[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.199157] audit: type=1800 audit(1540534968.245:25): pid=6073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.218352] audit: type=1800 audit(1540534968.265:26): pid=6073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.237768] audit: type=1800 audit(1540534968.275:27): pid=6073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. 2018/10/26 06:23:04 parsed 1 programs 2018/10/26 06:23:10 executed programs: 0 syzkaller login: [ 78.632554] IPVS: ftp: loaded support on port[0] = 21 [ 79.196330] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.202903] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.210412] device bridge_slave_0 entered promiscuous mode [ 79.247520] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.254085] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.261545] device bridge_slave_1 entered promiscuous mode [ 79.297717] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 79.334532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 79.444851] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 79.484823] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 79.655943] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 79.663527] team0: Port device team_slave_0 added [ 79.698886] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 79.706467] team0: Port device team_slave_1 added [ 79.742749] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.784109] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.824530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.864353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.996679] ip (6313) used greatest stack depth: 53264 bytes left [ 80.236887] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.243358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.250091] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.256665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.265353] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 81.062072] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.613481] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.742070] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 81.873566] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 81.879861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.888019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.018516] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.845052] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 82.924476] ================================================================== [ 82.931902] BUG: KMSAN: uninit-value in x86_emulate_insn+0x2e03/0xa5b0 [ 82.938582] CPU: 1 PID: 6493 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #70 [ 82.945758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.955098] Call Trace: [ 82.957685] dump_stack+0x306/0x460 [ 82.961305] ? x86_emulate_insn+0x2e03/0xa5b0 [ 82.965807] kmsan_report+0x1a2/0x2e0 [ 82.969624] __msan_warning+0x7c/0xe0 [ 82.973425] ? em_xor+0x8/0x8 [ 82.976526] x86_emulate_insn+0x2e03/0xa5b0 [ 82.980878] x86_emulate_instruction+0x14e6/0x6360 [ 82.985810] ? vmalloc_to_page_or_null+0x3b/0xa0 [ 82.990577] complete_emulated_mmio+0xa1d/0xb70 [ 82.995258] ? complete_emulated_pio+0x270/0x270 [ 83.000006] kvm_arch_vcpu_ioctl_run+0x1521/0x10ab0 [ 83.005033] ? __msan_poison_alloca+0x17a/0x210 [ 83.009732] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.015089] ? balance_callback+0x48/0x260 [ 83.019323] ? finish_task_switch+0x182/0x340 [ 83.023848] ? kmsan_set_origin_inline+0x6b/0x120 [ 83.028697] ? __msan_poison_alloca+0x17a/0x210 [ 83.033374] ? drop_futex_key_refs+0x5d/0x310 [ 83.037889] ? futex_wait+0x733/0xa40 [ 83.041713] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 83.047088] ? drop_futex_key_refs+0x21b/0x310 [ 83.051672] ? futex_wait+0x745/0xa40 [ 83.055503] ? kmsan_set_origin+0x83/0x140 [ 83.059733] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 83.065095] ? __msan_get_context_state+0x9/0x30 [ 83.069861] ? INIT_BOOL+0xc/0x30 [ 83.073325] ? mutex_lock_killable+0x2c5/0x420 [ 83.077919] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.082078] ? do_vfs_ioctl+0x187/0x2ca0 [ 83.086128] ? __se_sys_ioctl+0x1da/0x270 [ 83.090272] ? kvm_vm_release+0x90/0x90 [ 83.094258] do_vfs_ioctl+0xf28/0x2ca0 [ 83.098157] ? security_file_ioctl+0x92/0x200 [ 83.102674] __se_sys_ioctl+0x1da/0x270 [ 83.106654] __x64_sys_ioctl+0x4a/0x70 [ 83.110532] do_syscall_64+0xbe/0x100 [ 83.114329] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.119515] RIP: 0033:0x457569 [ 83.122697] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.141613] RSP: 002b:00007f076a867c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.149336] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 83.156607] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 83.163871] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 83.171130] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f076a8686d4 [ 83.178390] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff [ 83.185663] [ 83.187278] Uninit was stored to memory at: [ 83.191593] kmsan_internal_chain_origin+0x136/0x240 [ 83.196694] kmsan_memcpy_origins+0x13d/0x1b0 [ 83.201181] __msan_memcpy+0xcf/0x150 [ 83.204980] x86_emulate_insn+0xded/0xa5b0 [ 83.209208] x86_emulate_instruction+0x14e6/0x6360 [ 83.214133] complete_emulated_mmio+0xa1d/0xb70 [ 83.218794] kvm_arch_vcpu_ioctl_run+0x1521/0x10ab0 [ 83.223803] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.227942] do_vfs_ioctl+0xf28/0x2ca0 [ 83.231834] __se_sys_ioctl+0x1da/0x270 [ 83.235824] __x64_sys_ioctl+0x4a/0x70 [ 83.239701] do_syscall_64+0xbe/0x100 [ 83.243500] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.248674] [ 83.250289] Uninit was stored to memory at: [ 83.254606] kmsan_internal_chain_origin+0x136/0x240 [ 83.259704] kmsan_memcpy_origins+0x13d/0x1b0 [ 83.264193] __msan_memcpy+0xcf/0x150 [ 83.267986] complete_emulated_mmio+0x1fa/0xb70 [ 83.272647] kvm_arch_vcpu_ioctl_run+0x1521/0x10ab0 [ 83.277658] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.281813] do_vfs_ioctl+0xf28/0x2ca0 [ 83.285708] __se_sys_ioctl+0x1da/0x270 [ 83.289671] __x64_sys_ioctl+0x4a/0x70 [ 83.293549] do_syscall_64+0xbe/0x100 [ 83.297348] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.302541] [ 83.304154] Uninit was stored to memory at: [ 83.308471] kmsan_internal_chain_origin+0x136/0x240 [ 83.313573] kmsan_memcpy_origins+0x13d/0x1b0 [ 83.318078] __msan_memcpy+0xcf/0x150 [ 83.321897] write_exit_mmio+0x99/0xf0 [ 83.325791] emulator_read_write+0x870/0x9f0 [ 83.330187] emulator_write_emulated+0xf7/0x110 [ 83.334849] writeback+0xe21/0x1060 [ 83.338471] x86_emulate_insn+0x5e97/0xa5b0 [ 83.342787] x86_emulate_instruction+0x14e6/0x6360 [ 83.347711] kvm_mmu_page_fault+0xd24/0x2ae0 [ 83.352119] handle_ept_violation+0x7e1/0x820 [ 83.356614] vmx_handle_exit+0x20f5/0xb900 [ 83.361312] kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0 [ 83.366331] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.370482] do_vfs_ioctl+0xf28/0x2ca0 [ 83.374371] __se_sys_ioctl+0x1da/0x270 [ 83.378336] __x64_sys_ioctl+0x4a/0x70 [ 83.382225] do_syscall_64+0xbe/0x100 [ 83.386023] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.391197] [ 83.392811] Uninit was stored to memory at: [ 83.397129] kmsan_internal_chain_origin+0x136/0x240 [ 83.402228] __msan_chain_origin+0x75/0xd0 [ 83.406454] em_fnstsw+0x21f/0x240 [ 83.409990] x86_emulate_insn+0x2d48/0xa5b0 [ 83.414309] x86_emulate_instruction+0x14e6/0x6360 [ 83.419228] kvm_mmu_page_fault+0xd24/0x2ae0 [ 83.423627] handle_ept_violation+0x7e1/0x820 [ 83.428113] vmx_handle_exit+0x20f5/0xb900 [ 83.432350] kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0 [ 83.437369] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.441507] do_vfs_ioctl+0xf28/0x2ca0 [ 83.445389] __se_sys_ioctl+0x1da/0x270 [ 83.449358] __x64_sys_ioctl+0x4a/0x70 [ 83.453267] do_syscall_64+0xbe/0x100 [ 83.457076] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.463581] [ 83.465203] Local variable description: ----fsw@em_fnstsw [ 83.470719] Variable was created at: [ 83.474442] em_fnstsw+0x4a/0x240 [ 83.477891] x86_emulate_insn+0x2d48/0xa5b0 [ 83.482214] ================================================================== [ 83.489791] Disabling lock debugging due to kernel taint [ 83.495230] Kernel panic - not syncing: panic_on_warn set ... [ 83.495230] [ 83.502589] CPU: 1 PID: 6493 Comm: syz-executor0 Tainted: G B 4.19.0-rc8+ #70 [ 83.511152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.520505] Call Trace: [ 83.523091] dump_stack+0x306/0x460 [ 83.526729] panic+0x54c/0xafa [ 83.529949] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 83.535407] kmsan_report+0x2d3/0x2e0 [ 83.539227] __msan_warning+0x7c/0xe0 [ 83.543029] ? em_xor+0x8/0x8 [ 83.546134] x86_emulate_insn+0x2e03/0xa5b0 [ 83.550482] x86_emulate_instruction+0x14e6/0x6360 [ 83.555418] ? vmalloc_to_page_or_null+0x3b/0xa0 [ 83.560185] complete_emulated_mmio+0xa1d/0xb70 [ 83.564877] ? complete_emulated_pio+0x270/0x270 [ 83.569631] kvm_arch_vcpu_ioctl_run+0x1521/0x10ab0 [ 83.574657] ? __msan_poison_alloca+0x17a/0x210 [ 83.579348] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 83.584711] ? balance_callback+0x48/0x260 [ 83.588941] ? finish_task_switch+0x182/0x340 [ 83.593444] ? kmsan_set_origin_inline+0x6b/0x120 [ 83.598284] ? __msan_poison_alloca+0x17a/0x210 [ 83.602955] ? drop_futex_key_refs+0x5d/0x310 [ 83.607442] ? futex_wait+0x733/0xa40 [ 83.611238] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 83.616615] ? drop_futex_key_refs+0x21b/0x310 [ 83.621221] ? futex_wait+0x745/0xa40 [ 83.625049] ? kmsan_set_origin+0x83/0x140 [ 83.629278] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 83.634653] ? __msan_get_context_state+0x9/0x30 [ 83.639402] ? INIT_BOOL+0xc/0x30 [ 83.642852] ? mutex_lock_killable+0x2c5/0x420 [ 83.647450] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 83.651605] ? do_vfs_ioctl+0x187/0x2ca0 [ 83.655659] ? __se_sys_ioctl+0x1da/0x270 [ 83.659803] ? kvm_vm_release+0x90/0x90 [ 83.663774] do_vfs_ioctl+0xf28/0x2ca0 [ 83.667684] ? security_file_ioctl+0x92/0x200 [ 83.672202] __se_sys_ioctl+0x1da/0x270 [ 83.676183] __x64_sys_ioctl+0x4a/0x70 [ 83.680062] do_syscall_64+0xbe/0x100 [ 83.683861] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 83.689045] RIP: 0033:0x457569 [ 83.692243] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.711158] RSP: 002b:00007f076a867c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.718874] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 83.726141] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 83.733403] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 83.740676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f076a8686d4 [ 83.747940] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff [ 83.756098] Kernel Offset: disabled [ 83.759735] Rebooting in 86400 seconds..