Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. executing program [ 51.439624][ T8340] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 51.482310][ T8340] Not enough msr switch entries. Can't add msr f7894c08 [ 51.504721][ T8340] unchecked MSR access error: WRMSR to 0x3f1 (tried to write 0x0000000000000000) at rIP: 0xffffffff811eca31 (add_atomic_switch_msr+0x61/0x890) [ 51.519247][ T8340] Call Trace: [ 51.522548][ T8340] ? reprogram_fixed_counter+0x511/0x930 [ 51.528164][ T8340] vmx_vcpu_run+0x559/0x13f0 [ 51.532742][ T8340] ? lock_is_held_type+0xf8/0x160 [ 51.537788][ T8340] ? rcu_lock_release+0x9/0x20 [ 51.542532][ T8340] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.548084][ T8340] ? lock_release+0x472/0x6b0 [ 51.552758][ T8340] vcpu_enter_guest+0x2ed9/0x8f10 [ 51.557775][ T8340] ? __lock_acquire+0x1342/0x5e60 [ 51.562791][ T8340] ? __lock_acquire+0x1275/0x5e60 [ 51.567807][ T8340] ? lock_is_held_type+0xf8/0x160 [ 51.572825][ T8340] ? rcu_read_lock_sched_held+0x41/0xb0 [ 51.578369][ T8340] ? lock_acquire+0x124/0x5f0 [ 51.583121][ T8340] vcpu_run+0x316/0xb70 [ 51.587274][ T8340] ? lock_is_held_type+0xf8/0x160 [ 51.592284][ T8340] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 51.597726][ T8340] kvm_vcpu_ioctl+0x62a/0xa30 [ 51.602397][ T8340] ? bpf_lsm_file_ioctl+0x5/0x10 [ 51.607332][ T8340] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 51.613211][ T8340] __se_sys_ioctl+0xfb/0x170 [ 51.617796][ T8340] do_syscall_64+0x2d/0x70 [ 51.622194][ T8340] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.628079][ T8340] RIP: 0033:0x43eea9 [ 51.631955][ T8340] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.651556][ T8340] RSP: 002b:00007ffcd5f31f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.659964][ T8340] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eea9 [ 51.668025][ T8340] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 51.675976][ T8340] RBP: 0000000000402e90 R08: 0000000000400488 R09: 0000000000400488 [ 51.683938][ T8340] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f20 [ 51.691898][ T8340] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 53.179052][ T8340] ================================================================== [ 53.187262][ T8340] BUG: KASAN: global-out-of-bounds in vmx_vcpu_run+0x4f1/0x13f0 [ 53.194901][ T8340] Read of size 8 at addr ffffffff89a000e9 by task syz-executor290/8340 [ 53.203133][ T8340] [ 53.205449][ T8340] CPU: 0 PID: 8340 Comm: syz-executor290 Not tainted 5.11.0-syzkaller #0 [ 53.213861][ T8340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.223913][ T8340] Call Trace: [ 53.227187][ T8340] dump_stack+0x125/0x19e [ 53.231506][ T8340] print_address_description+0x5f/0x3a0 [ 53.237037][ T8340] kasan_report+0x15e/0x200 [ 53.241587][ T8340] ? vmx_vcpu_run+0x4f1/0x13f0 [ 53.246351][ T8340] vmx_vcpu_run+0x4f1/0x13f0 [ 53.251057][ T8340] ? lock_is_held_type+0xf8/0x160 [ 53.256087][ T8340] ? rcu_lock_release+0x9/0x20 [ 53.260834][ T8340] ? rcu_read_lock_sched_held+0x41/0xb0 [ 53.266366][ T8340] ? lock_release+0x472/0x6b0 [ 53.271034][ T8340] vcpu_enter_guest+0x2ed9/0x8f10 [ 53.276052][ T8340] ? __lock_acquire+0x1342/0x5e60 [ 53.281069][ T8340] ? __lock_acquire+0x1275/0x5e60 [ 53.286096][ T8340] ? lock_is_held_type+0xf8/0x160 [ 53.291105][ T8340] ? rcu_read_lock_sched_held+0x41/0xb0 [ 53.296652][ T8340] ? lock_acquire+0x124/0x5f0 [ 53.301323][ T8340] vcpu_run+0x316/0xb70 [ 53.305469][ T8340] ? lock_is_held_type+0xf8/0x160 [ 53.310482][ T8340] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 53.315937][ T8340] kvm_vcpu_ioctl+0x62a/0xa30 [ 53.320619][ T8340] ? bpf_lsm_file_ioctl+0x5/0x10 [ 53.325553][ T8340] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 53.331465][ T8340] __se_sys_ioctl+0xfb/0x170 [ 53.336054][ T8340] do_syscall_64+0x2d/0x70 [ 53.340554][ T8340] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.346460][ T8340] RIP: 0033:0x43eea9 [ 53.350392][ T8340] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.369994][ T8340] RSP: 002b:00007ffcd5f31f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.378404][ T8340] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eea9 [ 53.386490][ T8340] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 53.394476][ T8340] RBP: 0000000000402e90 R08: 0000000000400488 R09: 0000000000400488 [ 53.402443][ T8340] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f20 [ 53.410418][ T8340] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 53.418415][ T8340] [ 53.420741][ T8340] The buggy address belongs to the variable: [ 53.426710][ T8340] str__initcall__trace_system_name+0x9/0x40 [ 53.432684][ T8340] [ 53.434993][ T8340] Memory state around the buggy address: [ 53.440611][ T8340] ffffffff899fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.448659][ T8340] ffffffff89a00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 53.456711][ T8340] >ffffffff89a00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 f9 f9 [ 53.464775][ T8340] ^ [ 53.472227][ T8340] ffffffff89a00100: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 [ 53.480325][ T8340] ffffffff89a00180: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 53.488378][ T8340] ================================================================== [ 53.496424][ T8340] Disabling lock debugging due to kernel taint [ 53.502553][ T8340] Kernel panic - not syncing: panic_on_warn set ... [ 53.509127][ T8340] CPU: 0 PID: 8340 Comm: syz-executor290 Tainted: G B 5.11.0-syzkaller #0 [ 53.518903][ T8340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.529124][ T8340] Call Trace: [ 53.532412][ T8340] dump_stack+0x125/0x19e [ 53.536741][ T8340] panic+0x291/0x800 [ 53.540636][ T8340] ? do_raw_spin_unlock+0x134/0x8a0 [ 53.545821][ T8340] kasan_report+0x1fb/0x200 [ 53.550309][ T8340] ? vmx_vcpu_run+0x4f1/0x13f0 [ 53.555057][ T8340] vmx_vcpu_run+0x4f1/0x13f0 [ 53.559627][ T8340] ? lock_is_held_type+0xf8/0x160 [ 53.564643][ T8340] ? rcu_lock_release+0x9/0x20 [ 53.569420][ T8340] ? rcu_read_lock_sched_held+0x41/0xb0 [ 53.574950][ T8340] ? lock_release+0x472/0x6b0 [ 53.579622][ T8340] vcpu_enter_guest+0x2ed9/0x8f10 [ 53.584636][ T8340] ? __lock_acquire+0x1342/0x5e60 [ 53.589640][ T8340] ? __lock_acquire+0x1275/0x5e60 [ 53.594643][ T8340] ? lock_is_held_type+0xf8/0x160 [ 53.599647][ T8340] ? rcu_read_lock_sched_held+0x41/0xb0 [ 53.605170][ T8340] ? lock_acquire+0x124/0x5f0 [ 53.609823][ T8340] vcpu_run+0x316/0xb70 [ 53.613957][ T8340] ? lock_is_held_type+0xf8/0x160 [ 53.618959][ T8340] kvm_arch_vcpu_ioctl_run+0x4e8/0xa40 [ 53.624405][ T8340] kvm_vcpu_ioctl+0x62a/0xa30 [ 53.629061][ T8340] ? bpf_lsm_file_ioctl+0x5/0x10 [ 53.633975][ T8340] ? kvm_vm_ioctl_get_dirty_log+0x6c0/0x6c0 [ 53.639846][ T8340] __se_sys_ioctl+0xfb/0x170 [ 53.644423][ T8340] do_syscall_64+0x2d/0x70 [ 53.648836][ T8340] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.654724][ T8340] RIP: 0033:0x43eea9 [ 53.658606][ T8340] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.678196][ T8340] RSP: 002b:00007ffcd5f31f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.686612][ T8340] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043eea9 [ 53.694678][ T8340] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 53.702656][ T8340] RBP: 0000000000402e90 R08: 0000000000400488 R09: 0000000000400488 [ 53.710631][ T8340] R10: 0000000000400488 R11: 0000000000000246 R12: 0000000000402f20 [ 53.719625][ T8340] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 53.727988][ T8340] Kernel Offset: disabled [ 53.732314][ T8340] Rebooting in 86400 seconds..