[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.462023][ T7020] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 62.515401][ T7020] ================================================================== [ 62.524588][ T7020] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.534206][ T7020] Read of size 8 at addr ffff88809fdde468 by task syz-executor918/7020 [ 62.542475][ T7020] [ 62.544843][ T7020] CPU: 1 PID: 7020 Comm: syz-executor918 Not tainted 5.6.0-syzkaller #0 [ 62.553178][ T7020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.563227][ T7020] Call Trace: [ 62.566515][ T7020] dump_stack+0x188/0x20d [ 62.570851][ T7020] print_address_description.constprop.0.cold+0xd3/0x315 [ 62.577888][ T7020] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.583613][ T7020] __kasan_report.cold+0x35/0x4d [ 62.588542][ T7020] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.594158][ T7020] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.599769][ T7020] kasan_report+0x33/0x50 [ 62.604082][ T7020] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.609520][ T7020] try_async_pf+0x12b/0xac0 [ 62.614003][ T7020] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 62.618838][ T7020] ? mark_held_locks+0x9f/0xe0 [ 62.623596][ T7020] ? mmu_topup_memory_caches+0x325/0x460 [ 62.629231][ T7020] direct_page_fault+0x27d/0x1d70 [ 62.634253][ T7020] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 62.639446][ T7020] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 62.646217][ T7020] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 62.651294][ T7020] kvm_mmu_page_fault+0x187/0x15d0 [ 62.656522][ T7020] ? kvm_deliver_exception_payload+0x42/0x1a0 [ 62.662621][ T7020] ? kvm_multiple_exception+0x51e/0x720 [ 62.668156][ T7020] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 62.674210][ T7020] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.679744][ T7020] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.685799][ T7020] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.691349][ T7020] ? handle_ept_violation+0x206/0x550 [ 62.696718][ T7020] ? vmx_inject_irq+0x5b0/0x5b0 [ 62.701575][ T7020] vmx_handle_exit+0x2b8/0x1700 [ 62.706534][ T7020] vcpu_enter_guest+0xfea/0x59d0 [ 62.711465][ T7020] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 62.718887][ T7020] ? kvm_arch_vcpu_ioctl_run+0x23a/0x16a0 [ 62.724665][ T7020] ? lock_release+0x800/0x800 [ 62.729461][ T7020] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.735011][ T7020] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.741042][ T7020] ? lockdep_hardirqs_on+0x463/0x620 [ 62.746383][ T7020] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 62.752203][ T7020] ? kvm_arch_vcpu_ioctl_run+0x27b/0x16a0 [ 62.757935][ T7020] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 62.763517][ T7020] kvm_vcpu_ioctl+0x493/0xe60 [ 62.768194][ T7020] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.774617][ T7020] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 62.780543][ T7020] ? do_vfs_ioctl+0x50c/0x12d0 [ 62.785423][ T7020] ? ioctl_file_clone+0x180/0x180 [ 62.790497][ T7020] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 62.795790][ T7020] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.801768][ T7020] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 62.806602][ T7020] ? do_sys_open+0xc3/0x140 [ 62.811111][ T7020] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 62.815951][ T7020] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 62.821413][ T7020] do_fast_syscall_32+0x270/0xe90 [ 62.826485][ T7020] entry_SYSENTER_compat+0x70/0x7f [ 62.831587][ T7020] [ 62.833941][ T7020] Allocated by task 7020: [ 62.838259][ T7020] save_stack+0x1b/0x40 [ 62.842405][ T7020] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.848069][ T7020] kvmalloc_node+0x61/0xf0 [ 62.852468][ T7020] kvm_set_memslot+0x115/0x1530 [ 62.857315][ T7020] __kvm_set_memory_region+0xcf7/0x1320 [ 62.862846][ T7020] __x86_set_memory_region+0x2a3/0x5a0 [ 62.868291][ T7020] vmx_create_vcpu+0x2107/0x2b40 [ 62.873222][ T7020] kvm_arch_vcpu_create+0x6ef/0xb80 [ 62.878421][ T7020] kvm_vm_ioctl+0x15f7/0x23e0 [ 62.883082][ T7020] kvm_vm_compat_ioctl+0x125/0x240 [ 62.888196][ T7020] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 62.894335][ T7020] do_fast_syscall_32+0x270/0xe90 [ 62.899359][ T7020] entry_SYSENTER_compat+0x70/0x7f [ 62.904447][ T7020] [ 62.906768][ T7020] Freed by task 0: [ 62.910467][ T7020] (stack is not available) [ 62.914860][ T7020] [ 62.917188][ T7020] The buggy address belongs to the object at ffff88809fdde000 [ 62.917188][ T7020] which belongs to the cache kmalloc-2k of size 2048 [ 62.931932][ T7020] The buggy address is located 1128 bytes inside of [ 62.931932][ T7020] 2048-byte region [ffff88809fdde000, ffff88809fdde800) [ 62.945604][ T7020] The buggy address belongs to the page: [ 62.951242][ T7020] page:ffffea00027f7780 refcount:1 mapcount:0 mapping:0000000092a32b2b index:0x0 [ 62.960331][ T7020] flags: 0xfffe0000000200(slab) [ 62.968980][ T7020] raw: 00fffe0000000200 ffffea00027dfbc8 ffffea0002a1af88 ffff8880aa000e00 [ 62.977750][ T7020] raw: 0000000000000000 ffff88809fdde000 0000000100000001 0000000000000000 [ 62.986341][ T7020] page dumped because: kasan: bad access detected [ 62.992773][ T7020] [ 62.995085][ T7020] Memory state around the buggy address: [ 63.000727][ T7020] ffff88809fdde300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.008766][ T7020] ffff88809fdde380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.016804][ T7020] >ffff88809fdde400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 63.024851][ T7020] ^ [ 63.032389][ T7020] ffff88809fdde480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.041046][ T7020] ffff88809fdde500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.050173][ T7020] ================================================================== [ 63.058218][ T7020] Disabling lock debugging due to kernel taint [ 63.064960][ T7020] Kernel panic - not syncing: panic_on_warn set ... [ 63.071566][ T7020] CPU: 1 PID: 7020 Comm: syz-executor918 Tainted: G B 5.6.0-syzkaller #0 [ 63.081304][ T7020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.091360][ T7020] Call Trace: [ 63.094735][ T7020] dump_stack+0x188/0x20d [ 63.099042][ T7020] panic+0x2e3/0x75c [ 63.102977][ T7020] ? add_taint.cold+0x16/0x16 [ 63.107668][ T7020] ? preempt_schedule_common+0x5e/0xc0 [ 63.113103][ T7020] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.118796][ T7020] ? preempt_schedule_thunk+0x16/0x18 [ 63.124213][ T7020] ? trace_hardirqs_on+0x55/0x220 [ 63.129220][ T7020] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.134919][ T7020] end_report+0x4d/0x53 [ 63.139160][ T7020] __kasan_report.cold+0xd/0x4d [ 63.144000][ T7020] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.149606][ T7020] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.155210][ T7020] kasan_report+0x33/0x50 [ 63.159514][ T7020] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.164957][ T7020] try_async_pf+0x12b/0xac0 [ 63.169448][ T7020] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 63.174278][ T7020] ? mark_held_locks+0x9f/0xe0 [ 63.179015][ T7020] ? mmu_topup_memory_caches+0x325/0x460 [ 63.184650][ T7020] direct_page_fault+0x27d/0x1d70 [ 63.189759][ T7020] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 63.194950][ T7020] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 63.201693][ T7020] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 63.206712][ T7020] kvm_mmu_page_fault+0x187/0x15d0 [ 63.211800][ T7020] ? kvm_deliver_exception_payload+0x42/0x1a0 [ 63.217840][ T7020] ? kvm_multiple_exception+0x51e/0x720 [ 63.223487][ T7020] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 63.229586][ T7020] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.235165][ T7020] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.241135][ T7020] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.246671][ T7020] ? handle_ept_violation+0x206/0x550 [ 63.252078][ T7020] ? vmx_inject_irq+0x5b0/0x5b0 [ 63.256908][ T7020] vmx_handle_exit+0x2b8/0x1700 [ 63.265749][ T7020] vcpu_enter_guest+0xfea/0x59d0 [ 63.270669][ T7020] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 63.277060][ T7020] ? kvm_arch_vcpu_ioctl_run+0x23a/0x16a0 [ 63.282765][ T7020] ? lock_release+0x800/0x800 [ 63.287419][ T7020] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.292939][ T7020] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.298894][ T7020] ? lockdep_hardirqs_on+0x463/0x620 [ 63.304154][ T7020] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 63.309846][ T7020] ? kvm_arch_vcpu_ioctl_run+0x27b/0x16a0 [ 63.315538][ T7020] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 63.321062][ T7020] kvm_vcpu_ioctl+0x493/0xe60 [ 63.325715][ T7020] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 63.332119][ T7020] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 63.337994][ T7020] ? do_vfs_ioctl+0x50c/0x12d0 [ 63.342733][ T7020] ? ioctl_file_clone+0x180/0x180 [ 63.347732][ T7020] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 63.353022][ T7020] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.359010][ T7020] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 63.363903][ T7020] ? do_sys_open+0xc3/0x140 [ 63.368427][ T7020] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 63.373272][ T7020] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 63.378714][ T7020] do_fast_syscall_32+0x270/0xe90 [ 63.383727][ T7020] entry_SYSENTER_compat+0x70/0x7f [ 63.390225][ T7020] Kernel Offset: disabled [ 63.394559][ T7020] Rebooting in 86400 seconds..