[ 57.222331] audit: type=1800 audit(1539137506.251:27): pid=6141 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.622914] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.199896] random: sshd: uninitialized urandom read (32 bytes read) [ 61.581217] random: sshd: uninitialized urandom read (32 bytes read) [ 63.797500] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts. [ 69.625362] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 02:12:00 fuzzer started [ 74.000680] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 02:12:05 dialing manager at 10.128.0.26:44001 2018/10/10 02:12:05 syscalls: 1 2018/10/10 02:12:05 code coverage: enabled 2018/10/10 02:12:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 02:12:05 setuid sandbox: enabled 2018/10/10 02:12:05 namespace sandbox: enabled 2018/10/10 02:12:05 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 02:12:05 fault injection: enabled 2018/10/10 02:12:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 02:12:05 net packed injection: enabled 2018/10/10 02:12:05 net device setup: enabled [ 78.883260] random: crng init done 02:14:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r2, 0x5386, &(0x7f0000000080)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, &(0x7f0000000400), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000180)={[], 0x0, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, &(0x7f00000000c0)) [ 194.561735] IPVS: ftp: loaded support on port[0] = 21 [ 196.939930] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.946513] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.955215] device bridge_slave_0 entered promiscuous mode [ 197.100846] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.107510] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.116024] device bridge_slave_1 entered promiscuous mode [ 197.256559] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 197.396812] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 02:14:06 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000080)) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b0000f4afd7030a7c", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000020c0), 0x320, 0x0, &(0x7f0000003700)={0x77359400}) [ 197.887688] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.129105] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.503490] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 198.510592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.562808] IPVS: ftp: loaded support on port[0] = 21 [ 199.276422] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.284767] team0: Port device team_slave_0 added [ 199.509415] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 199.517556] team0: Port device team_slave_1 added [ 199.707564] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.714727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.723800] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.937578] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 199.944855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.953988] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.198022] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.205814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.215058] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.443071] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 200.451111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.460214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.646439] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.653081] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.661574] device bridge_slave_0 entered promiscuous mode [ 202.845826] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.852437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.859400] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.866041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.875038] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 02:14:12 executing program 2: seccomp(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0x31}]}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x4000, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000002c0)=[{0x3, 0x6}, {0x8, 0x8}, {0x0, 0x6}], 0x3) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000), 0x4) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x5, {0x2, 0x4e21, @multicast1}, {0x2, 0x4e20, @loopback}, {0x2, 0x4e20, @broadcast}, 0x0, 0x1, 0x7f, 0x4, 0x1f, 0x0, 0x0, 0x1000, 0x80000001}) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000140)={0x0, 'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000100)=""/40, 0x28, 0x7, 0x7fffffff, 0x100000001, 0x58, 0xffffffff}, 0x120) [ 202.942446] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.948934] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.957655] device bridge_slave_1 entered promiscuous mode [ 203.285433] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.382456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.487803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.838367] IPVS: ftp: loaded support on port[0] = 21 [ 204.120212] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 204.367037] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.648702] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.656028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.010061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.017304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.967898] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 205.976131] team0: Port device team_slave_0 added [ 206.281764] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.289882] team0: Port device team_slave_1 added [ 206.513091] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 206.520201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.529221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.843446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 206.850496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.859609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.163628] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.171233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.180521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.453617] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 207.461238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.470469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.393396] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.399880] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.408681] device bridge_slave_0 entered promiscuous mode [ 208.809207] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.815887] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.824492] device bridge_slave_1 entered promiscuous mode [ 209.135140] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.367275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.020489] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.355669] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.530573] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.537130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.544184] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.550635] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.559392] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.610435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.622704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.651910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.883704] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.890832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:14:20 executing program 3: seccomp(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000580)=[{0x6, 0x0, 0x0, 0xfffffffffffffffc}]}) getitimer(0x0, &(0x7f0000000000)) [ 211.916167] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.924344] team0: Port device team_slave_0 added [ 212.359078] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.367142] team0: Port device team_slave_1 added [ 212.479047] IPVS: ftp: loaded support on port[0] = 21 [ 212.773548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.780659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.789709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.072961] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.080133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.089096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.418325] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.426139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.435414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.793472] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.801095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.810294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.612007] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.830995] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 217.948034] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.954789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.961865] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.968360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.977481] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 218.197003] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 218.203594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.211757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.327834] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.334451] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.343057] device bridge_slave_0 entered promiscuous mode [ 218.531917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.689037] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.695794] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.704454] device bridge_slave_1 entered promiscuous mode [ 219.047075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 219.446759] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 219.617491] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.493500] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 220.796948] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 221.174029] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 221.181214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 02:14:30 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6gre0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = gettid() sendmsg$nl_route(r2, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_NET_NS_PID={0x8, 0x13, r3}]}, 0x28}}, 0x0) [ 221.580765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 221.587951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.797179] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 222.799470] IPVS: ftp: loaded support on port[0] = 21 [ 222.805365] team0: Port device team_slave_0 added [ 223.333286] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.341345] team0: Port device team_slave_1 added [ 223.731847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 223.738931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.748096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.134879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.142851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.151803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.568518] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.576474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.586232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.047221] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.055101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.064427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.076671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.626928] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 229.327639] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 229.378118] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 229.384713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.392639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.483364] ================================================================== [ 229.490824] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 229.498489] CPU: 0 PID: 7044 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #65 [ 229.505709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.515096] Call Trace: [ 229.517762] dump_stack+0x306/0x460 [ 229.521446] ? vmx_set_constant_host_state+0x1778/0x1830 [ 229.526966] kmsan_report+0x1a2/0x2e0 [ 229.530954] __msan_warning+0x7c/0xe0 [ 229.534914] vmx_set_constant_host_state+0x1778/0x1830 [ 229.540249] vmx_create_vcpu+0x3e6f/0x7870 [ 229.544534] ? kmsan_set_origin_inline+0x6b/0x120 [ 229.549423] ? __msan_poison_alloca+0x17a/0x210 [ 229.554184] ? vmx_vm_init+0x340/0x340 [ 229.558125] kvm_arch_vcpu_create+0x25d/0x2f0 [ 229.562703] kvm_vm_ioctl+0x13fd/0x33d0 [ 229.566730] ? __msan_poison_alloca+0x17a/0x210 [ 229.571456] ? do_vfs_ioctl+0x18a/0x2810 [ 229.575563] ? __se_sys_ioctl+0x1da/0x270 [ 229.579758] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 229.584650] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 229.589541] do_vfs_ioctl+0xcf3/0x2810 [ 229.593498] ? security_file_ioctl+0x92/0x200 [ 229.598060] __se_sys_ioctl+0x1da/0x270 [ 229.602094] __x64_sys_ioctl+0x4a/0x70 [ 229.606175] do_syscall_64+0xbe/0x100 [ 229.610029] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 229.615255] RIP: 0033:0x457579 [ 229.618492] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.637524] RSP: 002b:00007f904c14bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.645283] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 229.652593] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 229.659901] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 229.667214] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f904c14c6d4 [ 229.674523] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 229.681848] [ 229.683506] Local variable description: ----dt@vmx_set_constant_host_state [ 229.690545] Variable was created at: [ 229.694309] vmx_set_constant_host_state+0x2b0/0x1830 [ 229.699537] vmx_create_vcpu+0x3e6f/0x7870 [ 229.703799] ================================================================== [ 229.711199] Disabling lock debugging due to kernel taint [ 229.716688] Kernel panic - not syncing: panic_on_warn set ... [ 229.716688] [ 229.724111] CPU: 0 PID: 7044 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #65 [ 229.732855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.742400] Call Trace: [ 229.745043] dump_stack+0x306/0x460 [ 229.748732] panic+0x54c/0xafa [ 229.752015] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 229.757516] kmsan_report+0x2d3/0x2e0 [ 229.761379] __msan_warning+0x7c/0xe0 [ 229.765234] vmx_set_constant_host_state+0x1778/0x1830 [ 229.770571] vmx_create_vcpu+0x3e6f/0x7870 [ 229.774856] ? kmsan_set_origin_inline+0x6b/0x120 [ 229.779754] ? __msan_poison_alloca+0x17a/0x210 [ 229.784493] ? vmx_vm_init+0x340/0x340 [ 229.788446] kvm_arch_vcpu_create+0x25d/0x2f0 [ 229.793002] kvm_vm_ioctl+0x13fd/0x33d0 [ 229.797036] ? __msan_poison_alloca+0x17a/0x210 [ 229.801765] ? do_vfs_ioctl+0x18a/0x2810 [ 229.805872] ? __se_sys_ioctl+0x1da/0x270 [ 229.810067] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 229.814955] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 229.819849] do_vfs_ioctl+0xcf3/0x2810 [ 229.823802] ? security_file_ioctl+0x92/0x200 [ 229.828356] __se_sys_ioctl+0x1da/0x270 [ 229.832387] __x64_sys_ioctl+0x4a/0x70 [ 229.836327] do_syscall_64+0xbe/0x100 [ 229.840195] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 229.845421] RIP: 0033:0x457579 [ 229.848661] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.867600] RSP: 002b:00007f904c14bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.875439] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 229.882741] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 229.890045] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 229.897352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f904c14c6d4 [ 229.904661] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 229.913350] Kernel Offset: disabled [ 229.917120] Rebooting in 86400 seconds..