[ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.969578][ T8346] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 50.005568][ T8346] Not enough msr switch entries. Can't add msr f7894c08 [ 50.029598][ T8346] unchecked MSR access error: WRMSR to 0x3f1 (tried to write 0x0000000000000000) at rIP: 0xffffffff811eca31 (add_atomic_switch_msr+0x61/0x890) [ 50.044420][ T8346] Call Trace: [ 50.047703][ T8346] ? reprogram_fixed_counter+0x511/0x930 [ 50.053343][ T8346] vmx_vcpu_run+0x559/0x13f0 [ 50.057988][ T8346] ? lock_is_held_type+0xf8/0x160 [ 50.063043][ T8346] ? rcu_lock_release+0x9/0x20 [ 50.067804][ T8346] ? rcu_read_lock_sched_held+0x41/0xb0 [ 50.073359][ T8346] ? lock_release+0x472/0x6b0 [ 50.078060][ T8346] vcpu_enter_guest+0x2ed9/0x8f10 [ 50.083097][ T8346] ? __lock_acquire+0x1342/0x5e60 [ 50.088122][ T8346] ? __lock_acquire+0x1275/0x5e60 [ 50.093154][ T8346] ? lock_is_held_type+0xf8/0x160 [ 50.098196][ T8346] ? rcu_read_lock_sched_held+0x41/0xb0 [ 50.103733][ T8346] ? lock_acquire+0x124/0x5f0 [ 50.108403][ T8346] vcpu_run+0x316/0xb70 [ 50.112557][ T8346] ? lock_is_held_type+0xf8/0x160 [ 50.117572][ T8346] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 50.123110][ T8346] kvm_vcpu_ioctl+0x62a/0xa30 [ 50.127777][ T8346] ? bpf_lsm_file_ioctl+0x5/0x10 [ 50.132717][ T8346] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 50.138610][ T8346] __se_sys_ioctl+0xfb/0x170 [ 50.143280][ T8346] do_syscall_64+0x2d/0x70 [ 50.147697][ T8346] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.153701][ T8346] RIP: 0033:0x43eee9 [ 50.158540][ T8346] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.178138][ T8346] RSP: 002b:00007ffe7ad00d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.186546][ T8346] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eee9 [ 50.194510][ T8346] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 50.203114][ T8346] RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488 [ 50.211169][ T8346] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60 [ 50.219145][ T8346] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 51.731197][ T8346] ================================================================== [ 51.739390][ T8346] BUG: KASAN: global-out-of-bounds in vmx_vcpu_run+0x4f1/0x13f0 [ 51.747055][ T8346] Read of size 8 at addr ffffffff89a000e9 by task syz-executor198/8346 [ 51.755306][ T8346] [ 51.757635][ T8346] CPU: 0 PID: 8346 Comm: syz-executor198 Not tainted 5.11.0-syzkaller #0 [ 51.766030][ T8346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.776072][ T8346] Call Trace: [ 51.779344][ T8346] dump_stack+0x125/0x19e [ 51.783669][ T8346] print_address_description+0x5f/0x3a0 [ 51.789214][ T8346] kasan_report+0x15e/0x200 [ 51.793764][ T8346] ? vmx_vcpu_run+0x4f1/0x13f0 [ 51.798526][ T8346] vmx_vcpu_run+0x4f1/0x13f0 [ 51.803108][ T8346] ? lock_is_held_type+0xf8/0x160 [ 51.808127][ T8346] ? rcu_lock_release+0x9/0x20 [ 51.812886][ T8346] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.818430][ T8346] ? lock_release+0x472/0x6b0 [ 51.823093][ T8346] vcpu_enter_guest+0x2ed9/0x8f10 [ 51.828107][ T8346] ? __lock_acquire+0x1342/0x5e60 [ 51.833128][ T8346] ? __lock_acquire+0x1275/0x5e60 [ 51.838153][ T8346] ? lock_is_held_type+0xf8/0x160 [ 51.843174][ T8346] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.848711][ T8346] ? lock_acquire+0x124/0x5f0 [ 51.853402][ T8346] vcpu_run+0x316/0xb70 [ 51.857558][ T8346] ? lock_is_held_type+0xf8/0x160 [ 51.862585][ T8346] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 51.868039][ T8346] kvm_vcpu_ioctl+0x62a/0xa30 [ 51.872718][ T8346] ? bpf_lsm_file_ioctl+0x5/0x10 [ 51.877656][ T8346] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 51.883538][ T8346] __se_sys_ioctl+0xfb/0x170 [ 51.888138][ T8346] do_syscall_64+0x2d/0x70 [ 51.892540][ T8346] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.898435][ T8346] RIP: 0033:0x43eee9 [ 51.902362][ T8346] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.921979][ T8346] RSP: 002b:00007ffe7ad00d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.930457][ T8346] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eee9 [ 51.938453][ T8346] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 51.946410][ T8346] RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488 [ 51.954384][ T8346] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60 [ 51.962343][ T8346] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 51.970310][ T8346] [ 51.972629][ T8346] The buggy address belongs to the variable: [ 51.978633][ T8346] str__initcall__trace_system_name+0x9/0x40 [ 51.984623][ T8346] [ 51.986965][ T8346] Memory state around the buggy address: [ 51.992573][ T8346] ffffffff899fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.000614][ T8346] ffffffff89a00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.008657][ T8346] >ffffffff89a00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 f9 f9 [ 52.016709][ T8346] ^ [ 52.024159][ T8346] ffffffff89a00100: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 [ 52.032199][ T8346] ffffffff89a00180: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 52.041556][ T8346] ================================================================== [ 52.049942][ T8346] Disabling lock debugging due to kernel taint [ 52.056069][ T8346] Kernel panic - not syncing: panic_on_warn set ... [ 52.062630][ T8346] CPU: 0 PID: 8346 Comm: syz-executor198 Tainted: G B 5.11.0-syzkaller #0 [ 52.072543][ T8346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.082740][ T8346] Call Trace: [ 52.086025][ T8346] dump_stack+0x125/0x19e [ 52.090338][ T8346] panic+0x291/0x800 [ 52.094233][ T8346] ? do_raw_spin_unlock+0x134/0x8a0 [ 52.100193][ T8346] kasan_report+0x1fb/0x200 [ 52.104693][ T8346] ? vmx_vcpu_run+0x4f1/0x13f0 [ 52.109449][ T8346] vmx_vcpu_run+0x4f1/0x13f0 [ 52.114032][ T8346] ? lock_is_held_type+0xf8/0x160 [ 52.119037][ T8346] ? rcu_lock_release+0x9/0x20 [ 52.123780][ T8346] ? rcu_read_lock_sched_held+0x41/0xb0 [ 52.129320][ T8346] ? lock_release+0x472/0x6b0 [ 52.134007][ T8346] vcpu_enter_guest+0x2ed9/0x8f10 [ 52.139035][ T8346] ? __lock_acquire+0x1342/0x5e60 [ 52.144095][ T8346] ? __lock_acquire+0x1275/0x5e60 [ 52.149413][ T8346] ? lock_is_held_type+0xf8/0x160 [ 52.154510][ T8346] ? rcu_read_lock_sched_held+0x41/0xb0 [ 52.160042][ T8346] ? lock_acquire+0x124/0x5f0 [ 52.164713][ T8346] vcpu_run+0x316/0xb70 [ 52.168942][ T8346] ? lock_is_held_type+0xf8/0x160 [ 52.173953][ T8346] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 52.179410][ T8346] kvm_vcpu_ioctl+0x62a/0xa30 [ 52.184087][ T8346] ? bpf_lsm_file_ioctl+0x5/0x10 [ 52.189019][ T8346] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 52.194904][ T8346] __se_sys_ioctl+0xfb/0x170 [ 52.199569][ T8346] do_syscall_64+0x2d/0x70 [ 52.203966][ T8346] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.209839][ T8346] RIP: 0033:0x43eee9 [ 52.213723][ T8346] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.233309][ T8346] RSP: 002b:00007ffe7ad00d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 52.241719][ T8346] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eee9 [ 52.249671][ T8346] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 52.257619][ T8346] RBP: 0000000000402ed0 R08: 0000000000400488 R09: 0000000000400488 [ 52.265581][ T8346] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f60 [ 52.273530][ T8346] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 52.282265][ T8346] Kernel Offset: disabled [ 52.286587][ T8346] Rebooting in 86400 seconds..