Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. executing program [ 49.228953][ T8363] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 49.267779][ T8363] Not enough msr switch entries. Can't add msr f7894c08 [ 49.290890][ T8363] unchecked MSR access error: WRMSR to 0x3f1 (tried to write 0x0000000000000000) at rIP: 0xffffffff811ebe91 (add_atomic_switch_msr+0x61/0x890) [ 49.305431][ T8363] Call Trace: [ 49.308817][ T8363] ? kvm_x2apic_msr_read+0x109/0x250 [ 49.314237][ T8363] ? kvm_x2apic_msr_read+0x119/0x250 [ 49.319522][ T8363] vmx_vcpu_run+0x516/0x1370 [ 49.324124][ T8363] ? lock_is_held_type+0xf8/0x160 [ 49.329163][ T8363] ? rcu_lock_release+0x9/0x20 [ 49.333919][ T8363] ? rcu_read_lock_sched_held+0x41/0xb0 [ 49.339457][ T8363] ? lock_release+0x472/0x6b0 [ 49.344213][ T8363] vcpu_enter_guest+0x2ed9/0x8f80 [ 49.349233][ T8363] ? __lock_acquire+0x1342/0x5e60 [ 49.354265][ T8363] ? __lock_acquire+0x1275/0x5e60 [ 49.359308][ T8363] ? lock_is_held_type+0xf8/0x160 [ 49.364326][ T8363] ? rcu_read_lock_sched_held+0x41/0xb0 [ 49.369862][ T8363] ? lock_acquire+0x124/0x5f0 [ 49.374532][ T8363] vcpu_run+0x316/0xb70 [ 49.378694][ T8363] ? lock_is_held_type+0xf8/0x160 [ 49.383711][ T8363] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 49.389162][ T8363] kvm_vcpu_ioctl+0x62a/0xa30 [ 49.393941][ T8363] ? bpf_lsm_file_ioctl+0x5/0x10 [ 49.398883][ T8363] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 49.404793][ T8363] __se_sys_ioctl+0xfb/0x170 [ 49.409383][ T8363] do_syscall_64+0x2d/0x70 [ 49.413788][ T8363] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.419691][ T8363] RIP: 0033:0x43eee9 [ 49.423581][ T8363] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 49.443546][ T8363] RSP: 002b:00007ffc2d0737a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 49.452660][ T8363] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eee9 [ 49.464556][ T8363] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 49.472540][ T8363] RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488 [ 49.480529][ T8363] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60 [ 49.488492][ T8363] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 51.169005][ T8363] ================================================================== [ 51.177254][ T8363] BUG: KASAN: global-out-of-bounds in vmx_vcpu_run+0x497/0x1370 [ 51.184891][ T8363] Read of size 8 at addr ffffffff89a000f1 by task syz-executor125/8363 [ 51.193133][ T8363] [ 51.195445][ T8363] CPU: 1 PID: 8363 Comm: syz-executor125 Not tainted 5.11.0-syzkaller #0 [ 51.203839][ T8363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.214056][ T8363] Call Trace: [ 51.217415][ T8363] dump_stack+0x125/0x19e [ 51.221739][ T8363] print_address_description+0x5f/0x3a0 [ 51.230489][ T8363] kasan_report+0x15e/0x210 [ 51.235002][ T8363] ? vmx_vcpu_run+0x497/0x1370 [ 51.239766][ T8363] vmx_vcpu_run+0x497/0x1370 [ 51.244344][ T8363] ? lock_is_held_type+0xf8/0x160 [ 51.249376][ T8363] ? rcu_lock_release+0x9/0x20 [ 51.254223][ T8363] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.259856][ T8363] ? lock_release+0x472/0x6b0 [ 51.264626][ T8363] vcpu_enter_guest+0x2ed9/0x8f80 [ 51.269659][ T8363] ? __lock_acquire+0x1342/0x5e60 [ 51.274694][ T8363] ? __lock_acquire+0x1275/0x5e60 [ 51.279731][ T8363] ? lock_is_held_type+0xf8/0x160 [ 51.284752][ T8363] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.290299][ T8363] ? lock_acquire+0x124/0x5f0 [ 51.295064][ T8363] vcpu_run+0x316/0xb70 [ 51.299211][ T8363] ? lock_is_held_type+0xf8/0x160 [ 51.304386][ T8363] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 51.309877][ T8363] kvm_vcpu_ioctl+0x62a/0xa30 [ 51.314551][ T8363] ? bpf_lsm_file_ioctl+0x5/0x10 [ 51.319746][ T8363] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 51.325918][ T8363] __se_sys_ioctl+0xfb/0x170 [ 51.330509][ T8363] do_syscall_64+0x2d/0x70 [ 51.335093][ T8363] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.340992][ T8363] RIP: 0033:0x43eee9 [ 51.344874][ T8363] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.364710][ T8363] RSP: 002b:00007ffc2d0737a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.373240][ T8363] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eee9 [ 51.381380][ T8363] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 51.389335][ T8363] RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488 [ 51.397306][ T8363] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60 [ 51.405385][ T8363] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 51.413462][ T8363] [ 51.415777][ T8363] The buggy address belongs to the variable: [ 51.421746][ T8363] str__initcall__trace_system_name+0x11/0x40 [ 51.427802][ T8363] [ 51.430107][ T8363] Memory state around the buggy address: [ 51.435728][ T8363] ffffffff899fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.443872][ T8363] ffffffff89a00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.452028][ T8363] >ffffffff89a00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 f9 f9 [ 51.460104][ T8363] ^ [ 51.467831][ T8363] ffffffff89a00100: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 [ 51.475888][ T8363] ffffffff89a00180: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 51.483962][ T8363] ================================================================== [ 51.492012][ T8363] Disabling lock debugging due to kernel taint [ 51.498329][ T8363] Kernel panic - not syncing: panic_on_warn set ... [ 51.504892][ T8363] CPU: 1 PID: 8363 Comm: syz-executor125 Tainted: G B 5.11.0-syzkaller #0 [ 51.514684][ T8363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.524977][ T8363] Call Trace: [ 51.529212][ T8363] dump_stack+0x125/0x19e [ 51.533538][ T8363] panic+0x291/0x800 [ 51.537420][ T8363] ? do_raw_spin_unlock+0x134/0x8a0 [ 51.542612][ T8363] kasan_report+0x203/0x210 [ 51.548788][ T8363] ? vmx_vcpu_run+0x497/0x1370 [ 51.556630][ T8363] vmx_vcpu_run+0x497/0x1370 [ 51.562220][ T8363] ? lock_is_held_type+0xf8/0x160 [ 51.567607][ T8363] ? rcu_lock_release+0x9/0x20 [ 51.573166][ T8363] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.579761][ T8363] ? lock_release+0x472/0x6b0 [ 51.584549][ T8363] vcpu_enter_guest+0x2ed9/0x8f80 [ 51.589573][ T8363] ? __lock_acquire+0x1342/0x5e60 [ 51.594673][ T8363] ? __lock_acquire+0x1275/0x5e60 [ 51.599682][ T8363] ? lock_is_held_type+0xf8/0x160 [ 51.604860][ T8363] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.610778][ T8363] ? lock_acquire+0x124/0x5f0 [ 51.615928][ T8363] vcpu_run+0x316/0xb70 [ 51.620089][ T8363] ? lock_is_held_type+0xf8/0x160 [ 51.625098][ T8363] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 51.630547][ T8363] kvm_vcpu_ioctl+0x62a/0xa30 [ 51.635205][ T8363] ? bpf_lsm_file_ioctl+0x5/0x10 [ 51.640123][ T8363] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 51.646814][ T8363] __se_sys_ioctl+0xfb/0x170 [ 51.651389][ T8363] do_syscall_64+0x2d/0x70 [ 51.655797][ T8363] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.661797][ T8363] RIP: 0033:0x43eee9 [ 51.665829][ T8363] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.685540][ T8363] RSP: 002b:00007ffc2d0737a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.694036][ T8363] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eee9 [ 51.702269][ T8363] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 51.710262][ T8363] RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488 [ 51.718407][ T8363] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60 [ 51.726367][ T8363] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 51.735261][ T8363] Kernel Offset: disabled [ 51.739974][ T8363] Rebooting in 86400 seconds..