./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3581293237

<...>
forked to background, child pid 3183
no interfaces have a carrier
[   20.456254][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0
[   20.466843][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
execve("./syz-executor3581293237", ["./syz-executor3581293237"], 0x7ffc9b14d3b0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555953000
brk(0x555555953c40)                     = 0x555555953c40
arch_prctl(ARCH_SET_FS, 0x555555953300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3581293237", 4096) = 28
brk(0x555555974c40)                     = 0x555555974c40
brk(0x555555975000)                     = 0x555555975000
mprotect(0x7f843c563000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559535d0) = 3605
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3605 attached
./strace-static-x86_64: Process 3606 attached
, child_tidptr=0x5555559535d0) = 3606
[pid  3605] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3604] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3604] <... clone resumed>, child_tidptr=0x5555559535d0) = 3607
./strace-static-x86_64: Process 3608 attached
./strace-static-x86_64: Process 3607 attached
[pid  3604] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3605] <... clone resumed>, child_tidptr=0x5555559535d0) = 3608
./strace-static-x86_64: Process 3609 attached
[pid  3604] <... clone resumed>, child_tidptr=0x5555559535d0) = 3609
[pid  3608] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3611 attached
./strace-static-x86_64: Process 3610 attached
 <unfinished ...>
[pid  3604] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3609] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3608] <... prctl resumed>)        = 0
./strace-static-x86_64: Process 3613 attached
./strace-static-x86_64: Process 3612 attached
[pid  3611] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  3610] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  3608] setpgid(0, 0 <unfinished ...>
[pid  3607] <... clone resumed>, child_tidptr=0x5555559535d0) = 3611
[pid  3606] <... clone resumed>, child_tidptr=0x5555559535d0) = 3610
[pid  3604] <... clone resumed>, child_tidptr=0x5555559535d0) = 3612
[pid  3613] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  3609] <... clone resumed>, child_tidptr=0x5555559535d0) = 3613
[pid  3604] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3613] <... prctl resumed>)        = 0
[pid  3613] setpgid(0, 0 <unfinished ...>
[pid  3604] <... clone resumed>, child_tidptr=0x5555559535d0) = 3614
[pid  3613] <... setpgid resumed>)      = 0
[pid  3611] <... prctl resumed>)        = 0
./strace-static-x86_64: Process 3614 attached
[pid  3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3611] setpgid(0, 0 <unfinished ...>
[pid  3610] <... prctl resumed>)        = 0
[pid  3608] <... setpgid resumed>)      = 0
[pid  3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  3613] <... openat resumed>)       = 3
[pid  3611] <... setpgid resumed>)      = 0
[pid  3610] setpgid(0, 0./strace-static-x86_64: Process 3616 attached
./strace-static-x86_64: Process 3615 attached
 <unfinished ...>
[pid  3613] write(3, "1000", 4 <unfinished ...>
[pid  3612] <... clone resumed>, child_tidptr=0x5555559535d0) = 3615
[pid  3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3610] <... setpgid resumed>)      = 0
[pid  3608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3616] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  3615] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  3614] <... clone resumed>, child_tidptr=0x5555559535d0) = 3616
[pid  3613] <... write resumed>)        = 4
[pid  3611] <... openat resumed>)       = 3
[pid  3616] <... prctl resumed>)        = 0
[pid  3615] <... prctl resumed>)        = 0
[pid  3613] close(3 <unfinished ...>
[pid  3611] write(3, "1000", 4 <unfinished ...>
[pid  3616] setpgid(0, 0 <unfinished ...>
[pid  3615] setpgid(0, 0 <unfinished ...>
[pid  3613] <... close resumed>)        = 0
[pid  3611] <... write resumed>)        = 4
[pid  3616] <... setpgid resumed>)      = 0
[pid  3615] <... setpgid resumed>)      = 0
[pid  3613] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR <unfinished ...>
[pid  3611] close(3 <unfinished ...>
[pid  3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3613] <... openat resumed>)       = 3
[pid  3611] <... close resumed>)        = 0
[pid  3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  3608] <... openat resumed>)       = 3
[pid  3616] <... openat resumed>)       = 3
[pid  3615] <... openat resumed>)       = 3
[pid  3613] ioctl(3, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=27, height=5, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3611] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR <unfinished ...>
[pid  3608] write(3, "1000", 4 <unfinished ...>
[pid  3616] write(3, "1000", 4 <unfinished ...>
[pid  3615] write(3, "1000", 4 <unfinished ...>
[pid  3611] <... openat resumed>)       = 3
[pid  3610] <... openat resumed>)       = 3
[pid  3608] <... write resumed>)        = 4
[pid  3616] <... write resumed>)        = 4
[pid  3615] <... write resumed>)        = 4
[pid  3611] ioctl(3, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=27, height=5, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3610] write(3, "1000", 4 <unfinished ...>
[pid  3608] close(3 <unfinished ...>
[pid  3616] close(3 <unfinished ...>
[pid  3615] close(3 <unfinished ...>
[pid  3610] <... write resumed>)        = 4
[pid  3608] <... close resumed>)        = 0
[pid  3616] <... close resumed>)        = 0
[pid  3615] <... close resumed>)        = 0
[pid  3610] close(3 <unfinished ...>
[pid  3616] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR <unfinished ...>
[pid  3615] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR <unfinished ...>
[pid  3610] <... close resumed>)        = 0
[pid  3608] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR <unfinished ...>
[pid  3616] <... openat resumed>)       = 3
[pid  3615] <... openat resumed>)       = 3
[pid  3616] ioctl(3, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=27, height=5, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3615] ioctl(3, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=27, height=5, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3610] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR <unfinished ...>
[pid  3608] <... openat resumed>)       = 3
[pid  3610] <... openat resumed>)       = 3
[pid  3608] ioctl(3, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=27, height=5, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3610] ioctl(3, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=27, height=5, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3613] <... ioctl resumed>)        = 0
[pid  3613] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4
[pid  3613] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3613] write(5, "7", 1)            = 1
[pid  3613] ioctl(4, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=1, height=27, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3611] <... ioctl resumed>)        = 0
[pid  3611] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4
[pid  3611] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3611] write(5, "7", 1)            = 1
[pid  3611] ioctl(4, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=1, height=27, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3616] <... ioctl resumed>)        = 0
[pid  3616] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4
[pid  3616] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3616] write(5, "7", 1)            = 1
[pid  3616] ioctl(4, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=1, height=27, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3615] <... ioctl resumed>)        = 0
[pid  3615] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4
[pid  3615] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3615] write(5, "7", 1)            = 1
[pid  3615] ioctl(4, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=1, height=27, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3608] <... ioctl resumed>)        = 0
[pid  3608] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4
[pid  3608] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3608] write(5, "7", 1)            = 1
[pid  3608] ioctl(4, KDFONTOP, {op=KD_FONT_OP_SET, flags=0, width=1, height=27, charcount=512, data="\x0d\xe4\x73\x70\x56\x3e\xd4\x50\xe7\x4f\xba\x9e\xe1\x79\xc0\xc3\xe9\xad\xc8\x5c\xaf\x8b\x84\x72\x24\x62\xad\x15\x24\xc6\x6b\xfb\x8e\x45\xba\x6e\x38\x74\xc6\x5b\x82\x9b\x1f\x1a\x23\x5b\xd3\xb1\x48\xfb\x05\x15\xce\xe6\x7c\xda\xf9\xae\xae\x59\x5c\x1e\x8e\xa1\xa6\x1d\x94\x24\x98\x1d\x3f\x26\xe4\x69\x9a\x20\x6b\xcd\xd0\xf8\xf5\x37\x45\x66\x88\xf3\xcd\xfc\x70\x45\xda\x32\x84\x2f\x9b\x8e\x41\x12\x7e\xd9"...} <unfinished ...>
[pid  3613] <... ioctl resumed>)        = 0
[pid  3613] exit_group(0 <unfinished ...>
[pid  3610] <... ioctl resumed>)        = 0
[pid  3613] <... exit_group resumed>)   = ?
[pid  3610] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR <unfinished ...>
[pid  3613] +++ exited with 0 +++
[pid  3609] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3613, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[pid  3610] <... openat resumed>)       = 4
[pid  3609] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  3610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
syzkaller login: [   35.406936][ T3611] ==================================================================
[   35.406948][ T3611] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1ed0/0x2240
[   35.406995][ T3611] Write of size 4 at addr ffffc900040f1000 by task syz-executor358/3611
[   35.407010][ T3611] 
[   35.407014][ T3611] CPU: 1 PID: 3611 Comm: syz-executor358 Not tainted 5.19.0-rc6-syzkaller-00026-g5a29232d870d #0
[   35.407032][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   35.407043][ T3611] Call Trace:
[   35.407049][ T3611]  <TASK>
[   35.407056][ T3611]  dump_stack_lvl+0xcd/0x134
[   35.407078][ T3611]  print_address_description.constprop.0.cold+0xf/0x495
[   35.407104][ T3611]  ? sys_imageblit+0x1ed0/0x2240
[   35.407120][ T3611]  kasan_report.cold+0xf4/0x1c6
[   35.407139][ T3611]  ? sys_imageblit+0x1361/0x2240
[   35.407156][ T3611]  ? sys_imageblit+0x1ed0/0x2240
[   35.407174][ T3611]  sys_imageblit+0x1ed0/0x2240
[   35.407198][ T3611]  ? sys_copyarea+0x1fa0/0x1fa0
[   35.407217][ T3611]  ? find_held_lock+0x2d/0x110
[   35.407239][ T3611]  ? fb_pad_unaligned_buffer+0x3ef/0x4a0
[   35.407261][ T3611]  drm_fbdev_fb_imageblit+0x15c/0x350
[   35.407282][ T3611]  bit_putcs+0x6e1/0xd20
[   35.407309][ T3611]  ? bit_clear+0x4f0/0x4f0
[   35.407333][ T3611]  ? fb_get_color_depth+0x11a/0x240
[   35.407349][ T3611]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   35.407366][ T3611]  ? bit_clear+0x4f0/0x4f0
[   35.407385][ T3611]  fbcon_putcs+0x314/0x3e0
[   35.407408][ T3611]  do_update_region+0x399/0x630
[   35.407431][ T3611]  ? con_get_trans_old+0x2a0/0x2a0
[   35.407449][ T3611]  ? fb_get_color_depth+0x11a/0x240
[   35.407470][ T3611]  ? fbcon_set_palette+0x3f4/0x590
[   35.407491][ T3611]  ? var_to_display+0x7f0/0x7f0
[   35.407514][ T3611]  redraw_screen+0x61f/0x740
[   35.407534][ T3611]  ? free_unref_page+0x32d/0x6a0
[   35.407553][ T3611]  ? vc_init+0x5a0/0x5a0
[   35.407575][ T3611]  fbcon_do_set_font+0x5eb/0x6f0
[   35.407599][ T3611]  fbcon_set_font+0x89d/0xab0
[   35.407623][ T3611]  ? fbcon_set_def_font+0x320/0x320
[   35.407645][ T3611]  con_font_op+0x73a/0xc90
[   35.407667][ T3611]  ? con_write+0x40/0x40
[   35.407693][ T3611]  vt_ioctl+0x1efa/0x2b20
[   35.407715][ T3611]  ? vt_waitactive+0x350/0x350
[   35.407739][ T3611]  ? tomoyo_path_number_perm+0x24e/0x590
[   35.407764][ T3611]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   35.407790][ T3611]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   35.407812][ T3611]  ? vt_waitactive+0x350/0x350
[   35.407842][ T3611]  tty_ioctl+0xbbd/0x15e0
[   35.407863][ T3611]  ? tty_fasync+0x390/0x390
[   35.407883][ T3611]  ? find_held_lock+0x2d/0x110
[   35.407906][ T3611]  ? ptrace_notify+0xfa/0x140
[   35.407924][ T3611]  ? lock_downgrade+0x6e0/0x6e0
[   35.407949][ T3611]  ? _raw_spin_unlock_irq+0x1f/0x40
[   35.407971][ T3611]  ? bpf_lsm_file_ioctl+0x5/0x10
[   35.407993][ T3611]  ? tty_fasync+0x390/0x390
[   35.408014][ T3611]  __x64_sys_ioctl+0x193/0x200
[   35.408037][ T3611]  do_syscall_64+0x35/0xb0
[   35.408059][ T3611]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   35.408080][ T3611] RIP: 0033:0x7f843c4f5239
[   35.408095][ T3611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   35.408111][ T3611] RSP: 002b:00007fff271bd368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   35.408130][ T3611] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f843c4f5239
[   35.408143][ T3611] RDX: 0000000020000040 RSI: 0000000000004b72 RDI: 0000000000000004
[   35.408154][ T3611] RBP: 00007fff271bd380 R08: 0000000000000001 R09: 0000000000000000
[   35.408164][ T3611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   35.408175][ T3611] R13: 0000000000000000 R14: 00007fff271bd3a0 R15: 00007fff271bd390
[   35.408191][ T3611]  </TASK>
[   35.408197][ T3611] 
[   35.408203][ T3611] The buggy address belongs to the virtual mapping at
[   35.408203][ T3611]  [ffffc90003df1000, ffffc900040f2000) created by:
[   35.408203][ T3611]  drm_gem_shmem_vmap+0x3d7/0x5a0
[   35.408229][ T3611] 
[   35.408232][ T3611] Memory state around the buggy address:
[   35.408241][ T3611]  ffffc900040f0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.408252][ T3611]  ffffc900040f0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.408263][ T3611] >ffffc900040f1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   35.408271][ T3611]                    ^
[   35.408279][ T3611]  ffffc900040f1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   35.408290][ T3611]  ffffc900040f1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   35.408298][ T3611] ==================================================================
[   35.408305][ T3611] Kernel panic - not syncing: panic_on_warn set ...
[   35.408312][ T3611] CPU: 1 PID: 3611 Comm: syz-executor358 Not tainted 5.19.0-rc6-syzkaller-00026-g5a29232d870d #0
[   35.408331][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   35.408340][ T3611] Call Trace:
[   35.408344][ T3611]  <TASK>
[   35.408348][ T3611]  dump_stack_lvl+0xcd/0x134
[   35.408368][ T3611]  panic+0x2d7/0x636
[   35.408386][ T3611]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   35.408407][ T3611]  ? mark_held_locks+0x9f/0xe0
[   35.408427][ T3611]  ? sys_imageblit+0x1ed0/0x2240
[   35.408446][ T3611]  ? sys_imageblit+0x1ed0/0x2240
[   35.408463][ T3611]  end_report.part.0+0x3f/0x7c
[   35.408481][ T3611]  kasan_report.cold+0x93/0x1c6
[   35.408499][ T3611]  ? sys_imageblit+0x1361/0x2240
[   35.408516][ T3611]  ? sys_imageblit+0x1ed0/0x2240
[   35.408532][ T3611]  sys_imageblit+0x1ed0/0x2240
[   35.408554][ T3611]  ? sys_copyarea+0x1fa0/0x1fa0
[   35.408573][ T3611]  ? find_held_lock+0x2d/0x110
[   35.408594][ T3611]  ? fb_pad_unaligned_buffer+0x3ef/0x4a0
[   35.408615][ T3611]  drm_fbdev_fb_imageblit+0x15c/0x350
[   35.408635][ T3611]  bit_putcs+0x6e1/0xd20
[   35.408662][ T3611]  ? bit_clear+0x4f0/0x4f0
[   35.408685][ T3611]  ? fb_get_color_depth+0x11a/0x240
[   35.408703][ T3611]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   35.408725][ T3611]  ? bit_clear+0x4f0/0x4f0
[   35.408745][ T3611]  fbcon_putcs+0x314/0x3e0
[   35.408767][ T3611]  do_update_region+0x399/0x630
[   35.408788][ T3611]  ? con_get_trans_old+0x2a0/0x2a0
[   35.408806][ T3611]  ? fb_get_color_depth+0x11a/0x240
[   35.408826][ T3611]  ? fbcon_set_palette+0x3f4/0x590
[   35.408855][ T3611]  ? var_to_display+0x7f0/0x7f0
[   35.408877][ T3611]  redraw_screen+0x61f/0x740
[   35.408896][ T3611]  ? free_unref_page+0x32d/0x6a0
[   35.408913][ T3611]  ? vc_init+0x5a0/0x5a0
[   35.408933][ T3611]  fbcon_do_set_font+0x5eb/0x6f0
[   35.408955][ T3611]  fbcon_set_font+0x89d/0xab0
[   35.408979][ T3611]  ? fbcon_set_def_font+0x320/0x320
[   35.409000][ T3611]  con_font_op+0x73a/0xc90
[   35.409021][ T3611]  ? con_write+0x40/0x40
[   35.409046][ T3611]  vt_ioctl+0x1efa/0x2b20
[   35.409066][ T3611]  ? vt_waitactive+0x350/0x350
[   35.409089][ T3611]  ? tomoyo_path_number_perm+0x24e/0x590
[   35.409113][ T3611]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   35.409137][ T3611]  ? __sanitizer_cov_trace_switch+0x50/0x90
[   35.409159][ T3611]  ? vt_waitactive+0x350/0x350
[   35.409180][ T3611]  tty_ioctl+0xbbd/0x15e0
[   35.409201][ T3611]  ? tty_fasync+0x390/0x390
[   35.409222][ T3611]  ? find_held_lock+0x2d/0x110
[   35.409244][ T3611]  ? ptrace_notify+0xfa/0x140
[   35.409261][ T3611]  ? lock_downgrade+0x6e0/0x6e0
[   35.409285][ T3611]  ? _raw_spin_unlock_irq+0x1f/0x40
[   35.409306][ T3611]  ? bpf_lsm_file_ioctl+0x5/0x10
[   35.409327][ T3611]  ? tty_fasync+0x390/0x390
[   35.409345][ T3611]  __x64_sys_ioctl+0x193/0x200
[   35.409367][ T3611]  do_syscall_64+0x35/0xb0
[   35.409388][ T3611]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   35.409410][ T3611] RIP: 0033:0x7f843c4f5239
[   35.409423][ T3611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   35.409440][ T3611] RSP: 002b:00007fff271bd368 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   35.409458][ T3611] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f843c4f5239
[   35.409470][ T3611] RDX: 0000000020000040 RSI: 0000000000004b72 RDI: 0000000000000004
[   35.409481][ T3611] RBP: 00007fff271bd380 R08: 0000000000000001 R09: 0000000000000000
[   35.409492][ T3611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   35.409503][ T3611] R13: 0000000000000000 R14: 00007fff271bd3a0 R15: 00007fff271bd390
[   35.409521][ T3611]  </TASK>
[   35.410222][ T3611] Kernel Offset: disabled