[....] Starting OpenBSD Secure Shell server: sshd[ 49.851021] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 50.205026] audit: type=1800 audit(1539110585.254:29): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 50.224464] audit: type=1800 audit(1539110585.264:30): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 [ 51.500958] random: sshd: uninitialized urandom read (32 bytes read) syzkaller login: [ 51.983995] random: sshd: uninitialized urandom read (32 bytes read) [ 53.813784] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. [ 59.536476] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/09 18:43:16 fuzzer started [ 63.928327] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/09 18:43:21 dialing manager at 10.128.0.26:44001 2018/10/09 18:43:21 syscalls: 1 2018/10/09 18:43:21 code coverage: enabled 2018/10/09 18:43:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/09 18:43:21 setuid sandbox: enabled 2018/10/09 18:43:21 namespace sandbox: enabled 2018/10/09 18:43:21 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/09 18:43:21 fault injection: enabled 2018/10/09 18:43:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/09 18:43:21 net packed injection: enabled 2018/10/09 18:43:21 net device setup: enabled [ 68.562863] random: crng init done 18:44:53 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000000aff8)='./file0\x00', &(0x7f0000000580)='devtmpfs\x00', 0x1, &(0x7f0000000a40)="e0e2f8468105544c2c7f55c296d5a975e5dccc1a963dbfbdb48019cdc5ece28e33b46a05679ab9de02392585660c5de2ec6b8678d483813376f3c298c2e3227659f6ec5b69dece249ba66b11948eddfcdc25228015b418ea988db9f880a7379057d7a7ff2e88ae2d06d9cab1c8232d5b47c49cdbd88e9807b98984fadeb7d86b853b8ac0e484741cd287416ffd60d0dd2780be4fee068cd3b704cee7b453fb794add1fa83c00f5551b00d0b304d61dff295acde4ff7e63e55a93191b2fc96c0e9fa75f4d1eaf4b5c0e") chdir(&(0x7f00000003c0)='./file0\x00') lseek(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) accept(0xffffffffffffffff, &(0x7f0000000500)=@alg, &(0x7f0000000140)=0x80) fcntl$addseals(0xffffffffffffffff, 0x409, 0x1) execve(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000380), &(0x7f0000000480)=[&(0x7f0000000400)='\x00', &(0x7f0000000440)='ramfs\x00']) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000001740)=""/40, 0x102ca, 0x0) [ 159.244878] IPVS: ftp: loaded support on port[0] = 21 [ 161.250141] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.256702] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.264967] device bridge_slave_0 entered promiscuous mode [ 161.405541] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.412099] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.420448] device bridge_slave_1 entered promiscuous mode [ 161.542652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 161.663649] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 162.034849] bond0: Enslaving bond_slave_0 as an active interface with an up link 18:44:57 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000040)=@alg, 0x80, &(0x7f0000000140), 0x0, &(0x7f00000001c0)=""/87, 0x57}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000000)=""/8, &(0x7f0000000080)=0x1a08) [ 162.196811] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 162.679852] IPVS: ftp: loaded support on port[0] = 21 [ 163.034806] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 163.042759] team0: Port device team_slave_0 added [ 163.272840] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 163.280654] team0: Port device team_slave_1 added [ 163.545062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.783088] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 163.790393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 163.799087] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 163.983709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 163.991251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.000128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.229441] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.237193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.246068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.993242] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.999700] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.008042] device bridge_slave_0 entered promiscuous mode [ 166.199636] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.206347] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.214486] device bridge_slave_1 entered promiscuous mode [ 166.351845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.560579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.575893] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.582757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.589608] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.596169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.604609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 167.022118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 18:45:02 executing program 2: io_setup(0x3, &(0x7f0000000080)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) close(r1) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 167.165584] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 167.475088] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 167.741192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 167.748700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.950393] IPVS: ftp: loaded support on port[0] = 21 [ 168.000625] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 168.007824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.678903] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 168.686891] team0: Port device team_slave_0 added [ 168.892292] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 168.900250] team0: Port device team_slave_1 added [ 169.142211] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 169.149229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.157996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.425242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 169.432388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.440794] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.654014] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 169.661529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.670445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.936986] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 169.944639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.953511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.266645] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.273218] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.281326] device bridge_slave_0 entered promiscuous mode [ 172.486718] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.493273] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.501425] device bridge_slave_1 entered promiscuous mode [ 172.800244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 172.963796] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.970252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.977195] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.983691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.992162] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.017425] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.141992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.776503] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.022964] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.212630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 174.219624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 18:45:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000009fe8)={0x80fffb, 0x1a}) [ 174.527700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 174.534803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.207581] ip (6413) used greatest stack depth: 53040 bytes left [ 175.327015] IPVS: ftp: loaded support on port[0] = 21 [ 175.493715] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.501432] team0: Port device team_slave_0 added [ 175.775590] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.783630] team0: Port device team_slave_1 added [ 176.116563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.124000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.132624] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.401720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.408734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.417283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.669667] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.677314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.686082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.927746] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.935491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.944537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.152714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.369244] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.529331] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.535749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.543563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.407248] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.413786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.420628] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.427252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.435556] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.461512] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.468019] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.476144] device bridge_slave_0 entered promiscuous mode [ 180.734179] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.815586] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.822276] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.830457] device bridge_slave_1 entered promiscuous mode [ 180.982456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.190118] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.474797] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.445393] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.729895] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.011377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.019322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.348722] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.355850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 18:45:18 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) r0 = socket(0x2, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x61}, &(0x7f0000000080)=0x8) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, 0x4}, 0x18) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)}, &(0x7f0000000180)=0x10) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000001c0)=@broute={'broute\x00\x00\x00\x00`\x00', 0x4000, 0x0, 0x0, [], 0x0, &(0x7f0000000100), &(0x7f0000000680)}, 0x78) [ 184.432952] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.440845] team0: Port device team_slave_0 added [ 184.813929] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.821923] team0: Port device team_slave_1 added [ 184.885731] IPVS: ftp: loaded support on port[0] = 21 [ 185.210873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.218054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.226854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.586463] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.593611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.602213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.978124] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.985829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.994711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.338904] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.346608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.355476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.454195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.833100] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 18:45:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000180)="0f00db670f01df66b8000000000f23d80f21f86635400000f00f23f80f09b800008ee00f009a00000f212b0f01c30f21b00f1af9", 0x34}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SMI(r2, 0xaeb7) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000540)={0xd0003}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 189.404792] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.411153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.418899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.473734] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 189.614767] ================================================================== [ 189.622191] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 189.629826] CPU: 0 PID: 6808 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #65 [ 189.637013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.646365] Call Trace: [ 189.648964] dump_stack+0x306/0x460 [ 189.652606] ? vmx_set_constant_host_state+0x1778/0x1830 [ 189.658076] kmsan_report+0x1a2/0x2e0 [ 189.661892] __msan_warning+0x7c/0xe0 [ 189.665711] vmx_set_constant_host_state+0x1778/0x1830 [ 189.671003] vmx_create_vcpu+0x3e6f/0x7870 [ 189.675252] ? kmsan_set_origin_inline+0x6b/0x120 [ 189.680107] ? __msan_poison_alloca+0x17a/0x210 [ 189.684796] ? vmx_vm_init+0x340/0x340 [ 189.688704] kvm_arch_vcpu_create+0x25d/0x2f0 [ 189.693226] kvm_vm_ioctl+0x13fd/0x33d0 [ 189.697226] ? __msan_poison_alloca+0x17a/0x210 [ 189.701924] ? do_vfs_ioctl+0x18a/0x2810 [ 189.705997] ? __se_sys_ioctl+0x1da/0x270 [ 189.710158] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 189.715014] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 189.719872] do_vfs_ioctl+0xcf3/0x2810 [ 189.723787] ? security_file_ioctl+0x92/0x200 [ 189.728305] __se_sys_ioctl+0x1da/0x270 [ 189.732314] __x64_sys_ioctl+0x4a/0x70 [ 189.736211] do_syscall_64+0xbe/0x100 [ 189.740023] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 189.745225] RIP: 0033:0x457579 [ 189.748792] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.767707] RSP: 002b:00007f61a88ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.775432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 189.782713] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 189.789989] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 189.797263] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61a88ed6d4 [ 189.804545] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 189.811832] [ 189.813464] Local variable description: ----dt@vmx_set_constant_host_state [ 189.820474] Variable was created at: [ 189.824235] vmx_set_constant_host_state+0x2b0/0x1830 [ 189.829436] vmx_create_vcpu+0x3e6f/0x7870 [ 189.833674] ================================================================== [ 189.841032] Disabling lock debugging due to kernel taint [ 189.847264] Kernel panic - not syncing: panic_on_warn set ... [ 189.847264] [ 189.854651] CPU: 0 PID: 6808 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #65 [ 189.863230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.872606] Call Trace: [ 189.875204] dump_stack+0x306/0x460 [ 189.878850] panic+0x54c/0xafa [ 189.882077] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 189.887541] kmsan_report+0x2d3/0x2e0 [ 189.891362] __msan_warning+0x7c/0xe0 [ 189.895176] vmx_set_constant_host_state+0x1778/0x1830 [ 189.900475] vmx_create_vcpu+0x3e6f/0x7870 [ 189.904724] ? kmsan_set_origin_inline+0x6b/0x120 [ 189.909584] ? __msan_poison_alloca+0x17a/0x210 [ 189.914289] ? vmx_vm_init+0x340/0x340 [ 189.918194] kvm_arch_vcpu_create+0x25d/0x2f0 [ 189.922703] kvm_vm_ioctl+0x13fd/0x33d0 [ 189.926684] ? __msan_poison_alloca+0x17a/0x210 [ 189.931362] ? do_vfs_ioctl+0x18a/0x2810 [ 189.935436] ? __se_sys_ioctl+0x1da/0x270 [ 189.939601] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 189.944468] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 189.949329] do_vfs_ioctl+0xcf3/0x2810 [ 189.953234] ? security_file_ioctl+0x92/0x200 [ 189.957743] __se_sys_ioctl+0x1da/0x270 [ 189.961837] __x64_sys_ioctl+0x4a/0x70 [ 189.965736] do_syscall_64+0xbe/0x100 [ 189.969560] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 189.974840] RIP: 0033:0x457579 [ 189.978040] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.996947] RSP: 002b:00007f61a88ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 190.004672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 190.011942] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 190.019221] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.026500] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61a88ed6d4 [ 190.033780] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 190.042162] Kernel Offset: disabled [ 190.045789] Rebooting in 86400 seconds..