[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 58.387441] audit: type=1800 audit(1540759637.431:25): pid=6144 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 58.406807] audit: type=1800 audit(1540759637.441:26): pid=6144 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 58.426496] audit: type=1800 audit(1540759637.461:27): pid=6144 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. 2018/10/28 20:47:31 parsed 1 programs 2018/10/28 20:47:37 executed programs: 0 syzkaller login: [ 79.111136] IPVS: ftp: loaded support on port[0] = 21 [ 79.691361] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.697921] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.706005] device bridge_slave_0 entered promiscuous mode [ 79.743862] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.750299] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.758398] device bridge_slave_1 entered promiscuous mode [ 79.795629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 79.831768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 79.942752] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 79.981561] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.157953] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 80.165556] team0: Port device team_slave_0 added [ 80.203646] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 80.211115] team0: Port device team_slave_1 added [ 80.248805] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.290289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.329081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 80.372038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.753400] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.759836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.766787] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.773228] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.780857] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 81.542052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.178231] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.305360] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 82.469606] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 82.475944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.484033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.612777] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.429888] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 83.523043] ================================================================== [ 83.530549] BUG: KMSAN: kernel-infoleak in kvm_write_guest_page+0x366/0x4c0 [ 83.537664] CPU: 0 PID: 6566 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #70 [ 83.544842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.554220] Call Trace: [ 83.556833] dump_stack+0x306/0x460 [ 83.560458] ? kvm_write_guest_page+0x366/0x4c0 [ 83.565137] kmsan_report+0x1a2/0x2e0 [ 83.568940] kmsan_internal_check_memory+0x374/0x460 [ 83.574039] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 83.579497] kmsan_copy_to_user+0x89/0xe0 [ 83.583644] kvm_write_guest_page+0x366/0x4c0 [ 83.588147] kvm_write_guest+0x1d6/0x350 [ 83.592275] kvm_emulate_hypercall+0x1cb9/0x20d0 [ 83.597104] handle_vmcall+0x41/0x50 [ 83.600835] ? handle_rdpmc+0x80/0x80 [ 83.604633] vmx_handle_exit+0x20f5/0xb900 [ 83.608886] ? vmx_flush_tlb_gva+0x450/0x450 [ 83.613295] kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0 [ 83.618324] ? kmsan_set_origin_inline+0x6b/0x120 [ 83.623218] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.628681] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.634091] ? __list_del_entry_valid+0x123/0x440 [ 83.638941] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 83.644407] ? wait_for_common+0x791/0x960 [ 83.648680] ? kmsan_set_origin+0x83/0x140 [ 83.652944] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 83.658311] ? __msan_get_context_state+0x9/0x30 [ 83.663175] ? INIT_BOOL+0x17/0x30 [ 83.666733] ? put_pid+0x3de/0x410 [ 83.670323] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.674504] ? do_vfs_ioctl+0x187/0x2ca0 [ 83.678559] ? __se_sys_ioctl+0x1da/0x270 [ 83.683293] ? kvm_vm_release+0x90/0x90 [ 83.687268] do_vfs_ioctl+0xf28/0x2ca0 [ 83.691168] ? security_file_ioctl+0x92/0x200 [ 83.695669] __se_sys_ioctl+0x1da/0x270 [ 83.699651] __x64_sys_ioctl+0x4a/0x70 [ 83.703554] do_syscall_64+0xbe/0x100 [ 83.707365] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.712552] RIP: 0033:0x457569 [ 83.715743] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.734671] RSP: 002b:00007f57ed646c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.742384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 83.749646] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 83.756906] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 83.764167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57ed6476d4 [ 83.771431] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff [ 83.778719] [ 83.780354] Local variable description: ----clock_pairing.i@kvm_emulate_hypercall [ 83.787986] Variable was created at: [ 83.791714] kvm_emulate_hypercall+0x60/0x20d0 [ 83.796306] handle_vmcall+0x41/0x50 [ 83.800018] [ 83.801637] Bytes 28-63 of 64 are uninitialized [ 83.806292] Memory access of size 64 starts at ffff88019f28f440 [ 83.812341] ================================================================== [ 83.819689] Disabling lock debugging due to kernel taint [ 83.825130] Kernel panic - not syncing: panic_on_warn set ... [ 83.825130] [ 83.832495] CPU: 0 PID: 6566 Comm: syz-executor0 Tainted: G B 4.19.0-rc8+ #70 [ 83.841059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.850401] Call Trace: [ 83.853010] dump_stack+0x306/0x460 [ 83.856665] panic+0x54c/0xafa [ 83.859896] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 83.865359] kmsan_report+0x2d3/0x2e0 [ 83.869169] kmsan_internal_check_memory+0x374/0x460 [ 83.874270] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 83.879728] kmsan_copy_to_user+0x89/0xe0 [ 83.883876] kvm_write_guest_page+0x366/0x4c0 [ 83.888384] kvm_write_guest+0x1d6/0x350 [ 83.892465] kvm_emulate_hypercall+0x1cb9/0x20d0 [ 83.897259] handle_vmcall+0x41/0x50 [ 83.900997] ? handle_rdpmc+0x80/0x80 [ 83.904815] vmx_handle_exit+0x20f5/0xb900 [ 83.909066] ? vmx_flush_tlb_gva+0x450/0x450 [ 83.913476] kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0 [ 83.918492] ? kmsan_set_origin_inline+0x6b/0x120 [ 83.923353] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.928787] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.934147] ? __list_del_entry_valid+0x123/0x440 [ 83.939015] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 83.944517] ? wait_for_common+0x791/0x960 [ 83.948782] ? kmsan_set_origin+0x83/0x140 [ 83.953019] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 83.958382] ? __msan_get_context_state+0x9/0x30 [ 83.963173] ? INIT_BOOL+0x17/0x30 [ 83.966735] ? put_pid+0x3de/0x410 [ 83.970302] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.974471] ? do_vfs_ioctl+0x187/0x2ca0 [ 83.978568] ? __se_sys_ioctl+0x1da/0x270 [ 83.982759] ? kvm_vm_release+0x90/0x90 [ 83.986729] do_vfs_ioctl+0xf28/0x2ca0 [ 83.990656] ? security_file_ioctl+0x92/0x200 [ 83.995168] __se_sys_ioctl+0x1da/0x270 [ 83.999256] __x64_sys_ioctl+0x4a/0x70 [ 84.003163] do_syscall_64+0xbe/0x100 [ 84.006965] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 84.012162] RIP: 0033:0x457569 [ 84.015370] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.034274] RSP: 002b:00007f57ed646c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.041993] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 84.049271] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 84.056534] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 84.063815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57ed6476d4 [ 84.071077] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff [ 84.079319] Kernel Offset: disabled [ 84.082994] Rebooting in 86400 seconds..