[ OK ] Found device /dev/ttyS0. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started System Logging Service. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. 2020/08/07 20:13:39 fuzzer started 2020/08/07 20:13:40 dialing manager at 10.128.0.26:45451 2020/08/07 20:13:40 syscalls: 3255 2020/08/07 20:13:40 code coverage: enabled 2020/08/07 20:13:40 comparison tracing: enabled 2020/08/07 20:13:40 extra coverage: enabled 2020/08/07 20:13:40 setuid sandbox: enabled 2020/08/07 20:13:40 namespace sandbox: enabled 2020/08/07 20:13:40 Android sandbox: enabled 2020/08/07 20:13:40 fault injection: enabled 2020/08/07 20:13:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/07 20:13:40 net packet injection: enabled 2020/08/07 20:13:40 net device setup: enabled 2020/08/07 20:13:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/07 20:13:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/07 20:13:40 USB emulation: enabled 2020/08/07 20:13:40 hci packet injection: enabled 20:15:47 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) syzkaller login: [ 285.493138][ T28] audit: type=1400 audit(1596831347.466:8): avc: denied { execmem } for pid=8492 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 285.841484][ T8493] IPVS: ftp: loaded support on port[0] = 21 [ 286.134477][ T8493] chnl_net:caif_netlink_parms(): no params data found [ 286.280475][ T8493] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.287881][ T8493] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.297416][ T8493] device bridge_slave_0 entered promiscuous mode [ 286.316857][ T8493] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.324145][ T8493] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.334167][ T8493] device bridge_slave_1 entered promiscuous mode [ 286.387549][ T8493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.404216][ T8493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.454504][ T8493] team0: Port device team_slave_0 added [ 286.468124][ T8493] team0: Port device team_slave_1 added [ 286.516138][ T8493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 286.523283][ T8493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.549530][ T8493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 286.630333][ T8493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 286.637551][ T8493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.663812][ T8493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 286.725323][ T8493] device hsr_slave_0 entered promiscuous mode [ 286.737767][ T8493] device hsr_slave_1 entered promiscuous mode [ 287.003694][ T8493] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 287.023060][ T8493] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 287.041708][ T8493] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 287.062133][ T8493] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 287.359672][ T8493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.395906][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 287.404729][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 287.431182][ T8493] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.453563][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 287.463443][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 287.473757][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.481131][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.528021][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 287.537910][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 287.547516][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.556910][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.564104][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.573250][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 287.584188][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 287.621225][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 287.633807][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 287.676804][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 287.686737][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 287.697221][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 287.707534][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.716984][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.737975][ T8493] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 287.750844][ T8493] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 287.779004][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 287.788645][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.827797][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 287.837851][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 287.867686][ T8493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 287.931321][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 287.941217][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 287.996869][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 288.006443][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 288.028773][ T8493] device veth0_vlan entered promiscuous mode [ 288.039023][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 288.040262][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 288.086554][ T8493] device veth1_vlan entered promiscuous mode [ 288.146226][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 288.155986][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 288.189058][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 288.199502][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 288.211923][ T8493] device veth0_macvtap entered promiscuous mode [ 288.233602][ T8493] device veth1_macvtap entered promiscuous mode [ 288.294394][ T8493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 288.302289][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 288.311496][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 288.320643][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 288.330173][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 288.361435][ T8493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.369904][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 288.379530][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 20:15:51 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:52 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:52 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:52 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:52 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:53 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:53 executing program 0: unshare(0x400) poll(&(0x7f0000000040)=[{}], 0x1, 0x0) 20:15:53 executing program 0: unshare(0x400) poll(&(0x7f0000000040)=[{}], 0x1, 0x0) [ 291.647405][ T26] Bluetooth: hci0: command 0x0409 tx timeout 20:15:53 executing program 0: unshare(0x400) poll(&(0x7f0000000040)=[{}], 0x1, 0x0) 20:15:53 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:54 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:54 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:54 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:54 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:54 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 20:15:55 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(0x0, 0x0, 0x0) 20:15:55 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(0x0, 0x0, 0x0) 20:15:55 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(0x0, 0x0, 0x0) 20:15:55 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040), 0x0, 0x0) [ 293.724732][ T8701] Bluetooth: hci0: command 0x041b tx timeout 20:15:55 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040), 0x0, 0x0) 20:15:56 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040), 0x0, 0x0) 20:15:56 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{}], 0x1, 0x0) 20:15:56 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{}], 0x1, 0x0) 20:15:56 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{}], 0x1, 0x0) 20:15:56 executing program 0: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x103140, 0x0) 20:15:56 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000006000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ed3d09a5f75037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760d0a5f032341a2d7cbdb9cd38bdb2ca8e050000003a41a475d11c49487af0a8678bc725a1e114817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c21476619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e6ea09c346dfebd31a08060000000200000000000000334d832302000000000000000e10d858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd3964663e88535c133f0130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc18cae2ed4b4390af9a9ceefd07e002cab5ebf8aad34732181feb215139f00007e8cb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fcc3d148f77eda3cac94c8fd033c3dec04b25dfc17975238345d4f71af35910b158c36657b7218baaa7cbf781c0a99bd50499ccc421ace5e85efb5b9964e4beba3da8223fe5308e4e65ee93e1d92b9f99f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb00159830d7617001154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf754a56e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0600885f1ea8f2371b1f243e99fe33c3cdafda323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab9261503def3639ea69f5e4be1b8e0d6697e97186fc51439d670dba66e3279f73db9dec75070cd9ab0fd96b069ef6d2857b6bf955012cf7fe50d133d541da86e0477e4a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cad4ead134847425a6da2c8067ab743c1d82a5687f2ed6900000000000000000000000000000000000000000000996e291aa1503a601b3f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee4ccd8aeeda2919a4bff2ed893f20a6aba26cce2d4eedf356701c56051a9f748e5aaf10a10bd8c40889967a39d57e6565264e3d3f8e0048e55ae289ce2ad77c43c549737d6d79ce71d4dca0c"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x18000000000002a0, 0x43, 0x0, &(0x7f0000000280)="b9ff0300600d698c389e14f008001fffffff00004000633300ffe0000000e0e000000062050000002fbd53039e6aab84181aa500"/67, 0x0, 0xfc, 0x60000000, 0x0, 0x0, &(0x7f0000000140)="486e90decd837f7e62c4f903a15a12d35c31c761c1da726b54ccd47736cdde536c0b3e75ef5c913757491df3e38f5cc44e6847bdc594358967964f76aa9f31a6", &(0x7f0000000e00)="e2cf5bb7e5746a6740aebad755a0c2f42d131e1493afc9154aeae4ff8916e84fae2dbac6ba23acee58596467b1d68d886cf44ae164800edec75a809bcc514384c499930e5c18337dcbedb8e326b8b42e4ba1acb01b73cdcef9b719fb5ce7b547f9324fbebb24d0fd464fa10fd1fccf19f0f42441b5b27a5c93b29874c85ae55fd3cce1e8b903601c"}, 0x29) 20:15:57 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x1e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x3c, r1, 0x3e6d, 0x0, 0x0, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0x18, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x3c}}, 0x0) [ 295.805162][ T3217] Bluetooth: hci0: command 0x040f tx timeout 20:15:58 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) unshare(0x400) ioctl$VHOST_NET_SET_BACKEND(r0, 0x10, &(0x7f0000000000)) 20:15:58 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x1e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x3c, r1, 0x3e6d, 0x0, 0x0, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0x18, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x3c}}, 0x0) [ 297.147328][ T8837] IPVS: ftp: loaded support on port[0] = 21 20:15:59 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) pwrite64(r0, 0x0, 0x0, 0x0) [ 297.627986][ T8837] chnl_net:caif_netlink_parms(): no params data found [ 297.871098][ T8837] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.878733][ T8837] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.888047][ T8837] device bridge_slave_0 entered promiscuous mode [ 297.897714][ T8701] Bluetooth: hci0: command 0x0419 tx timeout 20:16:00 executing program 0 (fault-call:2 fault-nth:0): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) [ 297.992354][ T8837] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.999769][ T8837] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.009681][ T8837] device bridge_slave_1 entered promiscuous mode [ 298.101875][ T8837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 298.141094][ T8837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 298.246194][ T8837] team0: Port device team_slave_0 added [ 298.269125][ T8837] team0: Port device team_slave_1 added 20:16:00 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) [ 298.347191][ T8837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.354806][ T8837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.380924][ T8837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.455975][ T8837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.463039][ T8837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.489232][ T8837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 20:16:00 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1e, 0x0) [ 298.608257][ T8837] device hsr_slave_0 entered promiscuous mode [ 298.619831][ T8837] device hsr_slave_1 entered promiscuous mode [ 298.628932][ T8837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 298.637613][ T8837] Cannot create hsr debugfs directory 20:16:00 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x300, 0x0) 20:16:01 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) [ 299.157642][ T8837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 299.217375][ T8837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 299.275616][ T8837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 299.315676][ T8837] netdevsim netdevsim1 netdevsim3: renamed from eth3 20:16:01 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0xca9a3b) [ 299.710512][ T8837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.794750][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 299.803497][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 299.827675][ T8837] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.874913][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 299.885993][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 299.895377][ T3217] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.902610][ T3217] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.955177][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 299.964595][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 299.974274][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 299.983454][ T8701] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.990747][ T8701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.999705][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 300.010498][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 300.046461][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 300.057041][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 300.075275][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 300.085548][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 300.095802][ T8701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 300.114674][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 300.124541][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 300.148983][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 300.158859][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 300.181790][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 300.246514][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 300.254453][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 300.292908][ T8837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.368323][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 300.378201][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 300.440796][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 300.450709][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 300.465101][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 300.474690][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 300.498473][ T8837] device veth0_vlan entered promiscuous mode 20:16:02 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x3b9aca00) [ 300.542861][ T8837] device veth1_vlan entered promiscuous mode [ 300.575422][ T8797] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 300.660805][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 300.670380][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 300.694839][ T8837] device veth0_macvtap entered promiscuous mode [ 300.717164][ T8837] device veth1_macvtap entered promiscuous mode [ 300.810188][ T8837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 300.820699][ T8837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.833841][ T8837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.843817][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 300.852890][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 300.862161][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 300.871859][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 300.911862][ T8837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 300.922712][ T8837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 300.937025][ T8837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.944947][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 300.954697][ T3217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 20:16:03 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0xfefdffff) 20:16:04 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r0}], 0x1, 0xfffffdfe) 20:16:04 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) unshare(0x400) ioctl$VHOST_NET_SET_BACKEND(r0, 0x10, &(0x7f0000000000)) 20:16:05 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) unshare(0x400) ioctl$VHOST_NET_SET_BACKEND(r0, 0x10, &(0x7f0000000000)) 20:16:05 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) unshare(0x400) ioctl$VHOST_NET_SET_BACKEND(r0, 0x10, &(0x7f0000000000)) 20:16:05 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) unshare(0x400) 20:16:06 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000000)=[{r0, 0x2050}, {r0, 0x8100}], 0x2, 0x4000) socket$nl_generic(0x10, 0x3, 0x10) 20:16:06 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) 20:16:06 executing program 1: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) [ 304.364280][ T26] Bluetooth: hci1: command 0x0409 tx timeout 20:16:06 executing program 1: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) 20:16:06 executing program 1: openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) 20:16:07 executing program 1: ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) 20:16:07 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x80008}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x3f) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x1, 0x6, 0x4) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f00000001c0)={0x8, {{0x2, 0x0, @multicast1}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) getsockopt$inet_buf(r5, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000012ffc)=0x90) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYRES16=r5, @ANYRES32=r3, @ANYBLOB="03000016010000001800120008100100736974000c00020008000300", @ANYRES32=r4], 0x38}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x3f) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3800000010000507000200"/20, @ANYRES32=r6, @ANYBLOB="03000016010000001800120008000100736974000c00020008000300", @ANYRES32=r7], 0x38}}, 0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000280), 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan1\x00', r4}) r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) unshare(0x400) poll(&(0x7f0000000040)=[{r8}], 0x1, 0x0) [ 305.384330][ T9157] ===================================================== [ 305.391382][ T9157] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 [ 305.398841][ T9157] CPU: 1 PID: 9157 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 305.407413][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.417564][ T9157] Call Trace: [ 305.420949][ T9157] dump_stack+0x21c/0x280 [ 305.425290][ T9157] kmsan_report+0xf7/0x1e0 [ 305.429712][ T9157] kmsan_internal_check_memory+0x238/0x3d0 [ 305.435532][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.440725][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.445929][ T9157] kmsan_copy_to_user+0x81/0x90 [ 305.450877][ T9157] _copy_to_user+0x18e/0x260 [ 305.455554][ T9157] move_addr_to_user+0x3de/0x670 [ 305.460504][ T9157] __sys_getsockname+0x407/0x5e0 [ 305.465504][ T9157] ? put_old_timespec32+0x231/0x2d0 [ 305.470706][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.475906][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.481107][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.486305][ T9157] __se_sys_getsockname+0x91/0xb0 [ 305.491333][ T9157] __ia32_sys_getsockname+0x4a/0x70 [ 305.496557][ T9157] __do_fast_syscall_32+0x2af/0x480 [ 305.501812][ T9157] do_fast_syscall_32+0x6b/0xd0 [ 305.506668][ T9157] do_SYSENTER_32+0x73/0x90 [ 305.511198][ T9157] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 305.517515][ T9157] RIP: 0023:0xf7f23549 [ 305.521565][ T9157] Code: Bad RIP value. [ 305.525617][ T9157] RSP: 002b:00000000f551d0cc EFLAGS: 00000296 ORIG_RAX: 000000000000016f [ 305.534051][ T9157] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 305.542012][ T9157] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 305.549970][ T9157] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 305.557927][ T9157] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 305.565887][ T9157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 305.573856][ T9157] [ 305.576171][ T9157] Local variable ----address@__sys_getsockname created at: [ 305.583359][ T9157] __sys_getsockname+0x91/0x5e0 [ 305.588197][ T9157] __sys_getsockname+0x91/0x5e0 [ 305.593041][ T9157] [ 305.595356][ T9157] Bytes 2-3 of 24 are uninitialized [ 305.600533][ T9157] Memory access of size 24 starts at ffff888054fa7d50 [ 305.607270][ T9157] Data copied to user address 0000000020000140 [ 305.613408][ T9157] ===================================================== [ 305.620321][ T9157] Disabling lock debugging due to kernel taint [ 305.626447][ T9157] Kernel panic - not syncing: panic_on_warn set ... [ 305.633027][ T9157] CPU: 1 PID: 9157 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 305.642982][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.653021][ T9157] Call Trace: [ 305.656319][ T9157] dump_stack+0x21c/0x280 [ 305.660707][ T9157] panic+0x4d7/0xef7 [ 305.664602][ T9157] ? add_taint+0x17c/0x210 [ 305.669017][ T9157] kmsan_report+0x1df/0x1e0 [ 305.673532][ T9157] kmsan_internal_check_memory+0x238/0x3d0 [ 305.679327][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.684514][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.689704][ T9157] kmsan_copy_to_user+0x81/0x90 [ 305.694543][ T9157] _copy_to_user+0x18e/0x260 [ 305.699130][ T9157] move_addr_to_user+0x3de/0x670 [ 305.704061][ T9157] __sys_getsockname+0x407/0x5e0 [ 305.708988][ T9157] ? put_old_timespec32+0x231/0x2d0 [ 305.714168][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.719346][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.724530][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 305.729713][ T9157] __se_sys_getsockname+0x91/0xb0 [ 305.734732][ T9157] __ia32_sys_getsockname+0x4a/0x70 [ 305.739924][ T9157] __do_fast_syscall_32+0x2af/0x480 [ 305.745116][ T9157] do_fast_syscall_32+0x6b/0xd0 [ 305.749952][ T9157] do_SYSENTER_32+0x73/0x90 [ 305.754446][ T9157] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 305.760755][ T9157] RIP: 0023:0xf7f23549 [ 305.764802][ T9157] Code: Bad RIP value. [ 305.768848][ T9157] RSP: 002b:00000000f551d0cc EFLAGS: 00000296 ORIG_RAX: 000000000000016f [ 305.777252][ T9157] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 305.785205][ T9157] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 305.793158][ T9157] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 305.801112][ T9157] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 305.809063][ T9157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 305.817587][ T9157] ------------[ cut here ]------------ [ 305.823018][ T9157] kernel BUG at mm/kmsan/kmsan.h:87! [ 305.828332][ T9157] invalid opcode: 0000 [#1] SMP [ 305.833200][ T9157] CPU: 1 PID: 9157 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 305.843232][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.853270][ T9157] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 305.859829][ T9157] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 b0 63 e1 91 31 c0 e8 f8 02 30 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 c2 13 b0 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 305.879410][ T9157] RSP: 0018:ffff888054fa7778 EFLAGS: 00010046 [ 305.885449][ T9157] RAX: 0000000000000002 RBX: 0000000004d600b5 RCX: 0000000004d600b5 [ 305.893393][ T9157] RDX: 0000000000000000 RSI: 0000000000000140 RDI: ffff888054fa785c [ 305.901430][ T9157] RBP: ffff888054fa7820 R08: ffffea000000000f R09: ffff88812fffa000 [ 305.909459][ T9157] R10: 0000000000000002 R11: ffff888064a8db80 R12: 0000000000000000 [ 305.917402][ T9157] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 305.925434][ T9157] FS: 0000000000000000(0000) GS:ffff88812fd00000(0063) knlGS:00000000f551db40 [ 305.934358][ T9157] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 305.940915][ T9157] CR2: 000000000819b000 CR3: 0000000054d84000 CR4: 00000000001406e0 [ 305.948860][ T9157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 305.956805][ T9157] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 305.964749][ T9157] Call Trace: [ 305.968030][ T9157] kmsan_check_memory+0xd/0x10 [ 305.972767][ T9157] iowrite8+0x99/0x300 [ 305.976892][ T9157] pvpanic_panic_notify+0xb7/0xe0 [ 305.981892][ T9157] ? pvpanic_mmio_remove+0x60/0x60 [ 305.987006][ T9157] atomic_notifier_call_chain+0x123/0x290 [ 305.992700][ T9157] panic+0x560/0xef7 [ 305.996575][ T9157] ? add_taint+0x17c/0x210 [ 306.000962][ T9157] kmsan_report+0x1df/0x1e0 [ 306.005454][ T9157] kmsan_internal_check_memory+0x238/0x3d0 [ 306.011229][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 306.016406][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 306.021592][ T9157] kmsan_copy_to_user+0x81/0x90 [ 306.026415][ T9157] _copy_to_user+0x18e/0x260 [ 306.030981][ T9157] move_addr_to_user+0x3de/0x670 [ 306.035892][ T9157] __sys_getsockname+0x407/0x5e0 [ 306.040805][ T9157] ? put_old_timespec32+0x231/0x2d0 [ 306.045972][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 306.051144][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 306.056325][ T9157] ? kmsan_get_metadata+0x116/0x180 [ 306.061599][ T9157] __se_sys_getsockname+0x91/0xb0 [ 306.066599][ T9157] __ia32_sys_getsockname+0x4a/0x70 [ 306.071769][ T9157] __do_fast_syscall_32+0x2af/0x480 [ 306.076958][ T9157] do_fast_syscall_32+0x6b/0xd0 [ 306.081784][ T9157] do_SYSENTER_32+0x73/0x90 [ 306.086266][ T9157] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 306.092568][ T9157] RIP: 0023:0xf7f23549 [ 306.096602][ T9157] Code: Bad RIP value. [ 306.100646][ T9157] RSP: 002b:00000000f551d0cc EFLAGS: 00000296 ORIG_RAX: 000000000000016f [ 306.109027][ T9157] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 306.116971][ T9157] RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 306.124912][ T9157] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 306.132857][ T9157] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 306.140804][ T9157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 306.148783][ T9157] Modules linked in: [ 306.152653][ T9157] ---[ end trace 3795cea1ee4aa1af ]--- [ 306.158084][ T9157] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 306.164641][ T9157] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 b0 63 e1 91 31 c0 e8 f8 02 30 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 c2 13 b0 0e 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 306.184303][ T9157] RSP: 0018:ffff888054fa7778 EFLAGS: 00010046 [ 306.190343][ T9157] RAX: 0000000000000002 RBX: 0000000004d600b5 RCX: 0000000004d600b5 [ 306.198285][ T9157] RDX: 0000000000000000 RSI: 0000000000000140 RDI: ffff888054fa785c [ 306.206229][ T9157] RBP: ffff888054fa7820 R08: ffffea000000000f R09: ffff88812fffa000 [ 306.214173][ T9157] R10: 0000000000000002 R11: ffff888064a8db80 R12: 0000000000000000 [ 306.222689][ T9157] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 306.230639][ T9157] FS: 0000000000000000(0000) GS:ffff88812fd00000(0063) knlGS:00000000f551db40 [ 306.239538][ T9157] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 306.246092][ T9157] CR2: 000000000819b000 CR3: 0000000054d84000 CR4: 00000000001406e0 [ 306.254145][ T9157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 306.262095][ T9157] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 306.270040][ T9157] Kernel panic - not syncing: Fatal exception [ 306.276840][ T9157] Kernel Offset: disabled [ 306.281147][ T9157] Rebooting in 86400 seconds..