][ T8320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 217.236122][ T8320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.251825][ T8320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 217.270147][ T8320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.294268][ T8320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 217.318552][ T8320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.338917][ T8320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.354769][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 217.358768][ T8319] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 217.379410][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 217.420519][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 217.447744][ T8014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 217.564725][ T8320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 217.626271][ T8320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.682186][ T8320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 217.725109][ T8320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.755278][ T8320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 217.788080][ T8320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.820778][ T8320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.906404][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 217.934224][ T8343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 04:05:45 executing program 0: personality(0x5000007) ppoll(&(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}], 0x5d, &(0x7f0000000200)={0x77359400}, &(0x7f0000000180), 0x8) 04:05:45 executing program 1: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) mkdir(&(0x7f0000000140)='./file0/file0\x00', 0x0) chdir(&(0x7f00000002c0)='./bus\x00') mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1/file0\x00', 0x0) renameat2(r0, &(0x7f0000000000)='./file1/file0\x00', r0, &(0x7f00000000c0)='./file0/file0\x00', 0x0) 04:05:45 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x8}) 04:05:45 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x10000023, &(0x7f00000002c0)=""/77, 0x42e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0xfe76, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0x6129d00b}], 0x4, &(0x7f00000001c0)=""/4, 0x10036, 0x7301}, 0x0) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x47, &(0x7f0000000000)}, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) [ 218.455689][ T8367] ================================================================== [ 218.456064][ T8367] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 218.456073][ T8367] Write of size 8 at addr ffffc90009761000 by task syz-executor.0/8367 [ 218.456075][ T8367] [ 218.456261][ T8367] CPU: 2 PID: 8367 Comm: syz-executor.0 Not tainted 5.8.0-rc4-syzkaller #0 [ 218.456267][ T8367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 218.456280][ T8367] Call Trace: [ 218.456373][ T8367] dump_stack+0x18f/0x20d [ 218.456384][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.456396][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.456409][ T8367] print_address_description.constprop.0.cold+0x5/0x436 [ 218.456943][ T8367] ? lockdep_hardirqs_off+0x66/0xa0 [ 218.456943][ T8367] ? vprintk_func+0x97/0x1a6 [ 218.456943][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.456943][ T8367] kasan_report.cold+0x1f/0x37 [ 218.456943][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.456943][ T8367] bitfill_aligned+0x34a/0x400 [ 218.456943][ T8367] sys_fillrect+0x408/0x7a0 [ 218.456943][ T8367] ? sys_fillrect+0x7a0/0x7a0 [ 218.456943][ T8367] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 218.456943][ T8367] bit_clear_margins+0x2d5/0x4a0 [ 218.456943][ T8367] ? bit_bmove+0x210/0x210 [ 218.456943][ T8367] ? fb_get_color_depth+0x11a/0x240 [ 218.456943][ T8367] fbcon_clear_margins+0x1d5/0x230 [ 218.456943][ T8367] fbcon_switch+0xb6e/0x16c0 [ 218.456943][ T8367] ? fbcon_scroll+0x3600/0x3600 [ 218.456943][ T8367] ? fbcon_cursor+0x52b/0x650 [ 218.456943][ T8367] ? kmalloc_array.constprop.0+0x20/0x20 [ 218.456943][ T8367] ? is_console_locked+0x5/0x10 [ 218.456943][ T8367] ? fbcon_set_origin+0x26/0x50 [ 218.456943][ T8367] redraw_screen+0x2ae/0x770 [ 218.456943][ T8367] ? vc_init+0x440/0x440 [ 218.456943][ T8367] ? fb_get_color_depth+0x11a/0x240 [ 218.456943][ T8367] ? fbcon_set_palette+0x3a8/0x490 [ 218.456943][ T8367] fbcon_modechanged+0x575/0x710 [ 218.456943][ T8367] fbcon_update_vcs+0x3a/0x50 [ 218.456943][ T8367] fb_set_var+0xae8/0xd60 [ 218.456943][ T8367] ? fb_blank+0x190/0x190 [ 218.456943][ T8367] ? lock_release+0x8d0/0x8d0 [ 218.456943][ T8367] ? lock_is_held_type+0xb0/0xe0 [ 218.456943][ T8367] ? do_fb_ioctl+0x2f2/0x6c0 [ 218.456943][ T8367] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 218.456943][ T8367] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 218.456943][ T8367] ? trace_hardirqs_on+0x5f/0x220 [ 218.456943][ T8367] do_fb_ioctl+0x33f/0x6c0 [ 218.456943][ T8367] ? fb_set_suspend+0x1a0/0x1a0 [ 218.456943][ T8367] ? lock_downgrade+0x820/0x820 [ 218.456943][ T8367] ? trace_hardirqs_on+0x5f/0x220 [ 218.456943][ T8367] ? lockdep_hardirqs_on+0x6a/0xe0 [ 218.456943][ T8367] ? tomoyo_path_number_perm+0x244/0x4d0 [ 218.456943][ T8367] ? tomoyo_execute_permission+0x470/0x470 [ 218.456943][ T8367] ? __might_fault+0xef/0x1d0 [ 218.456943][ T8367] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 218.456943][ T8367] ? do_vfs_ioctl+0x27d/0x1090 [ 218.456943][ T8367] ? generic_block_fiemap+0x60/0x60 [ 218.456943][ T8367] fb_compat_ioctl+0x175/0xc10 [ 218.456943][ T8367] ? fb_open+0x430/0x430 [ 218.456943][ T8367] ? __fget_files+0x294/0x400 [ 218.456943][ T8367] ? fb_open+0x430/0x430 [ 218.456943][ T8367] __do_compat_sys_ioctl+0x1d3/0x230 [ 218.456943][ T8367] do_syscall_32_irqs_on+0x3f/0x60 [ 218.456943][ T8367] do_fast_syscall_32+0x7f/0x120 [ 218.456943][ T8367] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 218.456943][ T8367] RIP: 0023:0xf7fbc569 [ 218.456943][ T8367] Code: Bad RIP value. [ 218.456943][ T8367] RSP: 002b:00000000f5db70bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 218.456943][ T8367] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 218.456943][ T8367] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 218.456943][ T8367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 218.456943][ T8367] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 218.456943][ T8367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 218.456943][ T8367] [ 218.456943][ T8367] [ 218.456943][ T8367] Memory state around the buggy address: [ 218.456943][ T8367] ffffc90009760f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 218.456943][ T8367] ffffc90009760f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 218.456943][ T8367] >ffffc90009761000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 218.456943][ T8367] ^ [ 218.456943][ T8367] ffffc90009761080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 218.456943][ T8367] ffffc90009761100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 218.456943][ T8367] ================================================================== [ 218.456943][ T8367] Disabling lock debugging due to kernel taint [ 218.462799][ T8367] Kernel panic - not syncing: panic_on_warn set ... [ 218.462822][ T8367] CPU: 2 PID: 8367 Comm: syz-executor.0 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 218.462827][ T8367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 218.462835][ T8367] Call Trace: [ 218.462902][ T8367] dump_stack+0x18f/0x20d [ 218.462913][ T8367] ? bitfill_aligned+0x260/0x400 [ 218.462923][ T8367] panic+0x2e3/0x75c [ 218.462931][ T8367] ? __warn_printk+0xf3/0xf3 [ 218.462942][ T8367] ? preempt_schedule_common+0x59/0xc0 [ 218.462950][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.462958][ T8367] ? preempt_schedule_thunk+0x16/0x18 [ 218.462966][ T8367] ? trace_hardirqs_on+0x55/0x220 [ 218.462974][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.462980][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.462987][ T8367] end_report+0x4d/0x53 [ 218.462993][ T8367] kasan_report.cold+0xd/0x37 [ 218.463001][ T8367] ? bitfill_aligned+0x34a/0x400 [ 218.463008][ T8367] bitfill_aligned+0x34a/0x400 [ 218.463016][ T8367] sys_fillrect+0x408/0x7a0 [ 218.463024][ T8367] ? sys_fillrect+0x7a0/0x7a0 [ 218.463034][ T8367] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 218.463042][ T8367] bit_clear_margins+0x2d5/0x4a0 [ 218.463049][ T8367] ? bit_bmove+0x210/0x210 [ 218.463058][ T8367] ? fb_get_color_depth+0x11a/0x240 [ 218.463066][ T8367] fbcon_clear_margins+0x1d5/0x230 [ 218.463073][ T8367] fbcon_switch+0xb6e/0x16c0 [ 218.463082][ T8367] ? fbcon_scroll+0x3600/0x3600 [ 218.463091][ T8367] ? fbcon_cursor+0x52b/0x650 [ 218.463098][ T8367] ? kmalloc_array.constprop.0+0x20/0x20 [ 218.463107][ T8367] ? is_console_locked+0x5/0x10 [ 218.463114][ T8367] ? fbcon_set_origin+0x26/0x50 [ 218.463123][ T8367] redraw_screen+0x2ae/0x770 [ 218.463130][ T8367] ? vc_init+0x440/0x440 [ 218.463138][ T8367] ? fb_get_color_depth+0x11a/0x240 [ 218.463145][ T8367] ? fbcon_set_palette+0x3a8/0x490 [ 218.463152][ T8367] fbcon_modechanged+0x575/0x710 [ 218.463160][ T8367] fbcon_update_vcs+0x3a/0x50 [ 218.463167][ T8367] fb_set_var+0xae8/0xd60 [ 218.463174][ T8367] ? fb_blank+0x190/0x190 [ 218.463182][ T8367] ? lock_release+0x8d0/0x8d0 [ 218.463192][ T8367] ? lock_is_held_type+0xb0/0xe0 [ 218.463201][ T8367] ? do_fb_ioctl+0x2f2/0x6c0 [ 218.463212][ T8367] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 218.463220][ T8367] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 218.463226][ T8367] ? trace_hardirqs_on+0x5f/0x220 [ 218.463234][ T8367] do_fb_ioctl+0x33f/0x6c0 [ 218.463242][ T8367] ? fb_set_suspend+0x1a0/0x1a0 [ 218.463249][ T8367] ? lock_downgrade+0x820/0x820 [ 218.463257][ T8367] ? trace_hardirqs_on+0x5f/0x220 [ 218.463264][ T8367] ? lockdep_hardirqs_on+0x6a/0xe0 [ 218.463293][ T8367] ? tomoyo_path_number_perm+0x244/0x4d0 [ 218.463301][ T8367] ? tomoyo_execute_permission+0x470/0x470 [ 218.463308][ T8367] ? __might_fault+0xef/0x1d0 [ 218.463321][ T8367] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 218.463328][ T8367] ? do_vfs_ioctl+0x27d/0x1090 [ 218.463335][ T8367] ? generic_block_fiemap+0x60/0x60 [ 218.463344][ T8367] fb_compat_ioctl+0x175/0xc10 [ 218.463351][ T8367] ? fb_open+0x430/0x430 [ 218.463360][ T8367] ? __fget_files+0x294/0x400 [ 218.463368][ T8367] ? fb_open+0x430/0x430 [ 218.463375][ T8367] __do_compat_sys_ioctl+0x1d3/0x230 [ 218.463384][ T8367] do_syscall_32_irqs_on+0x3f/0x60 [ 218.463398][ T8367] do_fast_syscall_32+0x7f/0x120 [ 218.463408][ T8367] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 218.463439][ T8367] RIP: 0023:0xf7fbc569 [ 218.463442][ T8367] Code: Bad RIP value. [ 218.463446][ T8367] RSP: 002b:00000000f5db70bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 218.463454][ T8367] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 218.463459][ T8367] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 218.463463][ T8367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 218.463467][ T8367] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 218.463471][ T8367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 218.472155][ T8367] Kernel Offset: disabled [ 218.472155][ T8367] Rebooting in 86400 seconds..