[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.365269] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.976554] random: sshd: uninitialized urandom read (32 bytes read) [ 28.217958] random: sshd: uninitialized urandom read (32 bytes read) [ 28.733893] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. [ 34.529969] urandom_read: 1 callbacks suppressed [ 34.529978] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/04 02:36:50 parsed 1 programs [ 35.634882] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/04 02:36:51 executed programs: 0 [ 36.605700] IPVS: ftp: loaded support on port[0] = 21 [ 36.824618] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.831061] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.838576] device bridge_slave_0 entered promiscuous mode [ 36.855619] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.862015] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.869308] device bridge_slave_1 entered promiscuous mode [ 36.886219] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.903740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.948621] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.967791] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.036549] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.044678] team0: Port device team_slave_0 added [ 37.060094] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.067484] team0: Port device team_slave_1 added [ 37.083363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.102687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.122196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.141149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.272446] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.278963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.285955] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.292330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.758163] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 37.764299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.800556] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 37.820379] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 37.868002] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 37.874238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 37.881553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.925343] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.221038] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 38.255831] WARNING: CPU: 1 PID: 4980 at arch/x86/kvm/vmx.c:4754 free_loaded_vmcs+0x160/0x1b0 [ 38.264532] Kernel panic - not syncing: panic_on_warn set ... [ 38.264532] [ 38.271891] CPU: 1 PID: 4980 Comm: syz-executor0 Not tainted 4.19.0-rc2+ #220 [ 38.279170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.288514] Call Trace: [ 38.291098] dump_stack+0x1c9/0x2b4 [ 38.294717] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.299913] panic+0x238/0x4e7 [ 38.303110] ? add_taint.cold.5+0x16/0x16 [ 38.307259] ? __warn.cold.8+0x148/0x1ba [ 38.311307] ? __warn.cold.8+0x117/0x1ba [ 38.315367] ? free_loaded_vmcs+0x160/0x1b0 [ 38.319696] __warn.cold.8+0x163/0x1ba [ 38.323582] ? free_loaded_vmcs+0x160/0x1b0 [ 38.327907] report_bug+0x252/0x2d0 [ 38.331539] do_error_trap+0x1fc/0x4d0 [ 38.335434] ? math_error+0x3e0/0x3e0 [ 38.339227] ? find_held_lock+0x36/0x1c0 [ 38.343277] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.348111] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 38.353117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.358647] ? smp_call_function_single+0x2d6/0x5c0 [ 38.363659] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.368505] do_invalid_op+0x1b/0x20 [ 38.372213] invalid_op+0x14/0x20 [ 38.375672] RIP: 0010:free_loaded_vmcs+0x160/0x1b0 [ 38.380637] Code: 81 e8 44 be 53 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 49 4c 8b 23 e9 22 ff ff ff e8 80 fc 5f 00 <0f> 0b eb b0 e8 b7 f9 9e 00 e9 f4 fe ff ff 48 89 df e8 ca f9 9e 00 [ 38.399535] RSP: 0018:ffff8801d06af748 EFLAGS: 00010293 [ 38.404912] RAX: ffff8801d068a500 RBX: ffff8801d0ab57a8 RCX: 0000000000000000 [ 38.412191] RDX: 0000000000000000 RSI: ffffffff811cd2a0 RDI: ffff8801d0ab57b0 [ 38.419453] RBP: ffff8801d06af760 R08: ffff8801d068a500 R09: 0000000000000000 [ 38.426725] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c7166000 [ 38.433991] R13: 0000000000000001 R14: dffffc0000000000 R15: 0000000000000001 [ 38.441268] ? free_loaded_vmcs+0x160/0x1b0 [ 38.445581] ? free_loaded_vmcs+0x160/0x1b0 [ 38.449901] vmx_free_vcpu+0x204/0x300 [ 38.453794] kvm_arch_destroy_vm+0x365/0x7c0 [ 38.458194] ? kvm_arch_sync_events+0x30/0x30 [ 38.462681] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.468207] ? mmu_notifier_unregister+0x474/0x600 [ 38.473130] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.477540] ? __mmu_notifier_register+0x30/0x30 [ 38.482301] ? __free_pages+0x10a/0x190 [ 38.486266] ? free_unref_page+0x930/0x930 [ 38.490497] kvm_put_kvm+0x73f/0x1060 [ 38.494293] ? kvm_write_guest_cached+0x40/0x40 [ 38.498964] ? up_write+0x7b/0x220 [ 38.502496] ? up_read+0x110/0x110 [ 38.506025] ? mntput+0x74/0xa0 [ 38.509300] ? debugfs_remove_recursive+0x420/0x560 [ 38.514309] ? debugfs_remove+0x130/0x130 [ 38.518450] ? kvm_vm_release+0x50/0x50 [ 38.522413] kvm_vcpu_release+0x7b/0xa0 [ 38.526397] __fput+0x38a/0xa40 [ 38.529737] ? __alloc_file+0x400/0x400 [ 38.533716] ? trace_hardirqs_on+0xbd/0x2c0 [ 38.538029] ? kasan_check_read+0x11/0x20 [ 38.542167] ? task_work_run+0x1af/0x2a0 [ 38.546218] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 38.551310] ? kasan_check_write+0x14/0x20 [ 38.555541] ? do_raw_spin_lock+0xc1/0x200 [ 38.559768] ____fput+0x15/0x20 [ 38.563037] task_work_run+0x1e8/0x2a0 [ 38.566923] ? task_work_cancel+0x240/0x240 [ 38.571265] ? copy_fd_bitmaps+0x210/0x210 [ 38.575500] ? do_syscall_64+0x9a/0x820 [ 38.579466] exit_to_usermode_loop+0x318/0x380 [ 38.584040] ? syscall_slow_exit_work+0x490/0x490 [ 38.588928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.594478] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.600009] do_syscall_64+0x6be/0x820 [ 38.603900] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.609285] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.614216] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.619048] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 38.624056] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.629063] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.634073] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.638923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.644111] RIP: 0033:0x410c30 [ 38.647296] Code: 01 f0 ff ff 0f 83 60 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 5d 53 63 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff [ 38.666198] RSP: 002b:00007ffeb3e8ae98 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 38.673912] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000410c30 [ 38.681186] RDX: 0000001b32e20000 RSI: 00000000007334f0 RDI: 0000000000000005 [ 38.688443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 38.695721] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004129f0 [ 38.702987] R13: 0000000000412a80 R14: 0000000000000000 R15: badc0ffeebadface [ 38.710663] Dumping ftrace buffer: [ 38.714327] (ftrace buffer empty) [ 38.718026] Kernel Offset: disabled [ 38.721657] Rebooting in 86400 seconds..