[ 57.626321] audit: type=1800 audit(1538989328.684:27): pid=6129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 59.338251] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 60.296083] random: sshd: uninitialized urandom read (32 bytes read) [ 60.812257] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.187764] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. [ 69.031026] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 09:02:22 fuzzer started [ 73.747811] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 09:02:27 dialing manager at 10.128.0.26:36867 2018/10/08 09:02:27 syscalls: 1 2018/10/08 09:02:27 code coverage: enabled 2018/10/08 09:02:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 09:02:27 setuid sandbox: enabled 2018/10/08 09:02:27 namespace sandbox: enabled 2018/10/08 09:02:27 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 09:02:27 fault injection: enabled 2018/10/08 09:02:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 09:02:27 net packed injection: enabled 2018/10/08 09:02:27 net device setup: enabled [ 78.321039] random: crng init done 09:04:44 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000040)=0x2) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x0, 0x0, [], 0x1ff}]}}) [ 214.118707] IPVS: ftp: loaded support on port[0] = 21 [ 216.537081] ip (6324) used greatest stack depth: 53088 bytes left [ 216.690957] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.697618] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.706204] device bridge_slave_0 entered promiscuous mode [ 216.846322] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.852931] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.861274] device bridge_slave_1 entered promiscuous mode [ 217.001400] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.140341] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 09:04:48 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x14, 0x1d, 0xfffffffffffffffd, 0x0, 0x0, {0x20}}, 0x14}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') accept4(0xffffffffffffffff, &(0x7f0000007840)=@in6={0xa, 0x0, 0x0, @dev}, &(0x7f00000078c0)=0x80, 0x0) [ 217.578957] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.817772] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.284833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.291968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.370979] IPVS: ftp: loaded support on port[0] = 21 [ 218.966341] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.974608] team0: Port device team_slave_0 added [ 219.187617] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.195843] team0: Port device team_slave_1 added [ 219.391924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 219.398987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.408081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.592172] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.599236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.608348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.794397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.802241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.811407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.050709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.058559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.067788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.907631] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.914425] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.922910] device bridge_slave_0 entered promiscuous mode [ 222.084783] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.091301] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.099861] device bridge_slave_1 entered promiscuous mode [ 222.290237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 222.562629] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.684554] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.691079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.698124] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.704655] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.713558] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 223.171952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.234990] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:04:54 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000d4b000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x3, [{{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}]}, 0x210) [ 223.481334] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 223.723152] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 223.730211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.038253] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.045398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.325211] IPVS: ftp: loaded support on port[0] = 21 [ 224.750381] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.758633] team0: Port device team_slave_0 added [ 225.016347] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.024547] team0: Port device team_slave_1 added [ 225.309053] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.316372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.325352] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.508673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.516028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.525049] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.858300] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.866028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.875299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.200825] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.208556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.217606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.196639] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.203338] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.211920] device bridge_slave_0 entered promiscuous mode [ 229.342882] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.349356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.356367] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.362891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.372078] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 229.399934] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.406488] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.414994] device bridge_slave_1 entered promiscuous mode [ 229.677914] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.701819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.936208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.738555] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.055835] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.299624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.306765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.593285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.600323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:05:03 executing program 3: openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x401, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000000)=0x24, 0x4) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000040)={@local, @multicast1}, &(0x7f0000000100)=0xc) shmget(0x2, 0x4000, 0x8, &(0x7f0000ffa000/0x4000)=nil) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) geteuid() ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000600)={0x81, 0xc00103fc, &(0x7f0000000140)="333e28f19fb562cc90cb2e0998e7f3e411396dd0b325a1caaab6efc68611627341f288aa45dad7742a642f32f402ed0aab91b105301350a28f31334320619b86f1736b5ab5d3d9e5b264cfebd7c0396af2739ad8a058004b7115233c76767804c48a04ec737bd9ed92364487e2d78849daee0a154f0fe2deaadf32d78cd3cf47fca69711a16ee70213b66f8370be24e93d837b15a47ad05b16d7dc4bd016cfaeefb737bc93683ade7e99d9dd21a7e30fd9e2c71b78f2cd8bd9eae1e30fa5824ec64ccd0375b011755b508007fcef0025f40f1c273ff59210ef59c6385af0aac223facf44469ad5086019a87ba655897530", &(0x7f0000000480)="91972564e276d3a357d0", 0xf1, 0xa}) [ 232.541191] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.549491] team0: Port device team_slave_0 added [ 232.970437] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.978695] team0: Port device team_slave_1 added [ 233.260832] IPVS: ftp: loaded support on port[0] = 21 [ 233.461181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.468516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.477441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.797990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 233.805179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.814439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.133906] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 234.141539] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.150634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 234.519703] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 234.527432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.536634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.531461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.789861] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.038046] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.044633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.052795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.840153] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.846714] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.853764] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.860211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.869097] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.177494] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.184277] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.192820] device bridge_slave_0 entered promiscuous mode [ 239.419630] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.531103] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.537799] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.546427] device bridge_slave_1 entered promiscuous mode [ 239.682450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.896483] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 240.325743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.324185] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 241.727700] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 242.080956] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.088799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.470182] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.477407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:05:13 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="240000005e0007031dfffd946fa2830020200a0005000010b21d85680c1ba3a20c02ff7e", 0x24}], 0x1}, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000140)="153f6234488dd25d766070") recvmmsg(r0, &(0x7f0000003980)=[{{&(0x7f0000000080)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000740), 0x0, &(0x7f00000007c0)=""/217, 0xd9}}], 0x1, 0x0, &(0x7f0000003b40)) [ 243.740383] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 243.748458] team0: Port device team_slave_0 added [ 244.105078] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 244.113268] team0: Port device team_slave_1 added [ 244.239337] IPVS: ftp: loaded support on port[0] = 21 [ 244.259621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.526618] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 244.533861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.542865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.939158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 244.946360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.955386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.469070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 245.476902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.486485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.852619] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.859845] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 245.867776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.876868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.445848] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 247.474767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.483049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.004171] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 249.118312] ================================================================== [ 249.125749] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 249.132356] CPU: 1 PID: 7016 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63 [ 249.139590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.149007] Call Trace: [ 249.151747] dump_stack+0x306/0x460 [ 249.155410] ? _raw_spin_lock_irqsave+0x227/0x340 [ 249.160282] ? vmx_create_vcpu+0x10df/0x7920 [ 249.164751] kmsan_report+0x1a3/0x2d0 [ 249.168597] __msan_warning+0x7c/0xe0 [ 249.172439] vmx_create_vcpu+0x10df/0x7920 [ 249.176702] ? kmsan_set_origin_inline+0x6b/0x120 [ 249.181578] ? __msan_poison_alloca+0x17a/0x210 [ 249.186290] ? vmx_vm_init+0x340/0x340 [ 249.190210] kvm_arch_vcpu_create+0x25d/0x2f0 [ 249.194756] kvm_vm_ioctl+0x13fd/0x33d0 [ 249.198769] ? __msan_poison_alloca+0x17a/0x210 [ 249.203475] ? do_vfs_ioctl+0x18a/0x2810 [ 249.207563] ? __se_sys_ioctl+0x1da/0x270 [ 249.211761] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 249.216635] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 249.221511] do_vfs_ioctl+0xcf3/0x2810 [ 249.225445] ? security_file_ioctl+0x92/0x200 [ 249.229981] __se_sys_ioctl+0x1da/0x270 [ 249.233995] __x64_sys_ioctl+0x4a/0x70 [ 249.237920] do_syscall_64+0xbe/0x100 [ 249.241760] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 249.246971] RIP: 0033:0x457579 [ 249.250196] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 249.269134] RSP: 002b:00007f9859612c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.276871] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 249.284160] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 000000000000000a [ 249.291456] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 249.298747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98596136d4 [ 249.306039] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 249.313878] [ 249.315531] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 249.322485] Variable was created at: [ 249.326232] vmx_create_vcpu+0xd5/0x7920 [ 249.330322] kvm_arch_vcpu_create+0x25d/0x2f0 [ 249.334822] ================================================================== [ 249.342226] Disabling lock debugging due to kernel taint [ 249.347691] Kernel panic - not syncing: panic_on_warn set ... [ 249.347691] [ 249.355118] CPU: 1 PID: 7016 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #63 [ 249.363708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.373086] Call Trace: [ 249.375706] dump_stack+0x306/0x460 [ 249.379385] panic+0x54c/0xafa [ 249.382683] kmsan_report+0x2cd/0x2d0 [ 249.386521] __msan_warning+0x7c/0xe0 [ 249.390364] vmx_create_vcpu+0x10df/0x7920 [ 249.394634] ? kmsan_set_origin_inline+0x6b/0x120 [ 249.399521] ? __msan_poison_alloca+0x17a/0x210 [ 249.404235] ? vmx_vm_init+0x340/0x340 [ 249.408157] kvm_arch_vcpu_create+0x25d/0x2f0 [ 249.412695] kvm_vm_ioctl+0x13fd/0x33d0 [ 249.416722] ? __msan_poison_alloca+0x17a/0x210 [ 249.421436] ? do_vfs_ioctl+0x18a/0x2810 [ 249.425524] ? __se_sys_ioctl+0x1da/0x270 [ 249.429708] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 249.434592] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 249.439471] do_vfs_ioctl+0xcf3/0x2810 [ 249.443422] ? security_file_ioctl+0x92/0x200 [ 249.447972] __se_sys_ioctl+0x1da/0x270 [ 249.451995] __x64_sys_ioctl+0x4a/0x70 [ 249.455926] do_syscall_64+0xbe/0x100 [ 249.459765] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 249.464979] RIP: 0033:0x457579 [ 249.468210] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 249.487139] RSP: 002b:00007f9859612c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.494872] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 249.502157] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 000000000000000a [ 249.509445] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 249.516767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98596136d4 [ 249.522929] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.524066] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 249.531014] Kernel Offset: disabled [ 249.541911] Rebooting in 86400 seconds..