[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 50.736667] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 51.074530] audit: type=1800 audit(1538925773.120:29): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 51.759813] random: sshd: uninitialized urandom read (32 bytes read) [ 52.154785] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 53.768707] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. [ 59.635309] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 15:23:03 fuzzer started [ 63.888179] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 15:23:08 dialing manager at 10.128.0.26:36867 2018/10/07 15:23:08 syscalls: 1 2018/10/07 15:23:08 code coverage: enabled 2018/10/07 15:23:08 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 15:23:08 setuid sandbox: enabled 2018/10/07 15:23:08 namespace sandbox: enabled 2018/10/07 15:23:08 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 15:23:08 fault injection: enabled 2018/10/07 15:23:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 15:23:08 net packed injection: enabled 2018/10/07 15:23:08 net device setup: enabled [ 68.844371] random: crng init done 15:24:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) recvmmsg(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000680)=""/25, 0x19}, {&(0x7f00000006c0)=""/247, 0xf7}, {&(0x7f0000000800)=""/65, 0x41}], 0x10000000000002ad, &(0x7f0000000a00)=""/181, 0x1d3}}], 0x400000000000159, 0x0, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f00000000c0), 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 169.120011] IPVS: ftp: loaded support on port[0] = 21 [ 170.906934] ip (6108) used greatest stack depth: 53056 bytes left [ 171.142865] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.149426] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.157736] device bridge_slave_0 entered promiscuous mode [ 171.280359] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.286901] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.295097] device bridge_slave_1 entered promiscuous mode [ 171.416181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 171.535699] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 171.903024] bond0: Enslaving bond_slave_0 as an active interface with an up link 15:24:54 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) accept$inet(r0, 0x0, &(0x7f00000000c0)) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000001280)={0x0, 0x0, 0x100002, 0x20000002}) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x8e00, 0x1, 0x0, 0x40000002}) pread64(r0, &(0x7f0000000040)=""/127, 0x7f, 0x0) geteuid() geteuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000001c0)={{{@in=@remote}}, {{@in6=@local}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f00000002c0)=0xe8) fstat(r3, &(0x7f0000000300)) getuid() getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@loopback, @in=@rand_addr}}, {{@in=@loopback}}}, &(0x7f00000005c0)=0xe8) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)) lstat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)) getegid() getresgid(&(0x7f0000000780), &(0x7f00000007c0), &(0x7f0000000800)) getegid() getgroups(0x1, &(0x7f0000000840)=[0xee01]) getegid() ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, 0x40) [ 172.030191] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.726006] IPVS: ftp: loaded support on port[0] = 21 [ 172.863945] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 172.871960] team0: Port device team_slave_0 added [ 173.109055] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 173.116993] team0: Port device team_slave_1 added [ 173.376170] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 173.386221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.394940] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.597287] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 173.604526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.613235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.843423] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 173.850917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.859963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.026080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 174.033861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.042864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.121986] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.128436] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.136744] device bridge_slave_0 entered promiscuous mode [ 176.265458] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.272004] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.280133] device bridge_slave_1 entered promiscuous mode [ 176.461186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.602960] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.609420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.616361] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.622858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.631880] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 15:24:58 executing program 2: getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000100)={'ipvs\x00'}, &(0x7f0000000140)=0x1e) sync() r0 = socket$inet6(0xa, 0x10000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f0000000280)) listen(r0, 0xffffffffffffff7f) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0), 0x64, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[]}}, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000180)) linkat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000000400)={0x0, @in={{0x2, 0x0, @broadcast}}}, 0x84) r2 = accept4(r0, 0x0, &(0x7f00000003c0), 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x76, &(0x7f00000004c0), &(0x7f0000000340)=0x8) [ 176.679846] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.153153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.375626] IPVS: ftp: loaded support on port[0] = 21 [ 177.490136] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.699669] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.032858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.045594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.241711] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 178.248761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.998137] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.006269] team0: Port device team_slave_0 added [ 179.283064] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.290985] team0: Port device team_slave_1 added [ 179.506379] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.513627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.522281] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.782220] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.789247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.797897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.019998] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.027711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.036692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.272078] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.279537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.288345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.431441] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.438058] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.446434] device bridge_slave_0 entered promiscuous mode [ 181.721104] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.727817] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.736067] device bridge_slave_1 entered promiscuous mode [ 181.974582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.190316] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.732215] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.953530] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.186902] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.193445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.200297] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.206860] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.215265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.272504] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.299605] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.306742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.968972] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.976961] team0: Port device team_slave_0 added [ 184.237688] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.245675] team0: Port device team_slave_1 added [ 184.472299] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.479340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.487927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 15:25:06 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = dup(r0) write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18}, 0x18) [ 184.803279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.810322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.819083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.096287] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.104163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.112949] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.463856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.471358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.480257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.736293] IPVS: ftp: loaded support on port[0] = 21 [ 187.545272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.766541] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.983202] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.989655] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.996631] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.003140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.011467] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 189.018705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.988955] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.995359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.003220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.771667] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.778122] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.786505] device bridge_slave_0 entered promiscuous mode [ 191.121308] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.127897] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.136188] device bridge_slave_1 entered promiscuous mode [ 191.161846] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.363413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 191.686716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 192.662161] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.957938] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.267216] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 193.274429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.603346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 193.610367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 15:25:15 executing program 4: unshare(0x20000000) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000c35ffc), &(0x7f0000000140)) select(0x40, &(0x7f0000000000)={0xb1}, &(0x7f00000004c0), &(0x7f0000000080), &(0x7f00000000c0)={0x77359400}) ioprio_set$pid(0x30000000002, 0x0, 0x800004000) wait4(0x0, 0x0, 0x40000000, &(0x7f00000002c0)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) [ 194.674690] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 194.682631] team0: Port device team_slave_0 added [ 195.051302] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 195.059289] team0: Port device team_slave_1 added [ 195.115566] IPVS: ftp: loaded support on port[0] = 21 [ 195.485634] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 195.492893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.501530] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.843534] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 195.850574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.859358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.240514] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 196.248215] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.257014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.430244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.643049] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 196.650568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.659334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.858422] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.323783] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 199.427107] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.433724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.441410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.537503] ================================================================== [ 199.544929] BUG: KMSAN: uninit-value in __vmx_flush_tlb+0x755/0x790 [ 199.551367] CPU: 1 PID: 6809 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63 [ 199.558558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.567918] Call Trace: [ 199.570519] dump_stack+0x306/0x460 [ 199.574160] ? __vmx_flush_tlb+0x755/0x790 [ 199.578418] kmsan_report+0x1a3/0x2d0 [ 199.582234] __msan_warning+0x7c/0xe0 [ 199.586052] __vmx_flush_tlb+0x755/0x790 [ 199.590135] vmx_flush_tlb+0x94/0xb0 [ 199.593866] ? vmx_set_rflags+0x740/0x740 [ 199.598044] kvm_mmu_load+0x1656/0x3460 [ 199.602048] ? vmx_set_cr0+0x3510/0x3510 [ 199.606141] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 199.611262] ? futex_wait+0x745/0xa40 [ 199.615085] ? task_kmsan_context_state+0x6b/0x120 [ 199.620035] ? __msan_get_context_state+0x9/0x30 [ 199.624806] ? INIT_INT+0xc/0x30 [ 199.628185] ? task_kmsan_context_state+0x6b/0x120 [ 199.633134] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 199.638601] ? kmsan_set_origin_inline+0x6b/0x120 [ 199.643458] ? __msan_poison_alloca+0x17a/0x210 [ 199.648148] ? put_pid+0x71/0x410 [ 199.651716] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 199.656051] ? put_pid+0x1a9/0x410 [ 199.659596] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 199.664964] ? get_task_pid+0x17b/0x270 [ 199.668956] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 199.673126] ? do_vfs_ioctl+0x18a/0x2810 [ 199.677191] ? __se_sys_ioctl+0x1da/0x270 [ 199.681346] ? kvm_vm_release+0x90/0x90 [ 199.685327] do_vfs_ioctl+0xcf3/0x2810 [ 199.689240] ? security_file_ioctl+0x92/0x200 [ 199.693754] __se_sys_ioctl+0x1da/0x270 [ 199.697757] __x64_sys_ioctl+0x4a/0x70 [ 199.701665] do_syscall_64+0xbe/0x100 [ 199.705489] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 199.710692] RIP: 0033:0x457579 [ 199.713904] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.732824] RSP: 002b:00007f057836ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 199.740555] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 199.747833] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 199.755117] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.762432] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f057836f6d4 [ 199.769732] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 199.777015] [ 199.778645] Local variable description: ----error.i.i.i@__vmx_flush_tlb [ 199.785395] Variable was created at: [ 199.789114] __vmx_flush_tlb+0x103/0x790 [ 199.793187] vmx_flush_tlb+0x94/0xb0 [ 199.796897] ================================================================== [ 199.804772] Disabling lock debugging due to kernel taint [ 199.810232] Kernel panic - not syncing: panic_on_warn set ... [ 199.810232] [ 199.817622] CPU: 1 PID: 6809 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #63 [ 199.826202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.835560] Call Trace: [ 199.838158] dump_stack+0x306/0x460 [ 199.841812] panic+0x54c/0xafa [ 199.845049] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 199.850514] kmsan_report+0x2cd/0x2d0 [ 199.854330] __msan_warning+0x7c/0xe0 [ 199.858143] __vmx_flush_tlb+0x755/0x790 [ 199.862226] vmx_flush_tlb+0x94/0xb0 [ 199.865948] ? vmx_set_rflags+0x740/0x740 [ 199.870104] kvm_mmu_load+0x1656/0x3460 [ 199.874118] ? vmx_set_cr0+0x3510/0x3510 [ 199.878197] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 199.883307] ? futex_wait+0x745/0xa40 [ 199.887130] ? task_kmsan_context_state+0x6b/0x120 [ 199.892070] ? __msan_get_context_state+0x9/0x30 [ 199.896837] ? INIT_INT+0xc/0x30 [ 199.900226] ? task_kmsan_context_state+0x6b/0x120 [ 199.905174] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 199.910641] ? kmsan_set_origin_inline+0x6b/0x120 [ 199.915500] ? __msan_poison_alloca+0x17a/0x210 [ 199.920193] ? put_pid+0x71/0x410 [ 199.923659] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 199.926495] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.928005] ? put_pid+0x1a9/0x410 [ 199.937432] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 199.942836] ? get_task_pid+0x17b/0x270 [ 199.946847] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 199.951031] ? do_vfs_ioctl+0x18a/0x2810 [ 199.955105] ? __se_sys_ioctl+0x1da/0x270 [ 199.959262] ? kvm_vm_release+0x90/0x90 [ 199.963249] do_vfs_ioctl+0xcf3/0x2810 [ 199.967159] ? security_file_ioctl+0x92/0x200 [ 199.971672] __se_sys_ioctl+0x1da/0x270 [ 199.975661] __x64_sys_ioctl+0x4a/0x70 [ 199.979554] do_syscall_64+0xbe/0x100 [ 199.983376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 199.988577] RIP: 0033:0x457579 [ 199.991780] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.010689] RSP: 002b:00007f057836ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 200.018413] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 200.025695] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 200.032975] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.040253] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f057836f6d4 [ 200.047531] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 200.055825] Kernel Offset: disabled [ 200.059449] Rebooting in 86400 seconds..