[ 62.575902][ T30] audit: type=1800 audit(1559741176.613:28): pid=10663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 63.678374][T10731] sshd (10731) used greatest stack depth: 54296 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.963566][ T30] audit: type=1800 audit(1559741178.013:29): pid=10663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 63.987636][ T30] audit: type=1800 audit(1559741178.033:30): pid=10663 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.884018][T10813] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 71.905889][T10813] ================================================================== [ 71.913993][T10813] BUG: KMSAN: kernel-infoleak in __kvm_write_guest_page+0x2cb/0x420 [ 71.921956][T10813] CPU: 1 PID: 10813 Comm: syz-executor248 Not tainted 5.1.0+ #1 [ 71.929563][T10813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.939602][T10813] Call Trace: [ 71.942880][T10813] dump_stack+0x191/0x1f0 [ 71.947198][T10813] kmsan_report+0x130/0x2a0 [ 71.951882][T10813] kmsan_internal_check_memory+0x974/0xa80 [ 71.957682][T10813] ? do_vfs_ioctl+0xea8/0x2c50 [ 71.962509][T10813] ? __se_sys_ioctl+0x1da/0x270 [ 71.967338][T10813] ? __x64_sys_ioctl+0x4a/0x70 [ 71.972077][T10813] ? do_syscall_64+0xbc/0xf0 [ 71.976657][T10813] kmsan_copy_to_user+0xa9/0xb0 [ 71.981489][T10813] __kvm_write_guest_page+0x2cb/0x420 [ 71.986845][T10813] kvm_vcpu_write_guest_page+0x5f8/0x630 [ 71.992468][T10813] kvm_vcpu_write_guest+0x1e0/0x360 [ 71.997652][T10813] emulator_write_std+0x391/0x4d0 [ 72.002685][T10813] ? kvm_read_guest_phys_system+0x100/0x100 [ 72.008555][T10813] em_fxsave+0x7c8/0x850 [ 72.012830][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.018714][T10813] ? check_svme+0x220/0x220 [ 72.023221][T10813] x86_emulate_insn+0x1ffd/0xa800 [ 72.028262][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.034144][T10813] x86_emulate_instruction+0x101b/0x7180 [ 72.039757][T10813] ? tdp_page_fault+0xcfa/0x1740 [ 72.044695][T10813] kvm_mmu_page_fault+0xce4/0x2950 [ 72.050311][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.056194][T10813] ? vmx_vcpu_run+0x44d3/0x4b50 [ 72.061032][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.066909][T10813] handle_ept_violation+0x478/0x4e0 [ 72.072091][T10813] ? handle_desc+0x110/0x110 [ 72.076661][T10813] vmx_handle_exit+0x1280/0x20c0 [ 72.081611][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.087499][T10813] kvm_arch_vcpu_ioctl_run+0x9cbf/0x10920 [ 72.093249][T10813] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 72.099294][T10813] ? vmx_vcpu_put+0x507/0xb80 [ 72.103955][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.109830][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.115707][T10813] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 72.121857][T10813] ? preempt_notifier_unregister+0x108/0x1d0 [ 72.127823][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.133697][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.139596][T10813] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 72.145650][T10813] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 72.151711][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.157612][T10813] ? put_pid+0xc3/0x1c0 [ 72.161865][T10813] ? get_task_pid+0xdc/0x180 [ 72.166451][T10813] kvm_vcpu_ioctl+0x10ab/0x1d10 [ 72.171297][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.177192][T10813] ? kvm_vm_release+0x90/0x90 [ 72.181862][T10813] do_vfs_ioctl+0xea8/0x2c50 [ 72.186477][T10813] ? security_file_ioctl+0x1bd/0x200 [ 72.191763][T10813] __se_sys_ioctl+0x1da/0x270 [ 72.196456][T10813] __x64_sys_ioctl+0x4a/0x70 [ 72.201039][T10813] do_syscall_64+0xbc/0xf0 [ 72.205439][T10813] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 72.211317][T10813] RIP: 0033:0x4431f9 [ 72.215213][T10813] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.234801][T10813] RSP: 002b:00007fff5bae7b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.243196][T10813] RAX: ffffffffffffffda RBX: 00007fff5bae7b20 RCX: 00000000004431f9 [ 72.251146][T10813] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 72.259116][T10813] RBP: 0000000000000000 R08: 0000000000400f50 R09: 0000000000400f50 [ 72.267072][T10813] R10: fffffffffffffffe R11: 0000000000000246 R12: 00000000004042a0 [ 72.275025][T10813] R13: 0000000000404330 R14: 0000000000000000 R15: 0000000000000000 [ 72.282982][T10813] [ 72.285290][T10813] Local variable description: ----fx_state@em_fxsave [ 72.291937][T10813] Variable was created at: [ 72.296332][T10813] em_fxsave+0x5c/0x850 [ 72.300465][T10813] x86_emulate_insn+0x1ffd/0xa800 [ 72.305466][T10813] [ 72.307785][T10813] Bytes 8-159 of 160 are uninitialized [ 72.313216][T10813] Memory access of size 160 starts at ffff8880b1c4ee00 [ 72.320049][T10813] Data copied to user address 0000000020000000 [ 72.326173][T10813] ================================================================== [ 72.334208][T10813] Disabling lock debugging due to kernel taint [ 72.340358][T10813] Kernel panic - not syncing: panic_on_warn set ... [ 72.347210][T10813] CPU: 1 PID: 10813 Comm: syz-executor248 Tainted: G B 5.1.0+ #1 [ 72.356204][T10813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.366268][T10813] Call Trace: [ 72.369559][T10813] dump_stack+0x191/0x1f0 [ 72.373873][T10813] panic+0x3ca/0xafe [ 72.377763][T10813] kmsan_report+0x298/0x2a0 [ 72.382256][T10813] kmsan_internal_check_memory+0x974/0xa80 [ 72.388043][T10813] ? do_vfs_ioctl+0xea8/0x2c50 [ 72.392783][T10813] ? __se_sys_ioctl+0x1da/0x270 [ 72.397624][T10813] ? __x64_sys_ioctl+0x4a/0x70 [ 72.402373][T10813] ? do_syscall_64+0xbc/0xf0 [ 72.406963][T10813] kmsan_copy_to_user+0xa9/0xb0 [ 72.411797][T10813] __kvm_write_guest_page+0x2cb/0x420 [ 72.417155][T10813] kvm_vcpu_write_guest_page+0x5f8/0x630 [ 72.422777][T10813] kvm_vcpu_write_guest+0x1e0/0x360 [ 72.427969][T10813] emulator_write_std+0x391/0x4d0 [ 72.432985][T10813] ? kvm_read_guest_phys_system+0x100/0x100 [ 72.439070][T10813] em_fxsave+0x7c8/0x850 [ 72.443326][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.449198][T10813] ? check_svme+0x220/0x220 [ 72.453680][T10813] x86_emulate_insn+0x1ffd/0xa800 [ 72.458695][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.464572][T10813] x86_emulate_instruction+0x101b/0x7180 [ 72.470185][T10813] ? tdp_page_fault+0xcfa/0x1740 [ 72.475119][T10813] kvm_mmu_page_fault+0xce4/0x2950 [ 72.480216][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.486101][T10813] ? vmx_vcpu_run+0x44d3/0x4b50 [ 72.491046][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.496940][T10813] handle_ept_violation+0x478/0x4e0 [ 72.502123][T10813] ? handle_desc+0x110/0x110 [ 72.506691][T10813] vmx_handle_exit+0x1280/0x20c0 [ 72.511726][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.517619][T10813] kvm_arch_vcpu_ioctl_run+0x9cbf/0x10920 [ 72.523372][T10813] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 72.529429][T10813] ? vmx_vcpu_put+0x507/0xb80 [ 72.534089][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.539965][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.545843][T10813] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 72.551993][T10813] ? preempt_notifier_unregister+0x108/0x1d0 [ 72.557958][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.563839][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.569716][T10813] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 72.575764][T10813] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 72.581829][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.587713][T10813] ? put_pid+0xc3/0x1c0 [ 72.591846][T10813] ? get_task_pid+0xdc/0x180 [ 72.596420][T10813] kvm_vcpu_ioctl+0x10ab/0x1d10 [ 72.601262][T10813] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 72.607138][T10813] ? kvm_vm_release+0x90/0x90 [ 72.611796][T10813] do_vfs_ioctl+0xea8/0x2c50 [ 72.616373][T10813] ? security_file_ioctl+0x1bd/0x200 [ 72.621640][T10813] __se_sys_ioctl+0x1da/0x270 [ 72.626302][T10813] __x64_sys_ioctl+0x4a/0x70 [ 72.630874][T10813] do_syscall_64+0xbc/0xf0 [ 72.635270][T10813] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 72.641139][T10813] RIP: 0033:0x4431f9 [ 72.645015][T10813] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.664602][T10813] RSP: 002b:00007fff5bae7b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.672993][T10813] RAX: ffffffffffffffda RBX: 00007fff5bae7b20 RCX: 00000000004431f9 [ 72.680942][T10813] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 72.688902][T10813] RBP: 0000000000000000 R08: 0000000000400f50 R09: 0000000000400f50 [ 72.696869][T10813] R10: fffffffffffffffe R11: 0000000000000246 R12: 00000000004042a0 [ 72.704821][T10813] R13: 0000000000404330 R14: 0000000000000000 R15: 0000000000000000 [ 72.713557][T10813] Kernel Offset: disabled [ 72.717884][T10813] Rebooting in 86400 seconds..