[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.028548][ T7133] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 42.063863][ T7133] ================================================================== [ 42.072271][ T7133] BUG: KASAN: slab-out-of-bounds in __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 42.081049][ T7133] Read of size 8 at addr ffff888093e57468 by task syz-executor509/7133 [ 42.089597][ T7133] [ 42.091919][ T7133] CPU: 0 PID: 7133 Comm: syz-executor509 Not tainted 5.6.0-syzkaller #0 [ 42.100324][ T7133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.112485][ T7133] Call Trace: [ 42.115768][ T7133] dump_stack+0x1e9/0x30e [ 42.120094][ T7133] print_address_description+0x74/0x5c0 [ 42.125991][ T7133] ? printk+0x62/0x83 [ 42.130003][ T7133] ? vprintk_emit+0x339/0x3c0 [ 42.134711][ T7133] __kasan_report+0x103/0x1a0 [ 42.141343][ T7133] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 42.147322][ T7133] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 42.153288][ T7133] kasan_report+0x4d/0x80 [ 42.158311][ T7133] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 42.164287][ T7133] ? kvm_lapic_set_vapic_addr+0x7d/0x130 [ 42.169912][ T7133] ? kvm_arch_vcpu_ioctl+0x1645/0x4010 [ 42.175458][ T7133] ? kvm_vcpu_ioctl+0xff/0xa80 [ 42.180226][ T7133] ? kvm_vcpu_ioctl+0x550/0xa80 [ 42.185071][ T7133] ? check_preemption_disabled+0xb0/0x240 [ 42.190787][ T7133] ? debug_smp_processor_id+0x5/0x20 [ 42.196231][ T7133] ? kvm_vm_ioctl_get_dirty_log+0x650/0x650 [ 42.202141][ T7133] ? __se_sys_ioctl+0xf9/0x160 [ 42.208209][ T7133] ? do_syscall_64+0xf3/0x1b0 [ 42.213431][ T7133] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 42.219496][ T7133] [ 42.221804][ T7133] Allocated by task 7133: [ 42.226134][ T7133] __kasan_kmalloc+0x114/0x160 [ 42.230902][ T7133] kvmalloc_node+0x81/0x100 [ 42.235399][ T7133] kvm_set_memslot+0x124/0x15b0 [ 42.240422][ T7133] __kvm_set_memory_region+0x1388/0x16c0 [ 42.246051][ T7133] __x86_set_memory_region+0x319/0x620 [ 42.252109][ T7133] vmx_create_vcpu+0x843/0x1380 [ 42.256958][ T7133] kvm_arch_vcpu_create+0x660/0x950 [ 42.262309][ T7133] kvm_vm_ioctl+0xe6d/0x2530 [ 42.267152][ T7133] __se_sys_ioctl+0xf9/0x160 [ 42.271727][ T7133] do_syscall_64+0xf3/0x1b0 [ 42.276217][ T7133] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 42.282082][ T7133] [ 42.284386][ T7133] Freed by task 0: [ 42.288086][ T7133] (stack is not available) [ 42.292476][ T7133] [ 42.294806][ T7133] The buggy address belongs to the object at ffff888093e57000 [ 42.294806][ T7133] which belongs to the cache kmalloc-2k of size 2048 [ 42.308857][ T7133] The buggy address is located 1128 bytes inside of [ 42.308857][ T7133] 2048-byte region [ffff888093e57000, ffff888093e57800) [ 42.323193][ T7133] The buggy address belongs to the page: [ 42.328821][ T7133] page:ffffea00024f95c0 refcount:1 mapcount:0 mapping:0000000085a453c7 index:0x0 [ 42.338174][ T7133] flags: 0xfffe0000000200(slab) [ 42.343016][ T7133] raw: 00fffe0000000200 ffffea00029ca488 ffffea0002429ec8 ffff8880aa400e00 [ 42.351588][ T7133] raw: 0000000000000000 ffff888093e57000 0000000100000001 0000000000000000 [ 42.360147][ T7133] page dumped because: kasan: bad access detected [ 42.366629][ T7133] [ 42.368944][ T7133] Memory state around the buggy address: [ 42.375506][ T7133] ffff888093e57300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.383545][ T7133] ffff888093e57380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.391659][ T7133] >ffff888093e57400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 42.399727][ T7133] ^ [ 42.407616][ T7133] ffff888093e57480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.416184][ T7133] ffff888093e57500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.424240][ T7133] ================================================================== [ 42.432290][ T7133] Disabling lock debugging due to kernel taint [ 42.449389][ T7133] Kernel panic - not syncing: panic_on_warn set ... [ 42.456086][ T7133] CPU: 1 PID: 7133 Comm: syz-executor509 Tainted: G B 5.6.0-syzkaller #0 [ 42.465901][ T7133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.475952][ T7133] Call Trace: [ 42.479225][ T7133] dump_stack+0x1e9/0x30e [ 42.483530][ T7133] panic+0x264/0x7a0 [ 42.487401][ T7133] ? trace_hardirqs_on+0x30/0x70 [ 42.492337][ T7133] __kasan_report+0x191/0x1a0 [ 42.497002][ T7133] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 42.502959][ T7133] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 42.508913][ T7133] kasan_report+0x4d/0x80 [ 42.514336][ T7133] ? __kvm_gfn_to_hva_cache_init+0x30b/0x710 [ 42.520314][ T7133] ? kvm_lapic_set_vapic_addr+0x7d/0x130 [ 42.525932][ T7133] ? kvm_arch_vcpu_ioctl+0x1645/0x4010 [ 42.531369][ T7133] ? kvm_vcpu_ioctl+0xff/0xa80 [ 42.536843][ T7133] ? kvm_vcpu_ioctl+0x550/0xa80 [ 42.542385][ T7133] ? check_preemption_disabled+0xb0/0x240 [ 42.548948][ T7133] ? debug_smp_processor_id+0x5/0x20 [ 42.554311][ T7133] ? kvm_vm_ioctl_get_dirty_log+0x650/0x650 [ 42.560278][ T7133] ? __se_sys_ioctl+0xf9/0x160 [ 42.565799][ T7133] ? do_syscall_64+0xf3/0x1b0 [ 42.570461][ T7133] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 42.582772][ T7133] Kernel Offset: disabled [ 42.587290][ T7133] Rebooting in 86400 seconds..