[ 56.744603] audit: type=1800 audit(1540403046.799:25): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.763727] audit: type=1800 audit(1540403046.799:26): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.783440] audit: type=1800 audit(1540403046.819:27): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.616872] sshd (6190) used greatest stack depth: 53280 bytes left Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. 2018/10/24 17:44:19 parsed 1 programs 2018/10/24 17:44:25 executed programs: 0 syzkaller login: [ 75.729574] IPVS: ftp: loaded support on port[0] = 21 [ 76.301968] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.308403] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.316648] device bridge_slave_0 entered promiscuous mode [ 76.354403] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.360835] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.368945] device bridge_slave_1 entered promiscuous mode [ 76.406142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 76.444072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 76.558178] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 76.599094] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 76.780780] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 76.788635] team0: Port device team_slave_0 added [ 76.825895] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 76.833639] team0: Port device team_slave_1 added [ 76.870866] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.909833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.948550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.990372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.365458] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.371945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.378678] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.385262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.393073] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 78.141263] ip (6361) used greatest stack depth: 53152 bytes left [ 78.172079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.760478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.886510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.012106] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.018369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.026486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.181600] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.989788] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 80.092626] ================================================================== [ 80.100166] BUG: KMSAN: kernel-infoleak in kvm_write_guest_page+0x366/0x4c0 [ 80.107268] CPU: 1 PID: 6477 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #70 [ 80.114442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.123818] Call Trace: [ 80.126481] dump_stack+0x306/0x460 [ 80.130119] ? kvm_write_guest_page+0x366/0x4c0 [ 80.134801] kmsan_report+0x1a2/0x2e0 [ 80.138608] kmsan_internal_check_memory+0x374/0x460 [ 80.143714] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 80.149199] kmsan_copy_to_user+0x89/0xe0 [ 80.153365] kvm_write_guest_page+0x366/0x4c0 [ 80.157890] kvm_write_guest+0x1d6/0x350 [ 80.161993] kvm_emulate_hypercall+0x1cb9/0x20d0 [ 80.166790] handle_vmcall+0x41/0x50 [ 80.170500] ? handle_rdpmc+0x80/0x80 [ 80.174305] vmx_handle_exit+0x20f5/0xb900 [ 80.178570] ? vmx_flush_tlb_gva+0x450/0x450 [ 80.182978] kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0 [ 80.188020] ? kmsan_set_origin_inline+0x6b/0x120 [ 80.192873] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 80.198358] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 80.203742] ? __list_del_entry_valid+0x123/0x440 [ 80.208601] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 80.214072] ? wait_for_common+0x791/0x960 [ 80.218341] ? kmsan_set_origin+0x83/0x140 [ 80.222595] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 80.227960] ? __msan_get_context_state+0x9/0x30 [ 80.232714] ? INIT_BOOL+0x17/0x30 [ 80.236251] ? put_pid+0x3de/0x410 [ 80.239791] ? cachefiles_walk_to_object+0x36a5/0x4210 [ 80.245089] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 80.249265] ? do_vfs_ioctl+0x187/0x2ca0 [ 80.253325] ? __se_sys_ioctl+0x1da/0x270 [ 80.257472] ? kvm_vm_release+0x90/0x90 [ 80.261445] do_vfs_ioctl+0xf28/0x2ca0 [ 80.265346] ? security_file_ioctl+0x92/0x200 [ 80.269847] __se_sys_ioctl+0x1da/0x270 [ 80.273886] __x64_sys_ioctl+0x4a/0x70 [ 80.277811] do_syscall_64+0xbe/0x100 [ 80.281632] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 80.286817] RIP: 0033:0x457569 [ 80.290002] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.308910] RSP: 002b:00007f934e6b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.316628] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 80.323891] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 80.331155] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 80.338419] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f934e6b16d4 [ 80.345688] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff [ 80.352977] [ 80.354615] Local variable description: ----clock_pairing.i@kvm_emulate_hypercall [ 80.362222] Variable was created at: [ 80.365966] kvm_emulate_hypercall+0x60/0x20d0 [ 80.370578] handle_vmcall+0x41/0x50 [ 80.374296] [ 80.375929] Bytes 28-63 of 64 are uninitialized [ 80.380591] Memory access of size 64 starts at ffff88019e8af440 [ 80.386635] ================================================================== [ 80.394001] Disabling lock debugging due to kernel taint [ 80.399439] Kernel panic - not syncing: panic_on_warn set ... [ 80.399439] [ 80.406828] CPU: 1 PID: 6477 Comm: syz-executor0 Tainted: G B 4.19.0-rc8+ #70 [ 80.415436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.424788] Call Trace: [ 80.427397] dump_stack+0x306/0x460 [ 80.431041] panic+0x54c/0xafa [ 80.434298] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 80.439782] kmsan_report+0x2d3/0x2e0 [ 80.443590] kmsan_internal_check_memory+0x374/0x460 [ 80.448722] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 80.454197] kmsan_copy_to_user+0x89/0xe0 [ 80.458364] kvm_write_guest_page+0x366/0x4c0 [ 80.462888] kvm_write_guest+0x1d6/0x350 [ 80.466962] kvm_emulate_hypercall+0x1cb9/0x20d0 [ 80.471782] handle_vmcall+0x41/0x50 [ 80.475510] ? handle_rdpmc+0x80/0x80 [ 80.479308] vmx_handle_exit+0x20f5/0xb900 [ 80.483587] ? vmx_flush_tlb_gva+0x450/0x450 [ 80.488030] kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0 [ 80.493042] ? kmsan_set_origin_inline+0x6b/0x120 [ 80.497924] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 80.503375] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 80.508756] ? __list_del_entry_valid+0x123/0x440 [ 80.513644] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 80.519106] ? wait_for_common+0x791/0x960 [ 80.523359] ? kmsan_set_origin+0x83/0x140 [ 80.527594] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 80.532981] ? __msan_get_context_state+0x9/0x30 [ 80.537756] ? INIT_BOOL+0x17/0x30 [ 80.541305] ? put_pid+0x3de/0x410 [ 80.544868] ? cachefiles_walk_to_object+0x36a5/0x4210 [ 80.550183] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 80.554365] ? do_vfs_ioctl+0x187/0x2ca0 [ 80.558450] ? __se_sys_ioctl+0x1da/0x270 [ 80.562597] ? kvm_vm_release+0x90/0x90 [ 80.566569] do_vfs_ioctl+0xf28/0x2ca0 [ 80.570487] ? security_file_ioctl+0x92/0x200 [ 80.574992] __se_sys_ioctl+0x1da/0x270 [ 80.578976] __x64_sys_ioctl+0x4a/0x70 [ 80.582864] do_syscall_64+0xbe/0x100 [ 80.586669] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 80.591900] RIP: 0033:0x457569 [ 80.595114] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.614021] RSP: 002b:00007f934e6b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.621749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 80.629042] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 80.636310] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 80.643579] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f934e6b16d4 [ 80.650892] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff [ 80.659153] Kernel Offset: disabled [ 80.662794] Rebooting in 86400 seconds..