[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.197711][ T7013] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 41.231427][ T7013] ================================================================== [ 41.239571][ T7013] BUG: KASAN: slab-out-of-bounds in __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 41.248373][ T7013] Read of size 8 at addr ffff8880a6422468 by task syz-executor937/7013 [ 41.256586][ T7013] [ 41.258900][ T7013] CPU: 1 PID: 7013 Comm: syz-executor937 Not tainted 5.6.0-syzkaller #0 [ 41.267301][ T7013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.277339][ T7013] Call Trace: [ 41.280617][ T7013] dump_stack+0x1e9/0x30e [ 41.284970][ T7013] print_address_description+0x74/0x5c0 [ 41.290495][ T7013] ? printk+0x62/0x83 [ 41.294548][ T7013] ? vprintk_emit+0x2e6/0x3b0 [ 41.299205][ T7013] __kasan_report+0x103/0x190 [ 41.303859][ T7013] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 41.309811][ T7013] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 41.315764][ T7013] kasan_report+0x4d/0x80 [ 41.320112][ T7013] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 41.326188][ T7013] ? kvm_lapic_set_vapic_addr+0x7d/0x130 [ 41.331792][ T7013] ? kvm_arch_vcpu_ioctl+0x1645/0x4010 [ 41.337228][ T7013] ? kvm_vcpu_ioctl+0xff/0xa80 [ 41.342026][ T7013] ? kvm_vcpu_ioctl+0x550/0xa80 [ 41.346872][ T7013] ? check_preemption_disabled+0xb0/0x240 [ 41.352571][ T7013] ? debug_smp_processor_id+0x5/0x20 [ 41.357854][ T7013] ? kvm_vm_ioctl_get_dirty_log+0x650/0x650 [ 41.363761][ T7013] ? __se_sys_ioctl+0xf9/0x160 [ 41.368542][ T7013] ? do_syscall_64+0xf3/0x1b0 [ 41.373233][ T7013] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.379279][ T7013] [ 41.381616][ T7013] Allocated by task 7013: [ 41.385924][ T7013] __kasan_kmalloc+0x118/0x1c0 [ 41.390662][ T7013] kvmalloc_node+0x81/0x100 [ 41.395185][ T7013] kvm_set_memslot+0x124/0x15b0 [ 41.400009][ T7013] __kvm_set_memory_region+0x1388/0x16c0 [ 41.405659][ T7013] __x86_set_memory_region+0x319/0x620 [ 41.411091][ T7013] vmx_create_vcpu+0x843/0x1380 [ 41.415912][ T7013] kvm_arch_vcpu_create+0x660/0x950 [ 41.421083][ T7013] kvm_vm_ioctl+0xe6d/0x2530 [ 41.425661][ T7013] __se_sys_ioctl+0xf9/0x160 [ 41.430242][ T7013] do_syscall_64+0xf3/0x1b0 [ 41.434723][ T7013] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.440594][ T7013] [ 41.442899][ T7013] Freed by task 2721: [ 41.446857][ T7013] __kasan_slab_free+0x12e/0x1e0 [ 41.451770][ T7013] kfree+0x10a/0x220 [ 41.455697][ T7013] process_one_work+0x76e/0xfd0 [ 41.460524][ T7013] worker_thread+0xa7f/0x1450 [ 41.465174][ T7013] kthread+0x353/0x380 [ 41.469220][ T7013] ret_from_fork+0x24/0x30 [ 41.473606][ T7013] [ 41.475944][ T7013] The buggy address belongs to the object at ffff8880a6422000 [ 41.475944][ T7013] which belongs to the cache kmalloc-2k of size 2048 [ 41.489977][ T7013] The buggy address is located 1128 bytes inside of [ 41.489977][ T7013] 2048-byte region [ffff8880a6422000, ffff8880a6422800) [ 41.503430][ T7013] The buggy address belongs to the page: [ 41.509042][ T7013] page:ffffea0002990880 refcount:1 mapcount:0 mapping:0000000018dcc978 index:0x0 [ 41.518122][ T7013] flags: 0xfffe0000000200(slab) [ 41.522976][ T7013] raw: 00fffe0000000200 ffffea0002990808 ffffea00029908c8 ffff8880aa400e00 [ 41.531549][ T7013] raw: 0000000000000000 ffff8880a6422000 0000000100000001 0000000000000000 [ 41.540114][ T7013] page dumped because: kasan: bad access detected [ 41.546505][ T7013] [ 41.548812][ T7013] Memory state around the buggy address: [ 41.554435][ T7013] ffff8880a6422300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.562523][ T7013] ffff8880a6422380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.570572][ T7013] >ffff8880a6422400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 41.578607][ T7013] ^ [ 41.586036][ T7013] ffff8880a6422480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.594069][ T7013] ffff8880a6422500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.602099][ T7013] ================================================================== [ 41.610129][ T7013] Disabling lock debugging due to kernel taint [ 41.617036][ T7013] Kernel panic - not syncing: panic_on_warn set ... [ 41.623627][ T7013] CPU: 1 PID: 7013 Comm: syz-executor937 Tainted: G B 5.6.0-syzkaller #0 [ 41.633325][ T7013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.643367][ T7013] Call Trace: [ 41.646634][ T7013] dump_stack+0x1e9/0x30e [ 41.650938][ T7013] panic+0x264/0x7a0 [ 41.654804][ T7013] ? trace_hardirqs_on+0x30/0x70 [ 41.659716][ T7013] __kasan_report+0x187/0x190 [ 41.664366][ T7013] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 41.670328][ T7013] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 41.676277][ T7013] kasan_report+0x4d/0x80 [ 41.680585][ T7013] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 41.686646][ T7013] ? kvm_lapic_set_vapic_addr+0x7d/0x130 [ 41.692259][ T7013] ? kvm_arch_vcpu_ioctl+0x1645/0x4010 [ 41.697694][ T7013] ? kvm_vcpu_ioctl+0xff/0xa80 [ 41.702428][ T7013] ? kvm_vcpu_ioctl+0x550/0xa80 [ 41.707247][ T7013] ? check_preemption_disabled+0xb0/0x240 [ 41.712998][ T7013] ? debug_smp_processor_id+0x5/0x20 [ 41.718306][ T7013] ? kvm_vm_ioctl_get_dirty_log+0x650/0x650 [ 41.724166][ T7013] ? __se_sys_ioctl+0xf9/0x160 [ 41.729335][ T7013] ? do_syscall_64+0xf3/0x1b0 [ 41.734006][ T7013] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.741216][ T7013] Kernel Offset: disabled [ 41.745566][ T7013] Rebooting in 86400 seconds..