[ 50.283274] audit: type=1800 audit(1538978739.314:27): pid=6086 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 51.761081] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 54.055330] random: sshd: uninitialized urandom read (32 bytes read) [ 54.474599] random: sshd: uninitialized urandom read (32 bytes read) [ 56.190250] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts. [ 61.911167] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 06:05:52 fuzzer started [ 66.194829] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 06:05:57 dialing manager at 10.128.0.26:36867 2018/10/08 06:05:57 syscalls: 1 2018/10/08 06:05:57 code coverage: enabled 2018/10/08 06:05:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 06:05:57 setuid sandbox: enabled 2018/10/08 06:05:57 namespace sandbox: enabled 2018/10/08 06:05:57 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 06:05:57 fault injection: enabled 2018/10/08 06:05:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 06:05:57 net packed injection: enabled 2018/10/08 06:05:57 net device setup: enabled [ 71.016357] random: crng init done 06:07:36 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) mmap(&(0x7f0000000000/0x5000)=nil, 0x5000, 0x4, 0x10031, 0xffffffffffffffff, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x5, &(0x7f00000000c0), 0x200000d0) [ 167.850814] IPVS: ftp: loaded support on port[0] = 21 [ 169.970198] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.976760] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.985104] device bridge_slave_0 entered promiscuous mode [ 170.122557] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.129010] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.137351] device bridge_slave_1 entered promiscuous mode [ 170.258295] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 170.384107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 170.758231] bond0: Enslaving bond_slave_0 as an active interface with an up link 06:07:39 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x800000000002) ioctl(r0, 0x8912, &(0x7f0000000040)="153f62344885d25d766070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000002d0009022bbd7000fcdbdf2500000000", @ANYRES32], 0x2}}, 0x0) [ 170.885575] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.432067] IPVS: ftp: loaded support on port[0] = 21 [ 171.929206] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 171.937759] team0: Port device team_slave_0 added [ 172.235327] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 172.243230] team0: Port device team_slave_1 added [ 172.405822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.535368] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 172.542695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.551273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.693710] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 172.701286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.710464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.856239] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 172.863870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.872809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.721120] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.727782] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.736040] device bridge_slave_0 entered promiscuous mode [ 174.964771] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.971232] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.979599] device bridge_slave_1 entered promiscuous mode [ 175.055947] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.062511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.069376] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.075942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.084430] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 175.215683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.411073] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.702591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 06:07:44 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000400)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000300)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000040c0), 0x1000) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xffffffea) setsockopt$inet6_MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000180)={{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x4e20, 0x100000001}}, 0x5c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), &(0x7f00000004c0)={0x20}, &(0x7f0000000140)={0x8}, &(0x7f0000000200)={0x0, r3+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000100)='\x00', 0x8008, 0x0) [ 176.066223] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.290195] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.433366] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 176.443222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.697491] IPVS: ftp: loaded support on port[0] = 21 [ 176.726762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 176.734018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.643325] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.651243] team0: Port device team_slave_0 added [ 177.878676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.886726] team0: Port device team_slave_1 added [ 178.209370] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.216630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.225481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.461900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 178.468981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.477870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.703527] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.711103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.720108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.034823] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.042574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.051349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.496634] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.503300] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.511413] device bridge_slave_0 entered promiscuous mode [ 180.814699] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.821299] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.829747] device bridge_slave_1 entered promiscuous mode [ 181.071303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.236153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.960120] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.040630] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.047280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.054272] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.060726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.069305] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.219189] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.492981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.500079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.683058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.690112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.921978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 06:07:52 executing program 3: r0 = getpid() perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capget(&(0x7f0000000340)={0x19980330, r0}, &(0x7f0000000380)={0x3, 0x0, 0x6, 0x0, 0x0, 0xcc09}) [ 183.475910] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.483949] team0: Port device team_slave_0 added [ 183.802839] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.810735] team0: Port device team_slave_1 added [ 184.112338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.119398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.128068] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.453400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.460482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.469290] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.547612] IPVS: ftp: loaded support on port[0] = 21 [ 184.730593] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.738338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.747621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.121825] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.129379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.138362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.438186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.609858] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.773408] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.779896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.788067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.574264] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.580733] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.587733] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.594233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.603117] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.782720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.841059] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.670477] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.677131] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.685589] device bridge_slave_0 entered promiscuous mode [ 190.032591] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.039077] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.047723] device bridge_slave_1 entered promiscuous mode [ 190.374000] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.620289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 191.595106] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.946362] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.311895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 192.318995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.591663] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 192.599022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 06:08:02 executing program 4: openat$vhci(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhci\x00', 0x0, 0x0) unshare(0x400) pselect6(0x1c, &(0x7f0000000300), &(0x7f0000000380), &(0x7f00000003c0)={0x8}, &(0x7f0000000400)={0x0, 0x989680}, &(0x7f0000000100)={&(0x7f0000000440), 0x8}) [ 193.640015] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 193.648333] team0: Port device team_slave_0 added [ 194.053394] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 194.061519] team0: Port device team_slave_1 added [ 194.310546] IPVS: ftp: loaded support on port[0] = 21 [ 194.396867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 194.404302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.413163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.806352] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 194.813962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.822775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.853548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.224085] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 195.231999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.240758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.687919] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 195.695813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.704752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.294383] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 06:08:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f2325363e0f01cb66b9800000c00f326635002000000f30018c448b2e0f0171860fc72cba4200ed67f26cd0bf9f30", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100), 0x106}}, 0x20) openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffd14, 0xfa00, {0x0, &(0x7f0000000280), 0x142, 0x5}}, 0xffffffffffffff51) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 196.994031] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 197.094508] ================================================================== [ 197.101949] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 197.108560] CPU: 0 PID: 6947 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63 [ 197.115766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.125159] Call Trace: [ 197.127781] dump_stack+0x306/0x460 [ 197.131432] ? _raw_spin_lock_irqsave+0x227/0x340 [ 197.136307] ? vmx_create_vcpu+0x10df/0x7920 [ 197.140763] kmsan_report+0x1a3/0x2d0 [ 197.144604] __msan_warning+0x7c/0xe0 [ 197.148438] vmx_create_vcpu+0x10df/0x7920 [ 197.152695] ? kmsan_set_origin_inline+0x6b/0x120 [ 197.157565] ? __msan_poison_alloca+0x17a/0x210 [ 197.162277] ? vmx_vm_init+0x340/0x340 [ 197.166200] kvm_arch_vcpu_create+0x25d/0x2f0 [ 197.170740] kvm_vm_ioctl+0x13fd/0x33d0 [ 197.174750] ? __msan_poison_alloca+0x17a/0x210 [ 197.179445] ? do_vfs_ioctl+0x18a/0x2810 [ 197.183530] ? __se_sys_ioctl+0x1da/0x270 [ 197.187699] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 197.192563] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 197.197433] do_vfs_ioctl+0xcf3/0x2810 [ 197.201355] ? security_file_ioctl+0x92/0x200 [ 197.205880] __se_sys_ioctl+0x1da/0x270 [ 197.209969] __x64_sys_ioctl+0x4a/0x70 [ 197.213875] do_syscall_64+0xbe/0x100 [ 197.217707] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 197.222910] RIP: 0033:0x457579 [ 197.226253] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.245304] RSP: 002b:00007f65d3e2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.253152] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 197.260443] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 197.267736] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.275032] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65d3e306d4 [ 197.282322] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 197.289629] [ 197.291274] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 197.298221] Variable was created at: [ 197.301960] vmx_create_vcpu+0xd5/0x7920 [ 197.306048] kvm_arch_vcpu_create+0x25d/0x2f0 [ 197.310551] ================================================================== [ 197.317921] Disabling lock debugging due to kernel taint [ 197.323392] Kernel panic - not syncing: panic_on_warn set ... [ 197.323392] [ 197.330900] CPU: 0 PID: 6947 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #63 [ 197.339524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.348895] Call Trace: [ 197.351517] dump_stack+0x306/0x460 [ 197.355210] panic+0x54c/0xafa [ 197.358474] kmsan_report+0x2cd/0x2d0 [ 197.362314] __msan_warning+0x7c/0xe0 [ 197.366176] vmx_create_vcpu+0x10df/0x7920 [ 197.370447] ? kmsan_set_origin_inline+0x6b/0x120 [ 197.375340] ? __msan_poison_alloca+0x17a/0x210 [ 197.380054] ? vmx_vm_init+0x340/0x340 [ 197.383969] kvm_arch_vcpu_create+0x25d/0x2f0 [ 197.388499] kvm_vm_ioctl+0x13fd/0x33d0 [ 197.392543] ? __msan_poison_alloca+0x17a/0x210 [ 197.397255] ? do_vfs_ioctl+0x18a/0x2810 [ 197.401339] ? __se_sys_ioctl+0x1da/0x270 [ 197.405518] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 197.410402] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 197.415454] do_vfs_ioctl+0xcf3/0x2810 [ 197.419385] ? security_file_ioctl+0x92/0x200 [ 197.423917] __se_sys_ioctl+0x1da/0x270 [ 197.427930] __x64_sys_ioctl+0x4a/0x70 [ 197.431840] do_syscall_64+0xbe/0x100 [ 197.435672] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 197.440972] RIP: 0033:0x457579 [ 197.444190] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.463144] RSP: 002b:00007f65d3e2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.470885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 197.478199] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 197.485506] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.492886] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65d3e306d4 [ 197.500179] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 197.508902] Kernel Offset: disabled [ 197.512548] Rebooting in 86400 seconds..