[ OK ] Started Daily apt download activities. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Started Regular background program processing daemon. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting OpenBSD Secure Shell server... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 60.015721][ T7057] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 60.050519][ T7057] ================================================================== [ 60.058754][ T7057] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.067078][ T7057] Read of size 8 at addr ffff8880a80c1468 by task syz-executor412/7057 [ 60.075297][ T7057] [ 60.077615][ T7057] CPU: 0 PID: 7057 Comm: syz-executor412 Not tainted 5.6.0-syzkaller #0 [ 60.085914][ T7057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.095947][ T7057] Call Trace: [ 60.099326][ T7057] dump_stack+0x188/0x20d [ 60.103664][ T7057] print_address_description.constprop.0.cold+0xd3/0x315 [ 60.110730][ T7057] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.116392][ T7057] __kasan_report.cold+0x35/0x4d [ 60.121432][ T7057] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.127057][ T7057] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.132683][ T7057] kasan_report+0x33/0x50 [ 60.137015][ T7057] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.142570][ T7057] try_async_pf+0x12b/0xac0 [ 60.147096][ T7057] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 60.151951][ T7057] ? mark_held_locks+0x9f/0xe0 [ 60.156697][ T7057] ? mmu_topup_memory_caches+0x325/0x460 [ 60.162333][ T7057] direct_page_fault+0x27d/0x1d70 [ 60.167352][ T7057] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 60.172535][ T7057] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 60.179414][ T7057] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 60.184439][ T7057] kvm_mmu_page_fault+0x187/0x15d0 [ 60.189536][ T7057] ? kvm_deliver_exception_payload+0x42/0x1a0 [ 60.195582][ T7057] ? kvm_multiple_exception+0x51e/0x720 [ 60.201125][ T7057] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 60.207177][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.212701][ T7057] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.218660][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.224212][ T7057] ? handle_ept_violation+0x206/0x550 [ 60.229574][ T7057] ? vmx_inject_irq+0x5b0/0x5b0 [ 60.234413][ T7057] vmx_handle_exit+0x2b8/0x1700 [ 60.239263][ T7057] vcpu_enter_guest+0xfea/0x59d0 [ 60.244204][ T7057] ? vmx_vcpu_load_vmcs+0x960/0x960 [ 60.249397][ T7057] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 60.255808][ T7057] ? kvm_arch_vcpu_ioctl_run+0x23a/0x16a0 [ 60.261511][ T7057] ? lock_release+0x800/0x800 [ 60.266185][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.271738][ T7057] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.277714][ T7057] ? lockdep_hardirqs_on+0x463/0x620 [ 60.282983][ T7057] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 60.288689][ T7057] ? kvm_arch_vcpu_ioctl_run+0x27b/0x16a0 [ 60.294822][ T7057] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 60.300355][ T7057] kvm_vcpu_ioctl+0x493/0xe60 [ 60.305027][ T7057] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 60.311418][ T7057] ? ioctl_file_clone+0x180/0x180 [ 60.316428][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.321954][ T7057] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.327923][ T7057] ? __blkcg_punt_bio_submit+0x1d0/0x1d0 [ 60.333558][ T7057] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 60.340093][ T7057] ksys_ioctl+0x11a/0x180 [ 60.344467][ T7057] __x64_sys_ioctl+0x6f/0xb0 [ 60.349048][ T7057] ? lockdep_hardirqs_on+0x463/0x620 [ 60.354316][ T7057] do_syscall_64+0xf6/0x7d0 [ 60.358808][ T7057] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.364677][ T7057] RIP: 0033:0x4401d9 [ 60.368562][ T7057] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.388157][ T7057] RSP: 002b:00007ffdeabc9e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.396549][ T7057] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9 [ 60.404501][ T7057] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 60.412471][ T7057] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 60.420430][ T7057] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401a60 [ 60.428379][ T7057] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 60.436354][ T7057] [ 60.438673][ T7057] Allocated by task 7057: [ 60.442994][ T7057] save_stack+0x1b/0x80 [ 60.447148][ T7057] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.452842][ T7057] kvmalloc_node+0x61/0xf0 [ 60.457274][ T7057] kvm_set_memslot+0x115/0x1530 [ 60.462294][ T7057] __kvm_set_memory_region+0xcf7/0x1320 [ 60.467827][ T7057] __x86_set_memory_region+0x2a3/0x5a0 [ 60.473263][ T7057] vmx_create_vcpu+0x2107/0x2b40 [ 60.478222][ T7057] kvm_arch_vcpu_create+0x6ef/0xb80 [ 60.483402][ T7057] kvm_vm_ioctl+0x15f7/0x23e0 [ 60.488060][ T7057] ksys_ioctl+0x11a/0x180 [ 60.492383][ T7057] __x64_sys_ioctl+0x6f/0xb0 [ 60.496971][ T7057] do_syscall_64+0xf6/0x7d0 [ 60.501566][ T7057] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.507436][ T7057] [ 60.509830][ T7057] Freed by task 0: [ 60.513533][ T7057] (stack is not available) [ 60.517926][ T7057] [ 60.520309][ T7057] The buggy address belongs to the object at ffff8880a80c1000 [ 60.520309][ T7057] which belongs to the cache kmalloc-2k of size 2048 [ 60.534399][ T7057] The buggy address is located 1128 bytes inside of [ 60.534399][ T7057] 2048-byte region [ffff8880a80c1000, ffff8880a80c1800) [ 60.547930][ T7057] The buggy address belongs to the page: [ 60.553558][ T7057] page:ffffea0002a03040 refcount:1 mapcount:0 mapping:00000000fc63864e index:0x0 [ 60.562650][ T7057] flags: 0xfffe0000000200(slab) [ 60.567484][ T7057] raw: 00fffe0000000200 ffffea000227fec8 ffffea00027dde48 ffff8880aa000e00 [ 60.576057][ T7057] raw: 0000000000000000 ffff8880a80c1000 0000000100000001 0000000000000000 [ 60.584612][ T7057] page dumped because: kasan: bad access detected [ 60.591106][ T7057] [ 60.593422][ T7057] Memory state around the buggy address: [ 60.599046][ T7057] ffff8880a80c1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.607085][ T7057] ffff8880a80c1380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.615157][ T7057] >ffff8880a80c1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 60.623191][ T7057] ^ [ 60.630623][ T7057] ffff8880a80c1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.638662][ T7057] ffff8880a80c1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.646697][ T7057] ================================================================== [ 60.654750][ T7057] Disabling lock debugging due to kernel taint [ 60.661338][ T7057] Kernel panic - not syncing: panic_on_warn set ... [ 60.667940][ T7057] CPU: 0 PID: 7057 Comm: syz-executor412 Tainted: G B 5.6.0-syzkaller #0 [ 60.677650][ T7057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.687701][ T7057] Call Trace: [ 60.690998][ T7057] dump_stack+0x188/0x20d [ 60.695340][ T7057] panic+0x2e3/0x75c [ 60.699224][ T7057] ? add_taint.cold+0x16/0x16 [ 60.703898][ T7057] ? preempt_schedule_common+0x5e/0xc0 [ 60.709349][ T7057] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.714959][ T7057] ? preempt_schedule_thunk+0x16/0x18 [ 60.720315][ T7057] ? trace_hardirqs_on+0x55/0x220 [ 60.725407][ T7057] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.731082][ T7057] end_report+0x43/0x49 [ 60.735239][ T7057] __kasan_report.cold+0xd/0x4d [ 60.740079][ T7057] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.745691][ T7057] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.751306][ T7057] kasan_report+0x33/0x50 [ 60.755702][ T7057] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 60.761157][ T7057] try_async_pf+0x12b/0xac0 [ 60.765639][ T7057] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 60.770470][ T7057] ? mark_held_locks+0x9f/0xe0 [ 60.775221][ T7057] ? mmu_topup_memory_caches+0x325/0x460 [ 60.780839][ T7057] direct_page_fault+0x27d/0x1d70 [ 60.785860][ T7057] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 60.791041][ T7057] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 60.797775][ T7057] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 60.802777][ T7057] kvm_mmu_page_fault+0x187/0x15d0 [ 60.807882][ T7057] ? kvm_deliver_exception_payload+0x42/0x1a0 [ 60.813941][ T7057] ? kvm_multiple_exception+0x51e/0x720 [ 60.819481][ T7057] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 60.825537][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.831060][ T7057] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.837038][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.842585][ T7057] ? handle_ept_violation+0x206/0x550 [ 60.847936][ T7057] ? vmx_inject_irq+0x5b0/0x5b0 [ 60.852776][ T7057] vmx_handle_exit+0x2b8/0x1700 [ 60.857624][ T7057] vcpu_enter_guest+0xfea/0x59d0 [ 60.862533][ T7057] ? vmx_vcpu_load_vmcs+0x960/0x960 [ 60.867707][ T7057] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 60.874094][ T7057] ? kvm_arch_vcpu_ioctl_run+0x23a/0x16a0 [ 60.879797][ T7057] ? lock_release+0x800/0x800 [ 60.884459][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.889976][ T7057] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.895988][ T7057] ? lockdep_hardirqs_on+0x463/0x620 [ 60.901273][ T7057] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 60.906991][ T7057] ? kvm_arch_vcpu_ioctl_run+0x27b/0x16a0 [ 60.912703][ T7057] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 60.918243][ T7057] kvm_vcpu_ioctl+0x493/0xe60 [ 60.922914][ T7057] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 60.929321][ T7057] ? ioctl_file_clone+0x180/0x180 [ 60.934330][ T7057] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.939869][ T7057] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.945830][ T7057] ? __blkcg_punt_bio_submit+0x1d0/0x1d0 [ 60.951458][ T7057] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 60.957863][ T7057] ksys_ioctl+0x11a/0x180 [ 60.962169][ T7057] __x64_sys_ioctl+0x6f/0xb0 [ 60.966735][ T7057] ? lockdep_hardirqs_on+0x463/0x620 [ 60.972118][ T7057] do_syscall_64+0xf6/0x7d0 [ 60.976602][ T7057] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.982473][ T7057] RIP: 0033:0x4401d9 [ 60.986350][ T7057] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.005939][ T7057] RSP: 002b:00007ffdeabc9e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.014330][ T7057] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9 [ 61.022291][ T7057] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 61.030253][ T7057] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 61.038217][ T7057] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401a60 [ 61.046162][ T7057] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 61.055676][ T7057] Kernel Offset: disabled [ 61.060001][ T7057] Rebooting in 86400 seconds..