L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready ================================================================== BUG: KMSAN: uninit-value in vmcs_clear arch/x86/kvm/vmx.c:2119 [inline] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 arch/x86/kvm/vmx.c:2126 CPU: 1 PID: 7183 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x306/0x460 lib/dump_stack.c:113 kmsan_report+0x1a3/0x2d0 mm/kmsan/kmsan.c:917 __msan_warning+0x7c/0xe0 mm/kmsan/kmsan_instr.c:500 vmcs_clear arch/x86/kvm/vmx.c:2119 [inline] loaded_vmcs_init+0x343/0x590 arch/x86/kvm/vmx.c:2126 __loaded_vmcs_clear+0x2fb/0x3c0 arch/x86/kvm/vmx.c:2209 flush_smp_call_function_queue+0x404/0x770 kernel/smp.c:243 generic_smp_call_function_single_interrupt+0x1f/0x30 kernel/smp.c:192 smp_call_function_single_interrupt+0x2f7/0x530 arch/x86/kernel/smp.c:296 call_function_single_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:891 RIP: 0010:msan_get_shadow_origin_ptr+0x282/0x300 mm/kmsan/kmsan_instr.c:175 Code: b0 9d 65 48 8b 04 25 28 00 00 00 48 3b 45 d0 0f 85 8d 00 00 00 4c 89 f0 48 89 da 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <48> b9 ff ff ff 7f ff ff ff ff 49 39 cf 76 0a 48 8b 0c 25 10 40 83 RSP: 0018:ffff8801483ff708 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff04 RAX: 000000000b91e898 RBX: ffffffff8c2d8000 RCX: ffff88021fff1020 RDX: 0000000000000020 RSI: 0000000000000000 RDI: ffffffff8b91e898 RBP: ffff8801483ff760 R08: 0000000000480001 R09: 0000000000000002 R10: 0000000000000000 R11: ffffffff810cc0d0 R12: 0000000000000001 R13: ffff8801483d0000 R14: ffffffff8c2d7000 R15: ffffffff8b91e898 __msan_metadata_ptr_for_load_1+0x10/0x20 mm/kmsan/kmsan_instr.c:202 __should_failslab+0xf7/0x2a0 mm/failslab.c:26 should_failslab+0x29/0x70 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slub.c:2653 [inline] __kmalloc_node+0x25a/0x1430 mm/slub.c:3830 kmalloc_node include/linux/slab.h:555 [inline] kvmalloc_node+0x19d/0x3e0 mm/util.c:423 kvmalloc include/linux/mm.h:577 [inline] kvmalloc_array include/linux/mm.h:595 [inline] kvcalloc include/linux/mm.h:600 [inline] kvm_arch_create_memslot+0x239/0xa40 arch/x86/kvm/x86.c:9037 __kvm_set_memory_region+0x11d9/0x2c80 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1011 kvm_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1083 [inline] kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1095 [inline] kvm_vm_ioctl+0x17ea/0x33d0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2987 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0xcf3/0x2810 fs/ioctl.c:687 ksys_ioctl fs/ioctl.c:702 [inline] __do_sys_ioctl fs/ioctl.c:709 [inline] __se_sys_ioctl+0x1da/0x270 fs/ioctl.c:707 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:707 do_syscall_64+0xbe/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x4573e7 Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5746021098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 00000000004573e7 RDX: 00007f5746021510 RSI: 000000004020ae46 RDI: 0000000000000004 RBP: 0000000020013000 R08: 0000000000000ac2 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000246 R12: 00000000fec00000 R13: 0000000000000004 R14: 00000000004d7cf8 R15: 00000000ffffffff Local variable description: ----error.i@loaded_vmcs_init Variable was created at: loaded_vmcs_init+0x8a/0x590 arch/x86/kvm/vmx.c:2125 __loaded_vmcs_clear+0x2fb/0x3c0 arch/x86/kvm/vmx.c:2209 ==================================================================