[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.517993] audit: type=1400 audit(1601836630.663:8): avc: denied { execmem } for pid=6510 comm="syz-executor342" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.519128] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 40.559881] ================================================================================ [ 40.568568] UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:299:45 [ 40.575499] shift exponent 194 is too large for 64-bit type 'long long unsigned int' [ 40.583371] CPU: 1 PID: 6510 Comm: syz-executor342 Not tainted 4.19.149-syzkaller #0 [ 40.591232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.600565] Call Trace: [ 40.603135] dump_stack+0x22c/0x33e [ 40.606774] ubsan_epilogue+0xe/0x3a [ 40.610500] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.616627] ? find_held_lock+0x2d/0x110 [ 40.620671] ? update_permission_bitmask+0x135/0x370 [ 40.625765] ? kvm_find_cpuid_entry+0x1a5/0x390 [ 40.630433] intel_pmu_refresh.cold+0x9b/0xa0 [ 40.634945] kvm_update_cpuid+0x6d9/0xaf0 [ 40.639085] kvm_vcpu_ioctl_set_cpuid2+0x151/0x1c0 [ 40.644008] kvm_arch_vcpu_ioctl+0xfc0/0x2e10 [ 40.648498] ? kvm_arch_vcpu_put+0x5a0/0x5a0 [ 40.652888] ? round_jiffies_up_relative+0xd0/0xd0 [ 40.657797] ? __mutex_unlock_slowpath+0xea/0x660 [ 40.662633] ? queue_delayed_work_on+0x13e/0x230 [ 40.667416] ? lock_acquire+0x170/0x3f0 [ 40.671390] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.675526] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.679666] ? __mutex_lock+0x3bd/0x13f0 [ 40.683710] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.687834] ? ww_mutex_unlock+0x2f0/0x2f0 [ 40.692083] ? kvm_vcpu_release+0xa0/0xa0 [ 40.696236] ? find_held_lock+0x2d/0x110 [ 40.700287] ? __fd_install+0x22a/0x6e0 [ 40.704263] kvm_vcpu_ioctl+0x8af/0xe30 [ 40.708215] ? kvm_get_dirty_log+0x590/0x590 [ 40.712603] ? __fd_install+0x261/0x6e0 [ 40.716556] ? kvm_dev_ioctl+0xda/0x18b0 [ 40.720601] ? debug_check_no_obj_freed+0x201/0x482 [ 40.725596] ? kvm_put_kvm+0xce0/0xce0 [ 40.729463] ? lock_downgrade+0x750/0x750 [ 40.733607] ? kvm_get_dirty_log+0x590/0x590 [ 40.738005] do_vfs_ioctl+0xcdb/0x12e0 [ 40.741879] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 40.747061] ? ioctl_preallocate+0x200/0x200 [ 40.751459] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 40.756890] ? path_openat+0xad0/0x2e90 [ 40.760841] ? putname+0xe1/0x130 [ 40.764276] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.769282] ? putname+0xe1/0x130 [ 40.772720] ksys_ioctl+0x9b/0xc0 [ 40.776159] __x64_sys_ioctl+0x6f/0xb0 [ 40.780029] do_syscall_64+0xf9/0x670 [ 40.783902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.789126] RIP: 0033:0x440369 [ 40.792298] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.811204] RSP: 002b:00007ffceed943b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.818893] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440369 [ 40.826140] RDX: 0000000020000540 RSI: 000000004008ae90 RDI: 0000000000000005 [ 40.833387] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 40.840672] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b70 [ 40.847917] R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000 [ 40.855183] ================================================================================ [ 40.864610] ================================================================================ [ 40.873191] UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:301:13 [ 40.880114] shift exponent 248 is too large for 64-bit type 'long long unsigned int' [ 40.888001] CPU: 1 PID: 6510 Comm: syz-executor342 Not tainted 4.19.149-syzkaller #0 [ 40.895881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.905236] Call Trace: [ 40.907809] dump_stack+0x22c/0x33e [ 40.911421] ubsan_epilogue+0xe/0x3a [ 40.915116] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.921239] ? find_held_lock+0x2d/0x110 [ 40.925296] ? update_permission_bitmask+0x135/0x370 [ 40.930386] ? kvm_find_cpuid_entry+0x1a5/0x390 [ 40.935037] intel_pmu_refresh.cold+0x75/0xa0 [ 40.939512] kvm_update_cpuid+0x6d9/0xaf0 [ 40.943641] kvm_vcpu_ioctl_set_cpuid2+0x151/0x1c0 [ 40.948562] kvm_arch_vcpu_ioctl+0xfc0/0x2e10 [ 40.953039] ? kvm_arch_vcpu_put+0x5a0/0x5a0 [ 40.957426] ? round_jiffies_up_relative+0xd0/0xd0 [ 40.962336] ? __mutex_unlock_slowpath+0xea/0x660 [ 40.968143] ? queue_delayed_work_on+0x13e/0x230 [ 40.972887] ? lock_acquire+0x170/0x3f0 [ 40.976839] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.980993] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.985122] ? __mutex_lock+0x3bd/0x13f0 [ 40.989160] ? kvm_vcpu_ioctl+0x175/0xe30 [ 40.993300] ? ww_mutex_unlock+0x2f0/0x2f0 [ 40.998481] ? kvm_vcpu_release+0xa0/0xa0 [ 41.002609] ? find_held_lock+0x2d/0x110 [ 41.006649] ? __fd_install+0x22a/0x6e0 [ 41.010618] kvm_vcpu_ioctl+0x8af/0xe30 [ 41.014573] ? kvm_get_dirty_log+0x590/0x590 [ 41.018959] ? __fd_install+0x261/0x6e0 [ 41.022912] ? kvm_dev_ioctl+0xda/0x18b0 [ 41.026965] ? debug_check_no_obj_freed+0x201/0x482 [ 41.031958] ? kvm_put_kvm+0xce0/0xce0 [ 41.035835] ? lock_downgrade+0x750/0x750 [ 41.039964] ? kvm_get_dirty_log+0x590/0x590 [ 41.044370] do_vfs_ioctl+0xcdb/0x12e0 [ 41.048237] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 41.053411] ? ioctl_preallocate+0x200/0x200 [ 41.057799] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 41.063231] ? path_openat+0xad0/0x2e90 [ 41.067181] ? putname+0xe1/0x130 [ 41.070612] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 41.075606] ? putname+0xe1/0x130 [ 41.079040] ksys_ioctl+0x9b/0xc0 [ 41.082473] __x64_sys_ioctl+0x6f/0xb0 [ 41.086340] do_syscall_64+0xf9/0x670 [ 41.090120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.095301] RIP: 0033:0x440369 [ 41.098473] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.117357] RSP: 002b:00007ffceed943b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 41.125039] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440369 [ 41.132286] RDX: 0000000020000540 RSI: 000000004008ae90 RDI: 0000000000000005 [ 41.139562] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 41.146819] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b70 [ 41.154066] R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000 [ 41.161321] ================================================================================ [ 41.170150] ================================================================================ [ 41.178735] UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:310:12 [ 41.185664] shift exponent 164 is too large for 64-bit type 'long long unsigned int' [ 41.193544] CPU: 1 PID: 6510 Comm: syz-executor342 Not tainted 4.19.149-syzkaller #0 [ 41.201429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.210768] Call Trace: [ 41.213339] dump_stack+0x22c/0x33e [ 41.216948] ubsan_epilogue+0xe/0x3a [ 41.220644] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 41.226767] ? find_held_lock+0x2d/0x110 [ 41.230806] ? update_permission_bitmask+0x135/0x370 [ 41.235890] ? kvm_find_cpuid_entry+0x1a5/0x390 [ 41.240538] intel_pmu_refresh.cold+0x56/0xa0 [ 41.245013] kvm_update_cpuid+0x6d9/0xaf0 [ 41.249151] kvm_vcpu_ioctl_set_cpuid2+0x151/0x1c0 [ 41.254072] kvm_arch_vcpu_ioctl+0xfc0/0x2e10 [ 41.258547] ? kvm_arch_vcpu_put+0x5a0/0x5a0 [ 41.262946] ? round_jiffies_up_relative+0xd0/0xd0 [ 41.267857] ? __mutex_unlock_slowpath+0xea/0x660 [ 41.272684] ? queue_delayed_work_on+0x13e/0x230 [ 41.277429] ? lock_acquire+0x170/0x3f0 [ 41.281381] ? kvm_vcpu_ioctl+0x175/0xe30 [ 41.285507] ? kvm_vcpu_ioctl+0x175/0xe30 [ 41.289635] ? __mutex_lock+0x3bd/0x13f0 [ 41.293686] ? kvm_vcpu_ioctl+0x175/0xe30 [ 41.297811] ? ww_mutex_unlock+0x2f0/0x2f0 [ 41.302026] ? kvm_vcpu_release+0xa0/0xa0 [ 41.306162] ? find_held_lock+0x2d/0x110 [ 41.310201] ? __fd_install+0x22a/0x6e0 [ 41.314156] kvm_vcpu_ioctl+0x8af/0xe30 [ 41.318111] ? kvm_get_dirty_log+0x590/0x590 [ 41.322527] ? __fd_install+0x261/0x6e0 [ 41.326479] ? kvm_dev_ioctl+0xda/0x18b0 [ 41.330527] ? debug_check_no_obj_freed+0x201/0x482 [ 41.336312] ? kvm_put_kvm+0xce0/0xce0 [ 41.340178] ? lock_downgrade+0x750/0x750 [ 41.344316] ? kvm_get_dirty_log+0x590/0x590 [ 41.348703] do_vfs_ioctl+0xcdb/0x12e0 [ 41.352571] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 41.357738] ? ioctl_preallocate+0x200/0x200 [ 41.362131] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 41.367562] ? path_openat+0xad0/0x2e90 [ 41.371513] ? putname+0xe1/0x130 [ 41.374968] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 41.379973] ? putname+0xe1/0x130 [ 41.383440] ksys_ioctl+0x9b/0xc0 [ 41.386877] __x64_sys_ioctl+0x6f/0xb0 [ 41.390743] do_syscall_64+0xf9/0x670 [ 41.394534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.399711] RIP: 0033:0x440369 [ 41.402887] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.421778] RSP: 002b:00007ffceed943b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 41.429472] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440369 [ 41.436718] RDX: 0000000020000540 RSI: 000000004008ae90 RDI: 0000000000000005 [ 41.443966] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 41.451211] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b70 [ 41.458476] R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000 [ 41.465732] ================================================================