Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 2020/09/12 11:02:27 fuzzer started 2020/09/12 11:02:28 dialing manager at 10.128.0.26:46195 2020/09/12 11:02:28 syscalls: 3317 2020/09/12 11:02:28 code coverage: enabled 2020/09/12 11:02:28 comparison tracing: enabled 2020/09/12 11:02:28 extra coverage: enabled 2020/09/12 11:02:28 setuid sandbox: enabled 2020/09/12 11:02:28 namespace sandbox: enabled 2020/09/12 11:02:28 Android sandbox: enabled 2020/09/12 11:02:28 fault injection: enabled 2020/09/12 11:02:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/12 11:02:28 net packet injection: enabled 2020/09/12 11:02:28 net device setup: enabled 2020/09/12 11:02:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/12 11:02:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/12 11:02:28 USB emulation: enabled 2020/09/12 11:02:28 hci packet injection: enabled 11:06:11 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VFIO_IOMMU_GET_INFO(0xffffffffffffffff, 0x3b70, 0x0) sysinfo(&(0x7f0000000240)=""/4096) r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000001980)={0x9, 0x2, 0x2}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r1, 0x0, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r0, 0xc044565d, &(0x7f0000000100)={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7aa65ae7"}, 0x0, 0x2, @userptr=0x81a0000, 0x96000}) r2 = socket(0x21, 0x2, 0x2) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001280)={0x0, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x110, 0x2, 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4dd}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4) r3 = socket(0x21, 0x2, 0x2) setsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x110, 0x2, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x10000) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @private=0xa010100}, 0x10) syzkaller login: [ 396.553903][ T28] audit: type=1400 audit(1599908771.173:8): avc: denied { execmem } for pid=8491 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 398.041947][ T8492] IPVS: ftp: loaded support on port[0] = 21 [ 398.600899][ T8492] chnl_net:caif_netlink_parms(): no params data found [ 398.857819][ T8492] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.866101][ T8492] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.875951][ T8492] device bridge_slave_0 entered promiscuous mode [ 398.936964][ T8492] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.945234][ T8492] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.955162][ T8492] device bridge_slave_1 entered promiscuous mode [ 399.021006][ T8492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 399.045666][ T8492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 399.128342][ T8492] team0: Port device team_slave_0 added [ 399.144143][ T8492] team0: Port device team_slave_1 added [ 399.199773][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 399.207185][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.233423][ T8492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 399.250621][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 399.257908][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.285693][ T8492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 399.360508][ T8492] device hsr_slave_0 entered promiscuous mode [ 399.373260][ T8492] device hsr_slave_1 entered promiscuous mode [ 399.709958][ T8492] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 399.745814][ T8492] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 399.784539][ T8492] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 399.825827][ T8492] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 400.003593][ T8667] Bluetooth: hci0: command 0x0409 tx timeout [ 400.160963][ T8492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.199488][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 400.208768][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 400.232171][ T8492] 8021q: adding VLAN 0 to HW filter on device team0 [ 400.264509][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 400.276293][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 400.285929][ T3773] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.293261][ T3773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.315665][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 400.325389][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 400.335514][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 400.346029][ T3773] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.353347][ T3773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.374093][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 400.421612][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 400.443808][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 400.454441][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 400.485132][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 400.495156][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 400.505944][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 400.553963][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 400.563918][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 400.573246][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 400.582238][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 400.599010][ T8492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 400.666836][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 400.674602][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 400.717236][ T8492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 400.794328][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 400.804614][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 400.879316][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 400.889201][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 400.915983][ T8492] device veth0_vlan entered promiscuous mode [ 400.926574][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 400.936841][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 400.981444][ T8492] device veth1_vlan entered promiscuous mode [ 401.075270][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 401.085196][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 401.094839][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 401.105102][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 401.130591][ T8492] device veth0_macvtap entered promiscuous mode [ 401.178339][ T8492] device veth1_macvtap entered promiscuous mode [ 401.244268][ T8492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.252250][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 401.262012][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 401.271761][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 401.282141][ T3773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 401.313466][ T8492] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 401.321052][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 401.331169][ T8667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 401.788435][ C0] hrtimer: interrupt took 48282 ns [ 401.911302][ T8718] ===================================================== [ 401.918452][ T8718] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 [ 401.925936][ T8718] CPU: 0 PID: 8718 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 401.934531][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.944595][ T8718] Call Trace: [ 401.947974][ T8718] dump_stack+0x21c/0x280 [ 401.952336][ T8718] kmsan_report+0xf7/0x1e0 [ 401.956787][ T8718] kmsan_internal_check_memory+0x238/0x3d0 [ 401.962661][ T8718] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 401.968871][ T8718] kmsan_copy_to_user+0x81/0x90 [ 401.973789][ T8718] _copy_to_user+0x1d2/0x2b0 [ 401.978460][ T8718] video_usercopy+0x24a9/0x3140 [ 401.983335][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 401.988669][ T8718] ? sysvec_apic_timer_interrupt+0x11e/0x130 [ 401.994708][ T8718] video_ioctl2+0x9f/0xb0 [ 401.999063][ T8718] ? video_usercopy+0x3140/0x3140 [ 402.004123][ T8718] v4l2_ioctl+0x255/0x290 [ 402.008484][ T8718] ? v4l2_poll+0x440/0x440 [ 402.012971][ T8718] do_video_ioctl+0x66b5/0x189c0 [ 402.017934][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.023160][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.028996][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.034860][ T8718] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 402.041041][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.046262][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.052091][ T8718] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 402.058180][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.063404][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.068635][ T8718] v4l2_compat_ioctl32+0x2c0/0x370 [ 402.073773][ T8718] ? v4l2_fill_pixfmt+0xa10/0xa10 [ 402.078898][ T8718] __se_compat_sys_ioctl+0x55f/0x1100 [ 402.084318][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.089544][ T8718] __ia32_compat_sys_ioctl+0x4a/0x70 [ 402.094878][ T8718] __do_fast_syscall_32+0x2af/0x480 [ 402.100112][ T8718] do_fast_syscall_32+0x6b/0xd0 [ 402.104989][ T8718] do_SYSENTER_32+0x73/0x90 [ 402.109516][ T8718] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 402.115861][ T8718] RIP: 0023:0xf7f6d549 [ 402.119937][ T8718] Code: Bad RIP value. [ 402.124011][ T8718] RSP: 002b:00000000f55670cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 402.132542][ T8718] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c044565d [ 402.140541][ T8718] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 402.148525][ T8718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 402.156511][ T8718] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 402.164495][ T8718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 402.172492][ T8718] [ 402.174828][ T8718] Local variable ----vb32.i@video_usercopy created at: [ 402.181691][ T8718] video_usercopy+0x20d7/0x3140 [ 402.186555][ T8718] video_usercopy+0x20d7/0x3140 [ 402.191407][ T8718] [ 402.193749][ T8718] Bytes 52-55 of 80 are uninitialized [ 402.199123][ T8718] Memory access of size 80 starts at ffff8880543838f0 [ 402.205884][ T8718] Data copied to user address 00000000f5567070 [ 402.212038][ T8718] ===================================================== [ 402.218970][ T8718] Disabling lock debugging due to kernel taint [ 402.225126][ T8718] Kernel panic - not syncing: panic_on_warn set ... [ 402.231734][ T8718] CPU: 0 PID: 8718 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 402.241709][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.251774][ T8718] Call Trace: [ 402.255102][ T8718] dump_stack+0x21c/0x280 [ 402.259523][ T8718] panic+0x4d7/0xef7 [ 402.263466][ T8718] ? add_taint+0x17c/0x210 [ 402.267910][ T8718] kmsan_report+0x1df/0x1e0 [ 402.272450][ T8718] kmsan_internal_check_memory+0x238/0x3d0 [ 402.278278][ T8718] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 402.284466][ T8718] kmsan_copy_to_user+0x81/0x90 [ 402.289362][ T8718] _copy_to_user+0x1d2/0x2b0 [ 402.293993][ T8718] video_usercopy+0x24a9/0x3140 [ 402.298863][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.304146][ T8718] ? sysvec_apic_timer_interrupt+0x11e/0x130 [ 402.310167][ T8718] video_ioctl2+0x9f/0xb0 [ 402.314518][ T8718] ? video_usercopy+0x3140/0x3140 [ 402.319556][ T8718] v4l2_ioctl+0x255/0x290 [ 402.323918][ T8718] ? v4l2_poll+0x440/0x440 [ 402.328360][ T8718] do_video_ioctl+0x66b5/0x189c0 [ 402.333316][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.338532][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.344362][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.350224][ T8718] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 402.356307][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.361525][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.367349][ T8718] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 402.373454][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.378671][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.383917][ T8718] v4l2_compat_ioctl32+0x2c0/0x370 [ 402.389065][ T8718] ? v4l2_fill_pixfmt+0xa10/0xa10 [ 402.394104][ T8718] __se_compat_sys_ioctl+0x55f/0x1100 [ 402.399515][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.404736][ T8718] __ia32_compat_sys_ioctl+0x4a/0x70 [ 402.410047][ T8718] __do_fast_syscall_32+0x2af/0x480 [ 402.415275][ T8718] do_fast_syscall_32+0x6b/0xd0 [ 402.420151][ T8718] do_SYSENTER_32+0x73/0x90 [ 402.424680][ T8718] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 402.431020][ T8718] RIP: 0023:0xf7f6d549 [ 402.435087][ T8718] Code: Bad RIP value. [ 402.439160][ T8718] RSP: 002b:00000000f55670cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 402.447582][ T8718] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c044565d [ 402.455565][ T8718] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 402.463548][ T8718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 402.471530][ T8718] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 402.479512][ T8718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 402.488000][ T8718] ------------[ cut here ]------------ [ 402.493448][ T8718] kernel BUG at mm/kmsan/kmsan.h:87! [ 402.498730][ T8718] invalid opcode: 0000 [#1] SMP [ 402.503568][ T8718] CPU: 0 PID: 8718 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 402.513515][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.523580][ T8718] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 402.530151][ T8718] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 f0 64 e1 91 31 c0 e8 e8 e1 2f ff 0f 0b 0f 0b 0f 0b 0f 0b e8 62 21 b2 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 402.549911][ T8718] RSP: 0018:ffff888054383228 EFLAGS: 00010046 [ 402.555964][ T8718] RAX: 0000000000000002 RBX: 00000000072f0123 RCX: 00000000072f0123 [ 402.563932][ T8718] RDX: 0000000000000000 RSI: 0000000000000140 RDI: ffff88805438330c [ 402.571896][ T8718] RBP: ffff8880543832d0 R08: ffffea000000000f R09: ffff88812fffa000 [ 402.579852][ T8718] R10: 0000000000000002 R11: ffff88812d3b3d00 R12: 0000000000000000 [ 402.587806][ T8718] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 402.595771][ T8718] FS: 0000000000000000(0000) GS:ffff88812fc00000(0063) knlGS:00000000f5567b40 [ 402.604678][ T8718] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 402.611257][ T8718] CR2: 0000000000000000 CR3: 0000000054347000 CR4: 00000000001406f0 [ 402.619213][ T8718] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 402.627168][ T8718] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 402.635131][ T8718] Call Trace: [ 402.638441][ T8718] kmsan_check_memory+0xd/0x10 [ 402.643192][ T8718] iowrite8+0x99/0x300 [ 402.647325][ T8718] pvpanic_panic_notify+0xb7/0xe0 [ 402.652342][ T8718] ? pvpanic_mmio_remove+0x60/0x60 [ 402.657468][ T8718] atomic_notifier_call_chain+0x123/0x290 [ 402.663186][ T8718] panic+0x560/0xef7 [ 402.667083][ T8718] ? add_taint+0x17c/0x210 [ 402.671502][ T8718] kmsan_report+0x1df/0x1e0 [ 402.676004][ T8718] kmsan_internal_check_memory+0x238/0x3d0 [ 402.681800][ T8718] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 402.687969][ T8718] kmsan_copy_to_user+0x81/0x90 [ 402.692811][ T8718] _copy_to_user+0x1d2/0x2b0 [ 402.697425][ T8718] video_usercopy+0x24a9/0x3140 [ 402.702282][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.707505][ T8718] ? sysvec_apic_timer_interrupt+0x11e/0x130 [ 402.713504][ T8718] video_ioctl2+0x9f/0xb0 [ 402.717822][ T8718] ? video_usercopy+0x3140/0x3140 [ 402.722834][ T8718] v4l2_ioctl+0x255/0x290 [ 402.727178][ T8718] ? v4l2_poll+0x440/0x440 [ 402.731581][ T8718] do_video_ioctl+0x66b5/0x189c0 [ 402.736512][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.741712][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.747508][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.753315][ T8718] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 402.759368][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.764566][ T8718] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.770361][ T8718] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 402.776413][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.781613][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.786817][ T8718] v4l2_compat_ioctl32+0x2c0/0x370 [ 402.791923][ T8718] ? v4l2_fill_pixfmt+0xa10/0xa10 [ 402.796933][ T8718] __se_compat_sys_ioctl+0x55f/0x1100 [ 402.802300][ T8718] ? kmsan_get_metadata+0x116/0x180 [ 402.807487][ T8718] __ia32_compat_sys_ioctl+0x4a/0x70 [ 402.812775][ T8718] __do_fast_syscall_32+0x2af/0x480 [ 402.817989][ T8718] do_fast_syscall_32+0x6b/0xd0 [ 402.822828][ T8718] do_SYSENTER_32+0x73/0x90 [ 402.827329][ T8718] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 402.833636][ T8718] RIP: 0023:0xf7f6d549 [ 402.837683][ T8718] Code: Bad RIP value. [ 402.841726][ T8718] RSP: 002b:00000000f55670cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 402.850119][ T8718] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c044565d [ 402.858087][ T8718] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 402.866198][ T8718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 402.874153][ T8718] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 402.882109][ T8718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 402.890073][ T8718] Modules linked in: [ 402.893962][ T8718] ---[ end trace ae332989503ddace ]--- [ 402.899410][ T8718] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 402.905980][ T8718] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 f0 64 e1 91 31 c0 e8 e8 e1 2f ff 0f 0b 0f 0b 0f 0b 0f 0b e8 62 21 b2 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 402.925567][ T8718] RSP: 0018:ffff888054383228 EFLAGS: 00010046 [ 402.931617][ T8718] RAX: 0000000000000002 RBX: 00000000072f0123 RCX: 00000000072f0123 [ 402.939569][ T8718] RDX: 0000000000000000 RSI: 0000000000000140 RDI: ffff88805438330c [ 402.947523][ T8718] RBP: ffff8880543832d0 R08: ffffea000000000f R09: ffff88812fffa000 [ 402.955484][ T8718] R10: 0000000000000002 R11: ffff88812d3b3d00 R12: 0000000000000000 [ 402.963436][ T8718] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 402.971394][ T8718] FS: 0000000000000000(0000) GS:ffff88812fc00000(0063) knlGS:00000000f5567b40 [ 402.980303][ T8718] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 402.986875][ T8718] CR2: 0000000000000000 CR3: 0000000054347000 CR4: 00000000001406f0 [ 402.994832][ T8718] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 403.002803][ T8718] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 403.010756][ T8718] Kernel panic - not syncing: Fatal exception [ 403.017413][ T8718] Kernel Offset: disabled [ 403.021738][ T8718] Rebooting in 86400 seconds..