[ 95.278388] audit: type=1800 audit(1549477539.320:26): pid=10361 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 95.297885] audit: type=1800 audit(1549477539.350:27): pid=10361 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 96.572063] sshd (10426) used greatest stack depth: 54176 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 96.830951] sshd (10464) used greatest stack depth: 53632 bytes left [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. syzkaller login: [ 106.681459] IPVS: ftp: loaded support on port[0] = 21 [ 106.776484] chnl_net:caif_netlink_parms(): no params data found [ 106.822568] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.829014] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.836907] device bridge_slave_0 entered promiscuous mode [ 106.844700] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.851113] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.859044] device bridge_slave_1 entered promiscuous mode [ 106.882695] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 106.893137] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 106.915171] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 106.923121] team0: Port device team_slave_0 added [ 106.928933] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 106.937200] team0: Port device team_slave_1 added [ 106.943163] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 106.951006] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 107.044998] device hsr_slave_0 entered promiscuous mode [ 107.122430] device hsr_slave_1 entered promiscuous mode [ 107.173237] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 107.180516] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 107.201859] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.208328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.215612] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.222125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.283133] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 107.289229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.299202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.311022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.321260] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.328981] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.337348] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 107.351336] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 107.357508] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.368916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.378621] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.385263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.401021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.409724] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.416268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.442764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 107.453280] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 107.474072] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 107.483054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 107.497882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 107.510259] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 107.516630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 107.538921] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 107.554767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.573868] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 107.616889] ================================================================== [ 107.624276] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 107.630763] CPU: 0 PID: 10517 Comm: syz-executor499 Not tainted 5.0.0-rc1+ #9 [ 107.638017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 107.647360] Call Trace: [ 107.649939] dump_stack+0x173/0x1d0 [ 107.653572] kmsan_report+0x12e/0x2a0 [ 107.657371] kmsan_internal_check_memory+0x9e4/0xb10 [ 107.662487] kmsan_copy_to_user+0xab/0xc0 [ 107.666627] _copy_to_user+0x16b/0x1f0 [ 107.670531] vmx_get_nested_state+0xf7a/0x1020 [ 107.675133] kvm_arch_vcpu_ioctl+0xb34/0x7200 [ 107.679640] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 107.684825] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 107.690176] ? mutex_lock_killable+0x92/0x130 [ 107.694666] kvm_vcpu_ioctl+0xc6d/0x1d20 [ 107.698734] ? kvm_vm_release+0x90/0x90 [ 107.702704] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 107.707898] ? kvm_vm_release+0x90/0x90 [ 107.711878] do_vfs_ioctl+0xebd/0x2bf0 [ 107.715783] ? security_file_ioctl+0x92/0x200 [ 107.720278] __se_sys_ioctl+0x1da/0x270 [ 107.724277] __x64_sys_ioctl+0x4a/0x70 [ 107.728178] do_syscall_64+0xbc/0xf0 [ 107.731904] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 107.737094] RIP: 0033:0x44b119 [ 107.740272] Code: e8 dc 0b 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 04 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 107.759167] RSP: 002b:00007f1a93584ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 107.766865] RAX: ffffffffffffffda RBX: 00000000006e2c48 RCX: 000000000044b119 [ 107.774122] RDX: 0000000020002280 RSI: 00000000c080aebe RDI: 0000000000000008 [ 107.781382] RBP: 00000000006e2c40 R08: 0000000000000000 R09: 0000000000000000 [ 107.788638] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e2c4c [ 107.795894] R13: 00007ffc58222d0f R14: 00007f1a935859c0 R15: 000000000000002d [ 107.803165] [ 107.804770] Uninit was created at: [ 107.808318] kmsan_internal_poison_shadow+0x92/0x150 [ 107.813408] kmsan_kmalloc+0xa6/0x130 [ 107.817198] kmem_cache_alloc_trace+0x55d/0xb40 [ 107.821862] enter_vmx_operation+0x1db/0xab0 [ 107.826271] vmx_set_nested_state+0x9b2/0x14a0 [ 107.830843] kvm_arch_vcpu_ioctl+0x4c47/0x7200 [ 107.835411] kvm_vcpu_ioctl+0xc6d/0x1d20 [ 107.839457] do_vfs_ioctl+0xebd/0x2bf0 [ 107.843345] __se_sys_ioctl+0x1da/0x270 [ 107.847322] __x64_sys_ioctl+0x4a/0x70 [ 107.851195] do_syscall_64+0xbc/0xf0 [ 107.854898] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 107.860065] [ 107.861712] Bytes 0-997 of 998 are uninitialized [ 107.866454] Memory access of size 998 starts at ffff8880acf3a000 [ 107.872579] Data copied to user address 0000000020003300 [ 107.878006] ================================================================== [ 107.885347] Disabling lock debugging due to kernel taint [ 107.890786] Kernel panic - not syncing: panic_on_warn set ... [ 107.896657] CPU: 0 PID: 10517 Comm: syz-executor499 Tainted: G B 5.0.0-rc1+ #9 [ 107.905304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 107.914641] Call Trace: [ 107.917228] dump_stack+0x173/0x1d0 [ 107.920852] panic+0x3d1/0xb01 [ 107.924066] kmsan_report+0x293/0x2a0 [ 107.927885] kmsan_internal_check_memory+0x9e4/0xb10 [ 107.932998] kmsan_copy_to_user+0xab/0xc0 [ 107.937138] _copy_to_user+0x16b/0x1f0 [ 107.941025] vmx_get_nested_state+0xf7a/0x1020 [ 107.945638] kvm_arch_vcpu_ioctl+0xb34/0x7200 [ 107.950140] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 107.955327] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 107.960678] ? mutex_lock_killable+0x92/0x130 [ 107.965167] kvm_vcpu_ioctl+0xc6d/0x1d20 [ 107.969231] ? kvm_vm_release+0x90/0x90 [ 107.973197] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 107.978375] ? kvm_vm_release+0x90/0x90 [ 107.982344] do_vfs_ioctl+0xebd/0x2bf0 [ 107.986235] ? security_file_ioctl+0x92/0x200 [ 107.990726] __se_sys_ioctl+0x1da/0x270 [ 107.994700] __x64_sys_ioctl+0x4a/0x70 [ 107.998582] do_syscall_64+0xbc/0xf0 [ 108.002317] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 108.007506] RIP: 0033:0x44b119 [ 108.010685] Code: e8 dc 0b 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 04 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 108.029577] RSP: 002b:00007f1a93584ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 108.037274] RAX: ffffffffffffffda RBX: 00000000006e2c48 RCX: 000000000044b119 [ 108.044531] RDX: 0000000020002280 RSI: 00000000c080aebe RDI: 0000000000000008 [ 108.051800] RBP: 00000000006e2c40 R08: 0000000000000000 R09: 0000000000000000 [ 108.059074] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e2c4c [ 108.066351] R13: 00007ffc58222d0f R14: 00007f1a935859c0 R15: 000000000000002d [ 108.074529] Kernel Offset: disabled [ 108.078165] Rebooting in 86400 seconds..