Warning: Permanently added '[localhost]:27683' (ECDSA) to the list of known hosts.
syzkaller login: [  160.492415][   T40] kauditd_printk_skb: 7 callbacks suppressed
2020/07/18 17:23:23 fuzzer started
[  160.514443][   T40] audit: type=1400 audit(1595093003.906:42): avc:  denied  { map } for  pid=8967 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
2020/07/18 17:23:24 dialing manager at 10.0.2.10:45655
2020/07/18 17:23:24 syscalls: 3205
2020/07/18 17:23:24 code coverage: enabled
2020/07/18 17:23:24 comparison tracing: enabled
2020/07/18 17:23:24 extra coverage: enabled
2020/07/18 17:23:24 setuid sandbox: enabled
2020/07/18 17:23:24 namespace sandbox: enabled
2020/07/18 17:23:24 Android sandbox: /sys/fs/selinux/policy does not exist
2020/07/18 17:23:24 fault injection: enabled
2020/07/18 17:23:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/07/18 17:23:24 net packet injection: enabled
2020/07/18 17:23:24 net device setup: enabled
2020/07/18 17:23:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/07/18 17:23:24 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/07/18 17:23:24 USB emulation: enabled
[  160.987848][   T40] audit: type=1400 audit(1595093004.406:43): avc:  denied  { integrity } for  pid=8984 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1
17:24:04 executing program 0:
perf_event_open(&(0x7f0000000700)={0x2, 0x70, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socket$inet6(0xa, 0x2, 0x0)

[  201.631653][   T40] audit: type=1400 audit(1595093045.046:44): avc:  denied  { map } for  pid=8989 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1042 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
17:24:05 executing program 1:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x4000, 0x0)

17:24:05 executing program 2:
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000000c0)='./bus/file1\x00', 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setxattr$security_capability(&(0x7f00000001c0)='./bus/file1\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000000)=@v2, 0x14, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./bus/file1\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000340)=@v2={0x0, 0x0, 0x0, 0x0, 0xc, "c90a3b83593e0ee4baab0500"}, 0x15, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000140)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000600)='./bus/file1\x00', 0x0, 0x0)

[  202.340359][ T8992] IPVS: ftp: loaded support on port[0] = 21
[  202.340586][ T8991] IPVS: ftp: loaded support on port[0] = 21
17:24:05 executing program 3:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff})

[  202.497604][ T8994] IPVS: ftp: loaded support on port[0] = 21
[  202.702511][ T8992] chnl_net:caif_netlink_parms(): no params data found
[  202.725676][ T8996] IPVS: ftp: loaded support on port[0] = 21
[  202.759687][ T8991] chnl_net:caif_netlink_parms(): no params data found
[  202.810378][ T8994] chnl_net:caif_netlink_parms(): no params data found
[  202.949863][ T8991] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.962061][ T8991] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.975418][ T8991] device bridge_slave_0 entered promiscuous mode
[  202.998172][ T8991] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.007365][ T8991] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.016824][ T8991] device bridge_slave_1 entered promiscuous mode
[  203.053727][ T8992] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.066112][ T8992] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.079088][ T8992] device bridge_slave_0 entered promiscuous mode
[  203.097798][ T8992] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.115274][ T8992] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.129435][ T8992] device bridge_slave_1 entered promiscuous mode
[  203.156174][ T8991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.171955][ T8991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.208631][ T8992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.223202][ T8994] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.232375][ T8994] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.242836][ T8994] device bridge_slave_0 entered promiscuous mode
[  203.269135][ T8992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.287086][ T8994] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.299333][ T8994] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.315143][ T8994] device bridge_slave_1 entered promiscuous mode
[  203.329578][ T8991] team0: Port device team_slave_0 added
[  203.369411][ T8991] team0: Port device team_slave_1 added
[  203.387037][ T8992] team0: Port device team_slave_0 added
[  203.400526][ T8994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.424620][ T8994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.461634][ T8992] team0: Port device team_slave_1 added
[  203.489039][ T8991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.500409][ T8991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.548589][ T8991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.599120][ T8994] team0: Port device team_slave_0 added
[  203.610186][ T8991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.619909][ T8991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.664802][ T8991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.683679][ T8996] chnl_net:caif_netlink_parms(): no params data found
[  203.717611][ T8994] team0: Port device team_slave_1 added
[  203.758953][ T8992] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.775175][ T8992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.824453][ T8992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.847476][ T8994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.861648][ T8994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.894525][ T8994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.917677][ T8992] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.928200][ T8992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.970909][ T8992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.996958][ T8994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  204.006390][ T8994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.040307][ T8994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  204.125407][ T8991] device hsr_slave_0 entered promiscuous mode
[  204.183592][ T8991] device hsr_slave_1 entered promiscuous mode
[  204.324801][ T8992] device hsr_slave_0 entered promiscuous mode
[  204.412839][ T8992] device hsr_slave_1 entered promiscuous mode
[  204.452779][ T8992] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  204.465173][ T8992] Cannot create hsr debugfs directory
[  204.505861][ T8996] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.514197][ T8996] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.523904][ T8996] device bridge_slave_0 entered promiscuous mode
[  204.538651][ T8996] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.547228][ T8996] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.556840][ T8996] device bridge_slave_1 entered promiscuous mode
[  204.638749][ T8994] device hsr_slave_0 entered promiscuous mode
[  204.703077][ T8994] device hsr_slave_1 entered promiscuous mode
[  204.772434][ T8994] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  204.783584][ T8994] Cannot create hsr debugfs directory
[  204.828774][ T8996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  204.872592][ T8996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.916774][ T8996] team0: Port device team_slave_0 added
[  204.937382][ T8996] team0: Port device team_slave_1 added
[  205.020715][ T8996] batman_adv: batadv0: Adding interface: batadv_slave_0
[  205.034385][ T8996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  205.069819][ T8996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  205.101728][ T8996] batman_adv: batadv0: Adding interface: batadv_slave_1
[  205.114282][ T8996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  205.152061][ T8996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  205.304888][ T8996] device hsr_slave_0 entered promiscuous mode
[  205.352930][ T8996] device hsr_slave_1 entered promiscuous mode
[  205.392387][ T8996] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  205.406287][ T8996] Cannot create hsr debugfs directory
[  205.440082][   T40] audit: type=1400 audit(1595093048.856:45): avc:  denied  { create } for  pid=8991 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  205.449043][ T8991] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  205.476950][   T40] audit: type=1400 audit(1595093048.856:46): avc:  denied  { write } for  pid=8991 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  205.526942][   T40] audit: type=1400 audit(1595093048.866:47): avc:  denied  { read } for  pid=8991 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  205.617669][ T8991] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  205.752991][ T8991] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  205.849081][ T8991] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  205.966426][ T8992] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  206.038908][ T8992] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  206.138143][ T8992] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  206.217676][ T8992] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  206.306536][ T8994] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  206.378205][ T8994] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  206.450206][ T8994] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  206.565441][ T8994] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  206.710132][ T8996] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  206.779466][ T8996] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  206.835835][ T8996] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  206.905541][ T8996] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  207.082023][ T8991] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.128795][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  207.150470][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  207.171991][ T8991] 8021q: adding VLAN 0 to HW filter on device team0
[  207.216619][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.244369][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.283204][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.300067][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.328037][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  207.359687][ T8992] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.375954][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.398542][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.412996][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.426083][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.443217][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  207.470971][ T8994] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.504095][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.516273][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  207.525760][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  207.541868][ T8996] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.561659][ T8992] 8021q: adding VLAN 0 to HW filter on device team0
[  207.586962][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.607262][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.624377][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  207.637678][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  207.652812][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.672734][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.689361][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  207.700264][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  207.717724][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.739119][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.751647][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.761851][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.775350][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  207.789880][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  207.817716][ T8994] 8021q: adding VLAN 0 to HW filter on device team0
[  207.833817][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  207.846994][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  207.858910][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.882596][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.897359][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.912851][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.936702][ T8996] 8021q: adding VLAN 0 to HW filter on device team0
[  207.962128][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  207.986222][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  207.999236][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  208.015869][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  208.040658][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  208.058354][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  208.071885][ T2855] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.085225][ T2855] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.096747][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  208.144170][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  208.156644][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  208.171145][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  208.184068][ T2855] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.193899][ T2855] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.204891][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  208.219576][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  208.234983][ T2855] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.251812][ T2855] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.268377][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  208.286236][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  208.301892][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  208.317615][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.330707][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  208.349458][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.364666][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.377704][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.395479][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  208.404953][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  208.416766][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  208.427218][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  208.439839][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  208.450450][ T2855] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.460982][ T2855] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.482507][ T8996] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  208.496040][ T8996] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  208.511255][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.522014][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.531496][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  208.542867][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  208.553455][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  208.564441][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  208.575946][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  208.585905][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  208.596777][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  208.611497][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  208.630014][ T8992] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  208.645023][ T8992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  208.661713][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  208.673174][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  208.684192][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  208.693200][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  208.712076][ T8991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.739162][ T8992] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.747688][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  208.758397][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  208.771601][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.786213][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  208.795641][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  208.806313][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.817014][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.829613][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  208.851805][ T8996] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.864868][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  208.875347][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  208.894579][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  208.906123][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  208.916365][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  208.928718][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  208.944503][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  208.954050][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  208.968827][ T8994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  209.009028][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  209.024418][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  209.039170][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  209.051747][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  209.066481][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  209.077440][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  209.093638][ T8991] device veth0_vlan entered promiscuous mode
[  209.114599][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  209.129125][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  209.170765][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  209.195505][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  209.219697][ T8991] device veth1_vlan entered promiscuous mode
[  209.233600][ T8994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.246784][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  209.258511][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  209.270312][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  209.284631][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  209.309214][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  209.325076][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  209.341441][ T8992] device veth0_vlan entered promiscuous mode
[  209.358303][ T8996] device veth0_vlan entered promiscuous mode
[  209.371508][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  209.387068][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  209.411676][ T8996] device veth1_vlan entered promiscuous mode
[  209.425200][ T8992] device veth1_vlan entered promiscuous mode
[  209.447338][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  209.463458][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  209.478446][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  209.494107][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  209.510372][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  209.536924][ T8991] device veth0_macvtap entered promiscuous mode
[  209.551559][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  209.567794][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  209.581495][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  209.595405][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  209.618864][ T8991] device veth1_macvtap entered promiscuous mode
[  209.645496][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  209.655036][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  209.664544][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  209.676409][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  209.685263][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  209.696364][ T8994] device veth0_vlan entered promiscuous mode
[  209.718954][ T8991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.735461][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  209.746735][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  209.758853][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  209.768761][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  209.779345][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  209.790384][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  209.804465][ T8992] device veth0_macvtap entered promiscuous mode
[  209.820284][ T8996] device veth0_macvtap entered promiscuous mode
[  209.829616][ T8994] device veth1_vlan entered promiscuous mode
[  209.842641][ T8992] device veth1_macvtap entered promiscuous mode
[  209.856234][ T8991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.871183][ T8996] device veth1_macvtap entered promiscuous mode
[  209.885208][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  209.895965][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  209.905986][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  209.915867][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  209.925408][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  209.934518][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  209.945182][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  209.981730][ T8992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  210.000962][ T8992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.018707][ T8992] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.036655][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  210.050119][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  210.064259][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  210.079915][ T8992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  210.095912][ T8992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.111006][ T8992] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.129797][ T8996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  210.147149][ T8996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.166834][ T8996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  210.191327][ T8996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.213362][ T8996] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.226687][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  210.239214][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  210.251602][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  210.267526][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  210.390032][ T8996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  210.415476][ T8996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.435786][ T8996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  210.469525][ T8996] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.527316][ T8996] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.567061][ T8994] device veth0_macvtap entered promiscuous mode
[  210.629637][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  210.658538][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  210.679528][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  210.710173][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  210.829290][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  210.875717][ T8994] device veth1_macvtap entered promiscuous mode
[  210.980950][   T40] audit: type=1400 audit(1595093054.396:48): avc:  denied  { associate } for  pid=8991 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  211.299868][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  211.354363][ T8991] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[  211.531353][   T40] audit: type=1400 audit(1595093054.946:49): avc:  denied  { open } for  pid=9020 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1
[  211.613200][   T40] audit: type=1400 audit(1595093054.946:50): avc:  denied  { perfmon } for  pid=9020 comm="syz-executor.0" capability=38  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1
[  211.709807][   T40] audit: type=1400 audit(1595093054.946:51): avc:  denied  { kernel } for  pid=9020 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1
[  211.824001][ T8994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
17:24:15 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0xd000}, @IFLA_IPTUN_ENCAP_SPORT={0x6}]}}}]}, 0x44}}, 0x0)

[  211.824011][   T40] audit: type=1400 audit(1595093054.946:52): avc:  denied  { confidentiality } for  pid=9020 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1
[  211.992955][ T8994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.031578][ T8994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  212.058118][ T8994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.082578][ T8994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  212.103290][ T8994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.127408][ T8994] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.154901][ T8994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
17:24:15 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0xd000}, @IFLA_IPTUN_ENCAP_SPORT={0x6}]}}}]}, 0x44}}, 0x0)

[  212.171675][ T8994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.254910][ T8994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  212.293671][ T8994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.320973][ T8994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  212.366132][ T8994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.416529][ T8994] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.443950][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  212.471905][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  212.497377][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  212.521441][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
17:24:15 executing program 3:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff})

17:24:16 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0xd000}, @IFLA_IPTUN_ENCAP_SPORT={0x6}]}}}]}, 0x44}}, 0x0)

17:24:16 executing program 3:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff})

17:24:16 executing program 0:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff})

[  212.820425][ T9043] ==================================================================
[  212.822265][ T9043] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400
[  212.822265][ T9043] Write of size 8 at addr ffffc90009681000 by task syz-executor.0/9043
[  212.822265][ T9043] 
[  212.822265][ T9043] CPU: 1 PID: 9043 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0
[  212.822265][ T9043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  212.822265][ T9043] Call Trace:
[  212.822265][ T9043]  dump_stack+0x18f/0x20d
[  212.822265][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.822265][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.822265][ T9043]  print_address_description.constprop.0.cold+0x5/0x436
[  212.822265][ T9043]  ? lockdep_hardirqs_off+0x66/0xa0
[  212.822265][ T9043]  ? vprintk_func+0x97/0x1a6
[  212.822265][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.822265][ T9043]  kasan_report.cold+0x1f/0x37
[  212.822265][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.822265][ T9043]  bitfill_aligned+0x34a/0x400
[  212.822265][ T9043]  sys_fillrect+0x408/0x7a0
[  212.822265][ T9043]  ? sys_fillrect+0x7a0/0x7a0
[  212.822265][ T9043]  drm_fb_helper_sys_fillrect+0x1e/0x190
[  212.822265][ T9043]  bit_clear_margins+0x2d5/0x4a0
[  212.822265][ T9043]  ? bit_bmove+0x210/0x210
[  212.822265][ T9043]  ? fb_get_color_depth+0x11a/0x240
[  212.822265][ T9043]  fbcon_clear_margins+0x1d5/0x230
[  212.822265][ T9043]  fbcon_switch+0xb6e/0x16c0
[  212.822265][ T9043]  ? fbcon_scroll+0x3600/0x3600
[  212.822265][ T9043]  ? fbcon_cursor+0x52b/0x650
[  212.822265][ T9043]  ? kmalloc_array.constprop.0+0x20/0x20
[  212.822265][ T9043]  ? is_console_locked+0x5/0x10
[  212.822265][ T9043]  ? fbcon_set_origin+0x26/0x50
[  212.822265][ T9043]  redraw_screen+0x2ae/0x770
[  212.822265][ T9043]  ? vc_init+0x440/0x440
[  212.822265][ T9043]  ? fb_get_color_depth+0x11a/0x240
[  212.822265][ T9043]  ? fbcon_set_palette+0x3a8/0x490
[  212.822265][ T9043]  fbcon_modechanged+0x575/0x710
[  212.822265][ T9043]  fbcon_update_vcs+0x3a/0x50
[  212.822265][ T9043]  fb_set_var+0xae8/0xd60
[  212.822265][ T9043]  ? fb_blank+0x190/0x190
[  212.822265][ T9043]  ? lock_release+0x8d0/0x8d0
[  212.822265][ T9043]  ? lock_is_held_type+0xb0/0xe0
[  212.822265][ T9043]  ? do_fb_ioctl+0x2f2/0x6c0
[  212.822265][ T9043]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[  212.822265][ T9043]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[  212.822265][ T9043]  ? trace_hardirqs_on+0x5f/0x220
[  212.822265][ T9043]  do_fb_ioctl+0x33f/0x6c0
[  212.822265][ T9043]  ? fb_set_suspend+0x1a0/0x1a0
[  212.822265][ T9043]  ? tomoyo_execute_permission+0x470/0x470
[  212.822265][ T9043]  ? lock_is_held_type+0xb0/0xe0
[  212.822265][ T9043]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  212.822265][ T9043]  ? do_vfs_ioctl+0x27d/0x1090
[  212.822265][ T9043]  ? __fget_files+0x294/0x400
[  212.822265][ T9043]  fb_ioctl+0xdd/0x130
[  212.822265][ T9043]  ? do_fb_ioctl+0x6c0/0x6c0
[  212.822265][ T9043]  ksys_ioctl+0x11a/0x180
[  212.822265][ T9043]  __x64_sys_ioctl+0x6f/0xb0
[  212.822265][ T9043]  ? lockdep_hardirqs_on+0x6a/0xe0
[  212.822265][ T9043]  do_syscall_64+0x60/0xe0
[  212.822265][ T9043]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  212.822265][ T9043] RIP: 0033:0x45c049
[  212.822265][ T9043] Code: Bad RIP value.
[  212.822265][ T9043] RSP: 002b:00007f593141fc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  212.822265][ T9043] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049
[  212.822265][ T9043] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  212.822265][ T9043] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000
[  212.822265][ T9043] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00
[  212.822265][ T9043] R13: 00007fff4c819fcf R14: 00007f5931400000 R15: 0000000000000003
[  212.822265][ T9043] 
[  212.822265][ T9043] 
[  212.822265][ T9043] Memory state around the buggy address:
[  212.822265][ T9043]  ffffc90009680f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  212.822265][ T9043]  ffffc90009680f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  212.822265][ T9043] >ffffc90009681000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  212.822265][ T9043]                    ^
[  212.822265][ T9043]  ffffc90009681080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  212.822265][ T9043]  ffffc90009681100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  212.822265][ T9043] ==================================================================
[  212.822265][ T9043] Disabling lock debugging due to kernel taint
[  212.830988][ T9043] Kernel panic - not syncing: panic_on_warn set ...
[  212.831089][ T9043] CPU: 1 PID: 9043 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  212.831094][ T9043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  212.831170][ T9043] Call Trace:
[  212.831312][ T9043]  dump_stack+0x18f/0x20d
[  212.831327][ T9043]  ? bitfill_aligned+0x290/0x400
[  212.831429][ T9043]  panic+0x2e3/0x75c
[  212.831441][ T9043]  ? __warn_printk+0xf3/0xf3
[  212.831457][ T9043]  ? preempt_schedule_common+0x59/0xc0
[  212.831468][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.831486][ T9043]  ? preempt_schedule_thunk+0x16/0x18
[  212.831498][ T9043]  ? trace_hardirqs_on+0x55/0x220
[  212.831514][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.831525][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.831537][ T9043]  end_report+0x4d/0x53
[  212.831547][ T9043]  kasan_report.cold+0xd/0x37
[  212.831562][ T9043]  ? bitfill_aligned+0x34a/0x400
[  212.831578][ T9043]  bitfill_aligned+0x34a/0x400
[  212.831589][ T9043]  sys_fillrect+0x408/0x7a0
[  212.831600][ T9043]  ? sys_fillrect+0x7a0/0x7a0
[  212.831616][ T9043]  drm_fb_helper_sys_fillrect+0x1e/0x190
[  212.831627][ T9043]  bit_clear_margins+0x2d5/0x4a0
[  212.831638][ T9043]  ? bit_bmove+0x210/0x210
[  212.831654][ T9043]  ? fb_get_color_depth+0x11a/0x240
[  212.831665][ T9043]  fbcon_clear_margins+0x1d5/0x230
[  212.831676][ T9043]  fbcon_switch+0xb6e/0x16c0
[  212.831687][ T9043]  ? fbcon_scroll+0x3600/0x3600
[  212.831697][ T9043]  ? fbcon_cursor+0x52b/0x650
[  212.831705][ T9043]  ? kmalloc_array.constprop.0+0x20/0x20
[  212.831714][ T9043]  ? is_console_locked+0x5/0x10
[  212.831725][ T9043]  ? fbcon_set_origin+0x26/0x50
[  212.831736][ T9043]  redraw_screen+0x2ae/0x770
[  212.831749][ T9043]  ? vc_init+0x440/0x440
[  212.831756][ T9043]  ? fb_get_color_depth+0x11a/0x240
[  212.831768][ T9043]  ? fbcon_set_palette+0x3a8/0x490
[  212.831776][ T9043]  fbcon_modechanged+0x575/0x710
[  212.831785][ T9043]  fbcon_update_vcs+0x3a/0x50
[  212.831796][ T9043]  fb_set_var+0xae8/0xd60
[  212.831807][ T9043]  ? fb_blank+0x190/0x190
[  212.831824][ T9043]  ? lock_release+0x8d0/0x8d0
[  212.831837][ T9043]  ? lock_is_held_type+0xb0/0xe0
[  212.831852][ T9043]  ? do_fb_ioctl+0x2f2/0x6c0
[  212.831865][ T9043]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[  212.831880][ T9043]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[  212.831892][ T9043]  ? trace_hardirqs_on+0x5f/0x220
[  212.831903][ T9043]  do_fb_ioctl+0x33f/0x6c0
[  212.831914][ T9043]  ? fb_set_suspend+0x1a0/0x1a0
[  212.831926][ T9043]  ? tomoyo_execute_permission+0x470/0x470
[  212.831940][ T9043]  ? lock_is_held_type+0xb0/0xe0
[  212.831953][ T9043]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  212.831965][ T9043]  ? do_vfs_ioctl+0x27d/0x1090
[  212.831977][ T9043]  ? __fget_files+0x294/0x400
[  212.831988][ T9043]  fb_ioctl+0xdd/0x130
[  212.831999][ T9043]  ? do_fb_ioctl+0x6c0/0x6c0
[  212.832009][ T9043]  ksys_ioctl+0x11a/0x180
[  212.832019][ T9043]  __x64_sys_ioctl+0x6f/0xb0
[  212.832029][ T9043]  ? lockdep_hardirqs_on+0x6a/0xe0
[  212.832041][ T9043]  do_syscall_64+0x60/0xe0
[  212.832052][ T9043]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  212.832119][ T9043] RIP: 0033:0x45c049
[  212.832122][ T9043] Code: Bad RIP value.
[  212.832127][ T9043] RSP: 002b:00007f593141fc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  212.832134][ T9043] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049
[  212.832361][ T9043] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  212.832366][ T9043] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000
[  212.832371][ T9043] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00
[  212.832376][ T9043] R13: 00007fff4c819fcf R14: 00007f5931400000 R15: 0000000000000003
[  212.840384][ T9043] Kernel Offset: disabled
[  212.840384][ T9043] Rebooting in 86400 seconds..