[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.064933] audit: type=1400 audit(1600629369.830:8): avc: denied { execmem } for pid=6483 comm="syz-executor539" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.066613] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 40.112276] ================================================================================ [ 40.121000] UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:299:45 [ 40.127933] shift exponent 194 is too large for 64-bit type 'long long unsigned int' [ 40.135803] CPU: 0 PID: 6483 Comm: syz-executor539 Not tainted 4.19.146-syzkaller #0 [ 40.143677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.153028] Call Trace: [ 40.155639] dump_stack+0x22c/0x33e [ 40.159249] ubsan_epilogue+0xe/0x3a [ 40.162946] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.169068] ? find_held_lock+0x2d/0x110 [ 40.173111] ? update_permission_bitmask+0x135/0x370 [ 40.178192] ? kvm_find_cpuid_entry+0x1a5/0x390 [ 40.182886] intel_pmu_refresh.cold+0x9b/0xa0 [ 40.187363] kvm_update_cpuid+0x6d9/0xaf0 [ 40.191537] kvm_vcpu_ioctl_set_cpuid2+0x151/0x1c0 [ 40.196447] kvm_arch_vcpu_ioctl+0xfc0/0x2e10 [ 40.200988] ? kvm_arch_vcpu_put+0x5a0/0x5a0 [ 40.205412] ? round_jiffies_up_relative+0xd0/0xd0 [ 40.210332] ? __mutex_unlock_slowpath+0xea/0x660 [ 40.215169] ? queue_delayed_work_on+0x13e/0x230 [ 40.219905] ? lock_acquire+0x170/0x3f0 [ 40.224009] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.228133] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.232371] ? __mutex_lock+0x3bd/0x13f0 [ 40.236464] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.240629] ? ww_mutex_unlock+0x2f0/0x2f0 [ 40.244845] ? kvm_vcpu_release+0xa0/0xa0 [ 40.248972] ? find_held_lock+0x2d/0x110 [ 40.253056] ? __fd_install+0x22a/0x6e0 [ 40.257012] kvm_vcpu_ioctl+0x8af/0xe30 [ 40.260966] ? kvm_get_dirty_log+0x590/0x590 [ 40.265355] ? __fd_install+0x261/0x6e0 [ 40.269309] ? kvm_dev_ioctl+0xda/0x18b0 [ 40.273354] ? debug_check_no_obj_freed+0x201/0x482 [ 40.278384] ? kvm_put_kvm+0xce0/0xce0 [ 40.282292] ? lock_downgrade+0x750/0x750 [ 40.286422] ? kvm_get_dirty_log+0x590/0x590 [ 40.290842] do_vfs_ioctl+0xcdb/0x12e0 [ 40.294727] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 40.299904] ? ioctl_preallocate+0x200/0x200 [ 40.304295] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 40.309730] ? getname_kernel+0x260/0x370 [ 40.313855] ? putname+0xe1/0x130 [ 40.317312] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.322310] ? putname+0xe1/0x130 [ 40.325747] ksys_ioctl+0x9b/0xc0 [ 40.329179] __x64_sys_ioctl+0x6f/0xb0 [ 40.333133] do_syscall_64+0xf9/0x670 [ 40.336916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.342083] RIP: 0033:0x440369 [ 40.345301] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.364213] RSP: 002b:00007ffd0803e2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.371913] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440369 [ 40.379203] RDX: 0000000020000540 RSI: 000000004008ae90 RDI: 0000000000000005 [ 40.386491] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 40.393742] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b70 [ 40.401037] R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000 [ 40.408322] ================================================================================ [ 40.417294] ================================================================================ [ 40.425874] UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:301:13 [ 40.432804] shift exponent 248 is too large for 64-bit type 'long long unsigned int' [ 40.440689] CPU: 0 PID: 6483 Comm: syz-executor539 Not tainted 4.19.146-syzkaller #0 [ 40.448560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.457895] Call Trace: [ 40.460467] dump_stack+0x22c/0x33e [ 40.464076] ubsan_epilogue+0xe/0x3a [ 40.467769] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.473892] ? find_held_lock+0x2d/0x110 [ 40.477985] ? update_permission_bitmask+0x135/0x370 [ 40.483083] ? kvm_find_cpuid_entry+0x1a5/0x390 [ 40.487771] intel_pmu_refresh.cold+0x75/0xa0 [ 40.492261] kvm_update_cpuid+0x6d9/0xaf0 [ 40.496393] kvm_vcpu_ioctl_set_cpuid2+0x151/0x1c0 [ 40.501304] kvm_arch_vcpu_ioctl+0xfc0/0x2e10 [ 40.505779] ? kvm_arch_vcpu_put+0x5a0/0x5a0 [ 40.510285] ? round_jiffies_up_relative+0xd0/0xd0 [ 40.515254] ? __mutex_unlock_slowpath+0xea/0x660 [ 40.520082] ? queue_delayed_work_on+0x13e/0x230 [ 40.524874] ? lock_acquire+0x170/0x3f0 [ 40.528829] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.532970] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.537111] ? __mutex_lock+0x3bd/0x13f0 [ 40.541184] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.545321] ? ww_mutex_unlock+0x2f0/0x2f0 [ 40.549537] ? kvm_vcpu_release+0xa0/0xa0 [ 40.553674] ? find_held_lock+0x2d/0x110 [ 40.557753] ? __fd_install+0x22a/0x6e0 [ 40.561710] kvm_vcpu_ioctl+0x8af/0xe30 [ 40.565663] ? kvm_get_dirty_log+0x590/0x590 [ 40.570049] ? __fd_install+0x261/0x6e0 [ 40.574042] ? kvm_dev_ioctl+0xda/0x18b0 [ 40.578117] ? debug_check_no_obj_freed+0x201/0x482 [ 40.583143] ? kvm_put_kvm+0xce0/0xce0 [ 40.587016] ? lock_downgrade+0x750/0x750 [ 40.591159] ? kvm_get_dirty_log+0x590/0x590 [ 40.595564] do_vfs_ioctl+0xcdb/0x12e0 [ 40.599442] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 40.604620] ? ioctl_preallocate+0x200/0x200 [ 40.609009] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 40.614448] ? getname_kernel+0x260/0x370 [ 40.618575] ? putname+0xe1/0x130 [ 40.622007] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.627019] ? putname+0xe1/0x130 [ 40.630456] ksys_ioctl+0x9b/0xc0 [ 40.633890] __x64_sys_ioctl+0x6f/0xb0 [ 40.637757] do_syscall_64+0xf9/0x670 [ 40.641540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.646706] RIP: 0033:0x440369 [ 40.649878] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.668760] RSP: 002b:00007ffd0803e2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.676447] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440369 [ 40.683707] RDX: 0000000020000540 RSI: 000000004008ae90 RDI: 0000000000000005 [ 40.690956] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 40.698203] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b70 [ 40.705451] R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000 [ 40.712720] ================================================================================ [ 40.722062] ================================================================================ [ 40.730736] UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:310:12 [ 40.737670] shift exponent 164 is too large for 64-bit type 'long long unsigned int' [ 40.745550] CPU: 0 PID: 6483 Comm: syz-executor539 Not tainted 4.19.146-syzkaller #0 [ 40.753412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.762745] Call Trace: [ 40.765319] dump_stack+0x22c/0x33e [ 40.768928] ubsan_epilogue+0xe/0x3a [ 40.772643] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.778922] ? find_held_lock+0x2d/0x110 [ 40.782976] ? update_permission_bitmask+0x135/0x370 [ 40.788101] ? kvm_find_cpuid_entry+0x1a5/0x390 [ 40.792767] intel_pmu_refresh.cold+0x56/0xa0 [ 40.797267] kvm_update_cpuid+0x6d9/0xaf0 [ 40.801399] kvm_vcpu_ioctl_set_cpuid2+0x151/0x1c0 [ 40.806341] kvm_arch_vcpu_ioctl+0xfc0/0x2e10 [ 40.810816] ? kvm_arch_vcpu_put+0x5a0/0x5a0 [ 40.815220] ? round_jiffies_up_relative+0xd0/0xd0 [ 40.820143] ? __mutex_unlock_slowpath+0xea/0x660 [ 40.824982] ? queue_delayed_work_on+0x13e/0x230 [ 40.829721] ? lock_acquire+0x170/0x3f0 [ 40.836278] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.840403] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.844532] ? __mutex_lock+0x3bd/0x13f0 [ 40.848576] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.852724] ? ww_mutex_unlock+0x2f0/0x2f0 [ 40.856948] ? kvm_vcpu_release+0xa0/0xa0 [ 40.861193] ? find_held_lock+0x2d/0x110 [ 40.865265] ? __fd_install+0x22a/0x6e0 [ 40.869229] kvm_vcpu_ioctl+0x8af/0xe30 [ 40.873188] ? kvm_get_dirty_log+0x590/0x590 [ 40.877592] ? __fd_install+0x261/0x6e0 [ 40.881557] ? kvm_dev_ioctl+0xda/0x18b0 [ 40.885621] ? debug_check_no_obj_freed+0x201/0x482 [ 40.890614] ? kvm_put_kvm+0xce0/0xce0 [ 40.894481] ? lock_downgrade+0x750/0x750 [ 40.898618] ? kvm_get_dirty_log+0x590/0x590 [ 40.903009] do_vfs_ioctl+0xcdb/0x12e0 [ 40.906878] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 40.912223] ? ioctl_preallocate+0x200/0x200 [ 40.916720] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 40.922169] ? getname_kernel+0x260/0x370 [ 40.926294] ? putname+0xe1/0x130 [ 40.929744] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.934741] ? putname+0xe1/0x130 [ 40.938179] ksys_ioctl+0x9b/0xc0 [ 40.941626] __x64_sys_ioctl+0x6f/0xb0 [ 40.945506] do_syscall_64+0xf9/0x670 [ 40.949288] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.954463] RIP: 0033:0x440369 [ 40.957635] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b