./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4079233987 <...> forked to background, child pid 3061 no interfaces have a carrier [ 73.894010][ T3062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.900079][ T3062] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.172' (ECDSA) to the list of known hosts. syzkaller login: [ 100.263561][ T1525] cfg80211: failed to load regulatory.db execve("./syz-executor4079233987", ["./syz-executor4079233987"], 0x7ffdd30f6d70 /* 10 vars */) = 0 brk(NULL) = 0x5555560b9000 brk(0x5555560b9c40) = 0x5555560b9c40 arch_prctl(ARCH_SET_FS, 0x5555560b9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4079233987", 4096) = 28 brk(0x5555560dac40) = 0x5555560dac40 brk(0x5555560db000) = 0x5555560db000 mprotect(0x7f8387b5e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560b95d0) = 3490 ./strace-static-x86_64: Process 3490 attached [pid 3490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3490] setpgid(0, 0) = 0 [pid 3490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3490] write(3, "1000", 4) = 4 [pid 3490] close(3) = 0 [pid 3490] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 3490] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20012000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20013000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20014000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20015000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20016000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20017000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20018000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20019000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x2001a000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2001b000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2001c000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2001d000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2001e000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2001f000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x20020000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20021000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20022000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20023000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20024000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20025000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20026000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20027000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20028000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(-1, KVM_GET_SREGS, 0x7ffc7b5ee230) = -1 EBADF (Bad file descriptor) [pid 3490] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 3490] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 3490] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 3490] ioctl(4, KVM_SET_IRQCHIP, 0x200001c0) = 0 [pid 3490] ioctl(4, KVM_CREATE_VCPU, 2) = 6 [pid 3490] ioctl(5, KVM_SET_REGS, {rax=0, ..., rsp=0x2004c7, rbp=0, ..., rip=0, rflags=0x200}) = 0 [ 101.162369][ T3490] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.237765][ T3490] ===================================================== [ 101.237835][ T3490] BUG: KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast+0x7a7/0x990 [ 101.237880][ T3490] kvm_irq_delivery_to_apic_fast+0x7a7/0x990 [ 101.237920][ T3490] kvm_irq_delivery_to_apic+0xdb/0xe40 [ 101.237963][ T3490] kvm_pv_kick_cpu_op+0xd1/0x100 [ 101.238008][ T3490] kvm_emulate_hypercall+0xee7/0x1340 [ 101.238053][ T3490] __vmx_handle_exit+0x101f/0x1710 [ 101.238088][ T3490] vmx_handle_exit+0x38/0x1f0 [ 101.238139][ T3490] vcpu_enter_guest+0x4733/0x52d0 [ 101.238179][ T3490] vcpu_run+0x794/0x1230 [ 101.238219][ T3490] kvm_arch_vcpu_ioctl_run+0x11fe/0x1b30 [ 101.238266][ T3490] kvm_vcpu_ioctl+0xcd4/0x1980 [ 101.238309][ T3490] __se_sys_ioctl+0x222/0x400 [ 101.238345][ T3490] __x64_sys_ioctl+0x92/0xd0 [ 101.238380][ T3490] do_syscall_64+0x3d/0xb0 [ 101.238426][ T3490] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 101.238478][ T3490] [ 101.238486][ T3490] Local variable lapic_irq created at: [ 101.238498][ T3490] kvm_pv_kick_cpu_op+0x46/0x100 [ 101.238550][ T3490] kvm_emulate_hypercall+0xee7/0x1340 [ 101.238604][ T3490] [ 101.238612][ T3490] CPU: 1 PID: 3490 Comm: syz-executor407 Not tainted 5.19.0-rc3-syzkaller-30868-g4b28366af7d9 #0 [ 101.238658][ T3490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.238680][ T3490] ===================================================== [ 101.238691][ T3490] Disabling lock debugging due to kernel taint [ 101.238711][ T3490] Kernel panic - not syncing: kmsan.panic set ... [ 101.385371][ T3490] CPU: 1 PID: 3490 Comm: syz-executor407 Tainted: G B 5.19.0-rc3-syzkaller-30868-g4b28366af7d9 #0 [ 101.397313][ T3490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.407391][ T3490] Call Trace: [ 101.410686][ T3490] [ 101.413658][ T3490] dump_stack_lvl+0x1c8/0x256 [ 101.418570][ T3490] dump_stack+0x1a/0x1c [ 101.422793][ T3490] panic+0x4d3/0xc7d [ 101.426759][ T3490] ? print_tainted+0x1d1/0x1e0 [ 101.431581][ T3490] ? add_taint+0x104/0x1a0 [ 101.436042][ T3490] ? printk_sprint+0x29b/0x4d0 [ 101.440871][ T3490] kmsan_report+0x2cc/0x2d0 [ 101.445429][ T3490] ? mmu_try_to_unsync_pages+0x115/0x9f0 [ 101.451099][ T3490] ? __msan_warning+0x92/0x110 [ 101.455893][ T3490] ? kvm_irq_delivery_to_apic_fast+0x7a7/0x990 [ 101.462109][ T3490] ? kvm_irq_delivery_to_apic+0xdb/0xe40 [ 101.467806][ T3490] ? kvm_pv_kick_cpu_op+0xd1/0x100 [ 101.472967][ T3490] ? kvm_emulate_hypercall+0xee7/0x1340 [ 101.478570][ T3490] ? __vmx_handle_exit+0x101f/0x1710 [ 101.483904][ T3490] ? vmx_handle_exit+0x38/0x1f0 [ 101.488822][ T3490] ? vcpu_enter_guest+0x4733/0x52d0 [ 101.494082][ T3490] ? vcpu_run+0x794/0x1230 [ 101.498567][ T3490] ? kvm_arch_vcpu_ioctl_run+0x11fe/0x1b30 [ 101.504447][ T3490] ? kvm_vcpu_ioctl+0xcd4/0x1980 [ 101.509442][ T3490] ? __se_sys_ioctl+0x222/0x400 [ 101.514329][ T3490] ? __x64_sys_ioctl+0x92/0xd0 [ 101.519144][ T3490] ? do_syscall_64+0x3d/0xb0 [ 101.523771][ T3490] ? entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 101.529978][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.535151][ T3490] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 101.540997][ T3490] ? __stack_depot_save+0x1b1/0x4b0 [ 101.546234][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.551405][ T3490] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 101.557285][ T3490] ? kvm_apic_map_get_dest_lapic+0xf2/0x1290 [ 101.563328][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.568501][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.573682][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.578833][ T3490] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 101.584705][ T3490] __msan_warning+0x92/0x110 [ 101.589344][ T3490] kvm_irq_delivery_to_apic_fast+0x7a7/0x990 [ 101.595408][ T3490] ? __stack_depot_save+0x38d/0x4b0 [ 101.600659][ T3490] kvm_irq_delivery_to_apic+0xdb/0xe40 [ 101.606195][ T3490] ? _raw_spin_unlock_irqrestore+0x34/0x50 [ 101.612075][ T3490] ? __stack_depot_save+0x38d/0x4b0 [ 101.617332][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.622487][ T3490] ? kmsan_internal_set_shadow_origin+0x62/0xe0 [ 101.628810][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.633986][ T3490] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 101.639874][ T3490] kvm_pv_kick_cpu_op+0xd1/0x100 [ 101.644889][ T3490] kvm_emulate_hypercall+0xee7/0x1340 [ 101.650364][ T3490] ? kvm_vcpu_apicv_activated+0x100/0x100 [ 101.656165][ T3490] __vmx_handle_exit+0x101f/0x1710 [ 101.661333][ T3490] vmx_handle_exit+0x38/0x1f0 [ 101.666064][ T3490] vcpu_enter_guest+0x4733/0x52d0 [ 101.671152][ T3490] ? _raw_spin_unlock_irqrestore+0x34/0x50 [ 101.677010][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.682176][ T3490] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 101.688059][ T3490] vcpu_run+0x794/0x1230 [ 101.692388][ T3490] ? vmx_vcpu_pre_run+0xca/0x1d0 [ 101.697391][ T3490] kvm_arch_vcpu_ioctl_run+0x11fe/0x1b30 [ 101.703076][ T3490] kvm_vcpu_ioctl+0xcd4/0x1980 [ 101.707907][ T3490] ? kmsan_get_metadata+0x33/0x220 [ 101.713070][ T3490] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 101.718924][ T3490] ? kvm_create_vcpu_debugfs+0x190/0x190 [ 101.724612][ T3490] __se_sys_ioctl+0x222/0x400 [ 101.729345][ T3490] __x64_sys_ioctl+0x92/0xd0 [ 101.733980][ T3490] do_syscall_64+0x3d/0xb0 [ 101.738465][ T3490] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 101.744339][ T3490] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 101.750308][ T3490] RIP: 0033:0x7f8387af0ef9 [ 101.754780][ T3490] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 101.774454][ T3490] RSP: 002b:00007ffc7b5ef7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 101.782927][ T3490] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8387af0ef9 [ 101.791027][ T3490] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 101.799039][ T3490] RBP: 0000000000000000 R08: 00007ffc7b5ef958 R09: 00007ffc7b5ef958 [ 101.807066][ T3490] R10: 00007ffc7b5ef958 R11: 0000000000000246 R12: 00007f8387ab4160 [ 101.815129][ T3490] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 101.823202][ T3490] [ 101.826447][ T3490] Kernel Offset: disabled [ 101.830792][ T3490] Rebooting in 86400 seconds..