Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. 2020/07/19 17:25:04 fuzzer started 2020/07/19 17:25:04 dialing manager at 10.128.0.26:33695 2020/07/19 17:25:05 syscalls: 3087 2020/07/19 17:25:05 code coverage: enabled 2020/07/19 17:25:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/19 17:25:05 extra coverage: enabled 2020/07/19 17:25:05 setuid sandbox: enabled 2020/07/19 17:25:05 namespace sandbox: enabled 2020/07/19 17:25:05 Android sandbox: enabled 2020/07/19 17:25:05 fault injection: enabled 2020/07/19 17:25:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/19 17:25:05 net packet injection: enabled 2020/07/19 17:25:05 net device setup: enabled 2020/07/19 17:25:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/19 17:25:05 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/19 17:25:05 USB emulation: /dev/raw-gadget does not exist 17:27:50 executing program 0: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x100000011, @multicast1, 0x4e22, 0x0, 'wrr\x00', 0x12}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x15000000000000, 0x485, 0x0, 0x0) syzkaller login: [ 296.692231][ T32] audit: type=1400 audit(1595179670.348:8): avc: denied { execmem } for pid=8470 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 297.065696][ T8471] IPVS: ftp: loaded support on port[0] = 21 [ 297.367050][ T8471] chnl_net:caif_netlink_parms(): no params data found [ 297.632385][ T8471] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.640204][ T8471] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.649701][ T8471] device bridge_slave_0 entered promiscuous mode [ 297.663882][ T8471] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.671485][ T8471] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.681088][ T8471] device bridge_slave_1 entered promiscuous mode [ 297.734956][ T8471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.752902][ T8471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.807470][ T8471] team0: Port device team_slave_0 added [ 297.819151][ T8471] team0: Port device team_slave_1 added [ 297.866946][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.874593][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.901712][ T8471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.916824][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.924648][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.950688][ T8471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.055539][ T8471] device hsr_slave_0 entered promiscuous mode [ 298.088745][ T8471] device hsr_slave_1 entered promiscuous mode [ 298.567656][ T8471] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 298.626046][ T8471] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 298.685506][ T8471] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 298.905995][ T8471] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 299.111293][ T8471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.148253][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 299.157815][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 299.174445][ T8471] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.195862][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 299.206096][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 299.215530][ T3090] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.222819][ T3090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.236496][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 299.268937][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 299.279107][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 299.288670][ T4870] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.295876][ T4870] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.349678][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 299.360507][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 299.386593][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 299.397098][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 299.424381][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 299.434197][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 299.444828][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 299.476351][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 299.486476][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 299.496194][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 299.506311][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 299.523031][ T8471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 299.580478][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 299.588315][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 299.611683][ T8471] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.660320][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 299.670382][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 299.713919][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 299.723610][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 299.743119][ T8471] device veth0_vlan entered promiscuous mode [ 299.767934][ T8471] device veth1_vlan entered promiscuous mode [ 299.778129][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 299.787637][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 299.796687][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 299.863067][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 299.872624][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 299.882712][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 299.900544][ T8471] device veth0_macvtap entered promiscuous mode [ 299.918895][ T8471] device veth1_macvtap entered promiscuous mode [ 299.957981][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.965805][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 299.978596][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 299.988159][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 299.998254][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 300.025638][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.059417][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 300.069616][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 300.506268][ T8693] IPVS: ip_vs_svc_hash(): request for already hashed, called from do_ip_vs_set_ctl+0x269f/0x2c70 [ 300.520677][ T8693] IPVS: ip_vs_svc_hash(): request for already hashed, called from do_ip_vs_set_ctl+0x269f/0x2c70 17:27:54 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000200)={0x12, 0x10, 0xfa00, {&(0x7f00000000c0), r2, r0}}, 0x5b) 17:27:54 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000002c0)='cpuset.sched_load_balance\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000300)='0', 0x1}], 0x1) [ 301.150960][ T8706] new mount options do not match the existing superblock, will be ignored [ 301.220098][ T8706] new mount options do not match the existing superblock, will be ignored 17:27:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000240)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f00000001c0)=0xc) prctl$PR_SET_PTRACER(0x59616d61, r2) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) tkill(r3, 0xb) ptrace$setopts(0x4206, r3, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) 17:27:55 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000001980)={0x9, 0x2, 0x2}) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc044565d, &(0x7f0000000100)={0x0, 0x2, 0x0, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7aa65ae7"}, 0x0, 0x2, @userptr=0x81a0000, 0x96000}) [ 301.848001][ C0] hrtimer: interrupt took 46661 ns [ 301.873205][ T8720] use of bytesused == 0 is deprecated and will be removed in the future, [ 301.882640][ T8720] use the actual size instead. [ 302.042000][ T8720] ===================================================== [ 302.049091][ T8720] BUG: KMSAN: uninit-value in kmsan_check_memory+0xd/0x10 [ 302.056235][ T8720] CPU: 0 PID: 8720 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 302.064817][ T8720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.074873][ T8720] Call Trace: [ 302.078173][ T8720] dump_stack+0x1df/0x240 [ 302.082514][ T8720] kmsan_report+0xf7/0x1e0 [ 302.086939][ T8720] kmsan_internal_check_memory+0x238/0x3d0 [ 302.092747][ T8720] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 302.098913][ T8720] kmsan_check_memory+0xd/0x10 [ 302.103681][ T8720] _copy_to_user+0x100/0x1d0 [ 302.108376][ T8720] video_usercopy+0x248a/0x2c00 [ 302.113258][ T8720] ? idle_cpu+0x9a/0x1d0 [ 302.117514][ T8720] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 302.123701][ T8720] video_ioctl2+0x9f/0xb0 [ 302.128047][ T8720] ? video_usercopy+0x2c00/0x2c00 [ 302.133075][ T8720] v4l2_ioctl+0x23f/0x270 [ 302.137431][ T8720] ? v4l2_poll+0x400/0x400 [ 302.141937][ T8720] do_video_ioctl+0x5eb6/0x10f20 [ 302.146904][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.152108][ T8720] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 302.157925][ T8720] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 302.163997][ T8720] ? do_vfs_ioctl+0x10c7/0x2f50 [ 302.168854][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.174054][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.179259][ T8720] ? v4l2_poll+0x340/0x400 [ 302.183677][ T8720] v4l2_compat_ioctl32+0x2b7/0x320 [ 302.188796][ T8720] ? v4l2_fill_pixfmt+0x860/0x860 [ 302.193830][ T8720] __se_compat_sys_ioctl+0x57c/0xed0 [ 302.199127][ T8720] ? kmsan_get_metadata+0x4f/0x180 [ 302.204249][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.209450][ T8720] ? compat_ptr_ioctl+0x150/0x150 [ 302.214477][ T8720] __ia32_compat_sys_ioctl+0x4a/0x70 [ 302.219771][ T8720] __do_fast_syscall_32+0x2aa/0x400 [ 302.225058][ T8720] do_fast_syscall_32+0x6b/0xd0 [ 302.229922][ T8720] do_SYSENTER_32+0x73/0x90 [ 302.234474][ T8720] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 302.240800][ T8720] RIP: 0023:0xf7f8a549 [ 302.244855][ T8720] Code: Bad RIP value. [ 302.248921][ T8720] RSP: 002b:00000000f5d850cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 302.257332][ T8720] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c044565d [ 302.265306][ T8720] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 302.273281][ T8720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 302.281255][ T8720] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 302.289223][ T8720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 302.297202][ T8720] [ 302.299527][ T8720] Local variable ----vb32.i@video_usercopy created at: [ 302.306377][ T8720] video_usercopy+0x20bd/0x2c00 [ 302.311222][ T8720] video_usercopy+0x20bd/0x2c00 [ 302.316058][ T8720] [ 302.318380][ T8720] Bytes 52-55 of 80 are uninitialized [ 302.323756][ T8720] Memory access of size 80 starts at ffffb6708162f950 [ 302.330511][ T8720] ===================================================== [ 302.337439][ T8720] Disabling lock debugging due to kernel taint [ 302.343584][ T8720] Kernel panic - not syncing: panic_on_warn set ... [ 302.350173][ T8720] CPU: 0 PID: 8720 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 302.360149][ T8720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.370212][ T8720] Call Trace: [ 302.373513][ T8720] dump_stack+0x1df/0x240 [ 302.377848][ T8720] panic+0x3d5/0xc3e [ 302.381764][ T8720] kmsan_report+0x1df/0x1e0 [ 302.386270][ T8720] kmsan_internal_check_memory+0x238/0x3d0 [ 302.392079][ T8720] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 302.398248][ T8720] kmsan_check_memory+0xd/0x10 [ 302.403019][ T8720] _copy_to_user+0x100/0x1d0 [ 302.407616][ T8720] video_usercopy+0x248a/0x2c00 [ 302.412493][ T8720] ? idle_cpu+0x9a/0x1d0 [ 302.416746][ T8720] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 302.422903][ T8720] video_ioctl2+0x9f/0xb0 [ 302.427235][ T8720] ? video_usercopy+0x2c00/0x2c00 [ 302.432259][ T8720] v4l2_ioctl+0x23f/0x270 [ 302.436588][ T8720] ? v4l2_poll+0x400/0x400 [ 302.441000][ T8720] do_video_ioctl+0x5eb6/0x10f20 [ 302.445955][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.451154][ T8720] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 302.456963][ T8720] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 302.463032][ T8720] ? do_vfs_ioctl+0x10c7/0x2f50 [ 302.467883][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.473083][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.478288][ T8720] ? v4l2_poll+0x340/0x400 [ 302.482707][ T8720] v4l2_compat_ioctl32+0x2b7/0x320 [ 302.487822][ T8720] ? v4l2_fill_pixfmt+0x860/0x860 [ 302.492849][ T8720] __se_compat_sys_ioctl+0x57c/0xed0 [ 302.498139][ T8720] ? kmsan_get_metadata+0x4f/0x180 [ 302.503256][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.508454][ T8720] ? compat_ptr_ioctl+0x150/0x150 [ 302.513484][ T8720] __ia32_compat_sys_ioctl+0x4a/0x70 [ 302.518773][ T8720] __do_fast_syscall_32+0x2aa/0x400 [ 302.523982][ T8720] do_fast_syscall_32+0x6b/0xd0 [ 302.528848][ T8720] do_SYSENTER_32+0x73/0x90 [ 302.533356][ T8720] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 302.539681][ T8720] RIP: 0023:0xf7f8a549 [ 302.543739][ T8720] Code: Bad RIP value. [ 302.547799][ T8720] RSP: 002b:00000000f5d850cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 302.556210][ T8720] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c044565d [ 302.564189][ T8720] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 302.572174][ T8720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 302.580146][ T8720] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 302.588116][ T8720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 302.596714][ T8720] ------------[ cut here ]------------ [ 302.602158][ T8720] kernel BUG at mm/kmsan/kmsan.h:87! [ 302.607426][ T8720] invalid opcode: 0000 [#1] SMP [ 302.612253][ T8720] CPU: 0 PID: 8720 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 302.622195][ T8720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.632238][ T8720] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 302.638802][ T8720] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 ea 03 aa bd 31 c0 e8 81 fe 44 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 32 3f 8c 0c 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 302.658385][ T8720] RSP: 0018:ffffb6708162f2c8 EFLAGS: 00010046 [ 302.664489][ T8720] RAX: 0000000000000002 RBX: 0000000004f50116 RCX: 0000000004f50116 [ 302.672437][ T8720] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffb6708162f3a4 [ 302.680387][ T8720] RBP: ffffb6708162f370 R08: 0000000000000000 R09: ffffa417efc28210 [ 302.688338][ T8720] R10: 0000000000000000 R11: ffffffffb4802730 R12: 0000000000000000 [ 302.696285][ T8720] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 302.704238][ T8720] FS: 0000000000000000(0000) GS:ffffa417efc00000(0063) knlGS:00000000f5d85b40 [ 302.713145][ T8720] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 302.719708][ T8720] CR2: 0000562e84115f70 CR3: 000000005dea5000 CR4: 00000000001406f0 [ 302.727662][ T8720] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 302.735612][ T8720] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 302.743561][ T8720] Call Trace: [ 302.746840][ T8720] kmsan_check_memory+0xd/0x10 [ 302.751583][ T8720] iowrite8+0x99/0x2e0 [ 302.755636][ T8720] pvpanic_panic_notify+0x99/0xc0 [ 302.760645][ T8720] ? pvpanic_mmio_remove+0x60/0x60 [ 302.765738][ T8720] atomic_notifier_call_chain+0x130/0x250 [ 302.771492][ T8720] panic+0x468/0xc3e [ 302.775379][ T8720] kmsan_report+0x1df/0x1e0 [ 302.779860][ T8720] kmsan_internal_check_memory+0x238/0x3d0 [ 302.785645][ T8720] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 302.791791][ T8720] kmsan_check_memory+0xd/0x10 [ 302.796535][ T8720] _copy_to_user+0x100/0x1d0 [ 302.801109][ T8720] video_usercopy+0x248a/0x2c00 [ 302.805952][ T8720] ? idle_cpu+0x9a/0x1d0 [ 302.810180][ T8720] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 302.818446][ T8720] video_ioctl2+0x9f/0xb0 [ 302.822756][ T8720] ? video_usercopy+0x2c00/0x2c00 [ 302.827755][ T8720] v4l2_ioctl+0x23f/0x270 [ 302.832065][ T8720] ? v4l2_poll+0x400/0x400 [ 302.836459][ T8720] do_video_ioctl+0x5eb6/0x10f20 [ 302.841387][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.846565][ T8720] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 302.852349][ T8720] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 302.858394][ T8720] ? do_vfs_ioctl+0x10c7/0x2f50 [ 302.863223][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.868403][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.873580][ T8720] ? v4l2_poll+0x340/0x400 [ 302.877975][ T8720] v4l2_compat_ioctl32+0x2b7/0x320 [ 302.883068][ T8720] ? v4l2_fill_pixfmt+0x860/0x860 [ 302.888074][ T8720] __se_compat_sys_ioctl+0x57c/0xed0 [ 302.893340][ T8720] ? kmsan_get_metadata+0x4f/0x180 [ 302.898433][ T8720] ? kmsan_get_metadata+0x11d/0x180 [ 302.903608][ T8720] ? compat_ptr_ioctl+0x150/0x150 [ 302.908612][ T8720] __ia32_compat_sys_ioctl+0x4a/0x70 [ 302.913876][ T8720] __do_fast_syscall_32+0x2aa/0x400 [ 302.919083][ T8720] do_fast_syscall_32+0x6b/0xd0 [ 302.923914][ T8720] do_SYSENTER_32+0x73/0x90 [ 302.928401][ T8720] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 302.934815][ T8720] RIP: 0023:0xf7f8a549 [ 302.938874][ T8720] Code: Bad RIP value. [ 302.942934][ T8720] RSP: 002b:00000000f5d850cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 302.951330][ T8720] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c044565d [ 302.959279][ T8720] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 302.967226][ T8720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 302.975177][ T8720] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 302.983127][ T8720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 302.991091][ T8720] Modules linked in: [ 302.994971][ T8720] ---[ end trace 5fb5cffa67e98352 ]--- [ 303.000412][ T8720] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 303.006978][ T8720] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 ea 03 aa bd 31 c0 e8 81 fe 44 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 32 3f 8c 0c 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 303.026606][ T8720] RSP: 0018:ffffb6708162f2c8 EFLAGS: 00010046 [ 303.032649][ T8720] RAX: 0000000000000002 RBX: 0000000004f50116 RCX: 0000000004f50116 [ 303.040599][ T8720] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffb6708162f3a4 [ 303.048551][ T8720] RBP: ffffb6708162f370 R08: 0000000000000000 R09: ffffa417efc28210 [ 303.056501][ T8720] R10: 0000000000000000 R11: ffffffffb4802730 R12: 0000000000000000 [ 303.064450][ T8720] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 303.072403][ T8720] FS: 0000000000000000(0000) GS:ffffa417efc00000(0063) knlGS:00000000f5d85b40 [ 303.081308][ T8720] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 303.087869][ T8720] CR2: 0000562e84115f70 CR3: 000000005dea5000 CR4: 00000000001406f0 [ 303.095820][ T8720] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 303.103770][ T8720] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 303.111718][ T8720] Kernel panic - not syncing: Fatal exception [ 303.118471][ T8720] Kernel Offset: 0x2e400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 303.130083][ T8720] Rebooting in 86400 seconds..