L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 8021q: adding VLAN 0 to HW filter on device team0 ================================================================== BUG: KMSAN: uninit-value in vmcs_clear arch/x86/kvm/vmx.c:2119 [inline] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 arch/x86/kvm/vmx.c:2126 CPU: 0 PID: 7144 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x306/0x460 lib/dump_stack.c:113 kmsan_report+0x1a3/0x2d0 mm/kmsan/kmsan.c:917 __msan_warning+0x7c/0xe0 mm/kmsan/kmsan_instr.c:500 vmcs_clear arch/x86/kvm/vmx.c:2119 [inline] loaded_vmcs_init+0x343/0x590 arch/x86/kvm/vmx.c:2126 __loaded_vmcs_clear+0x2fb/0x3c0 arch/x86/kvm/vmx.c:2209 flush_smp_call_function_queue+0x404/0x770 kernel/smp.c:243 generic_smp_call_function_single_interrupt+0x1f/0x30 kernel/smp.c:192 smp_call_function_single_interrupt+0x2f7/0x530 arch/x86/kernel/smp.c:296 call_function_single_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:891 RIP: 0010:memset_erms+0xb/0x10 arch/x86/lib/memset_64.S:66 Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01 RSP: 0018:ffff88014ae7f108 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff04 RAX: ffff88014af3f2ff RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 00000000ffffffff RDI: ffff88014af3f210 RBP: ffff88014ae7f1a8 R08: ffffffff7fffffff R09: ffff88014af3f20f R10: 000000ffffffffff R11: 0000000000000000 R12: 0000000000000001 R13: ffff88014ae7f20f R14: ffff88015e373c00 R15: 0000000000000001 page_remove_rmap+0xee/0x1760 mm/rmap.c:1298 zap_pte_range mm/memory.c:1339 [inline] zap_pmd_range mm/memory.c:1441 [inline] zap_pud_range mm/memory.c:1470 [inline] zap_p4d_range mm/memory.c:1491 [inline] unmap_page_range+0x203d/0x3db0 mm/memory.c:1512 unmap_single_vma+0x445/0x5e0 mm/memory.c:1557 unmap_vmas+0x251/0x380 mm/memory.c:1587 exit_mmap+0x50e/0xa00 mm/mmap.c:3093 __mmput+0x16d/0x700 kernel/fork.c:1002 mmput+0x178/0x1f0 kernel/fork.c:1023 exec_mmap fs/exec.c:1043 [inline] flush_old_exec+0x174d/0x2930 fs/exec.c:1276 load_elf_binary+0x151b/0x9230 fs/binfmt_elf.c:869 search_binary_handler+0x49e/0x1030 fs/exec.c:1653 exec_binprm fs/exec.c:1695 [inline] __do_execve_file+0x22c5/0x3340 fs/exec.c:1819 do_execveat_common fs/exec.c:1866 [inline] do_execve fs/exec.c:1883 [inline] __do_sys_execve fs/exec.c:1964 [inline] __se_sys_execve+0xec/0x110 fs/exec.c:1959 __x64_sys_execve+0x4a/0x70 fs/exec.c:1959 do_syscall_64+0xbe/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x455e27 Code: Bad RIP value. RSP: 002b:0000000000a3fac8 EFLAGS: 00000207 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455e27 RDX: 00007ffc630d1fe8 RSI: 0000000000a3fb00 RDI: 00000000004dac7b RBP: 0000000000a3fc80 R08: 0000000000000000 R09: 000000000000001a R10: 0000000000000008 R11: 0000000000000207 R12: 0000000000a3feb0 R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----error.i@loaded_vmcs_init Variable was created at: loaded_vmcs_init+0x8a/0x590 arch/x86/kvm/vmx.c:2125 __loaded_vmcs_clear+0x2fb/0x3c0 arch/x86/kvm/vmx.c:2209 ==================================================================