[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.293234][ T7134] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 67.338456][ T7134] ================================================================== [ 67.346719][ T7134] BUG: KASAN: slab-out-of-bounds in kvm_read_guest_page+0x4b5/0x4d0 [ 67.354697][ T7134] Read of size 8 at addr ffff8880a6f4c468 by task syz-executor664/7134 [ 67.362913][ T7134] [ 67.365241][ T7134] CPU: 1 PID: 7134 Comm: syz-executor664 Not tainted 5.6.0-syzkaller #0 [ 67.373544][ T7134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.383577][ T7134] Call Trace: [ 67.386865][ T7134] dump_stack+0x188/0x20d [ 67.391182][ T7134] print_address_description.constprop.0.cold+0xd3/0x315 [ 67.398190][ T7134] ? kvm_read_guest_page+0x4b5/0x4d0 [ 67.403454][ T7134] __kasan_report.cold+0x35/0x4d [ 67.408392][ T7134] ? kvm_read_guest_page+0x4b5/0x4d0 [ 67.413678][ T7134] ? kvm_read_guest_page+0x4b5/0x4d0 [ 67.418982][ T7134] kasan_report+0x33/0x50 [ 67.423337][ T7134] kvm_read_guest_page+0x4b5/0x4d0 [ 67.428437][ T7134] kvm_read_guest+0x51/0xd0 [ 67.432924][ T7134] kvm_set_msr_common+0xdf3/0x27c0 [ 67.438034][ T7134] ? get_kvmclock_ns+0x370/0x370 [ 67.442959][ T7134] vmx_set_msr+0xa83/0x26a0 [ 67.447454][ T7134] ? pt_update_intercept_for_msr+0x960/0x960 [ 67.453412][ T7134] ? lock_downgrade+0x840/0x840 [ 67.458252][ T7134] __kvm_set_msr+0x15f/0x2d0 [ 67.462828][ T7134] ? kvm_enable_efer_bits+0x20/0x20 [ 67.468025][ T7134] ? __might_fault+0x190/0x1d0 [ 67.472784][ T7134] ? _copy_from_user+0x13c/0x1a0 [ 67.477718][ T7134] ? do_get_msr+0x100/0x100 [ 67.482213][ T7134] msr_io+0x173/0x290 [ 67.486182][ T7134] ? emulator_write_std+0xb0/0xb0 [ 67.491200][ T7134] ? save_stack+0x32/0x40 [ 67.495511][ T7134] ? __kasan_slab_free+0xf7/0x140 [ 67.500524][ T7134] kvm_arch_vcpu_ioctl+0x1004/0x2c20 [ 67.505825][ T7134] ? kvm_arch_vcpu_ioctl+0xfb5/0x2c20 [ 67.511204][ T7134] ? kvm_arch_vcpu_put+0x530/0x530 [ 67.516311][ T7134] ? lock_acquire+0x1f2/0x8f0 [ 67.520975][ T7134] ? kvm_vcpu_ioctl+0x175/0xe60 [ 67.525812][ T7134] ? lock_release+0x800/0x800 [ 67.530563][ T7134] ? find_held_lock+0x2d/0x110 [ 67.535334][ T7134] ? __mutex_lock+0x458/0x13c0 [ 67.540107][ T7134] ? kfree+0x1eb/0x2b0 [ 67.544166][ T7134] ? kvm_vcpu_ioctl+0x175/0xe60 [ 67.549002][ T7134] ? mutex_trylock+0x2c0/0x2c0 [ 67.553751][ T7134] ? tomoyo_execute_permission+0x470/0x470 [ 67.559576][ T7134] kvm_vcpu_ioctl+0x866/0xe60 [ 67.564254][ T7134] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 67.570672][ T7134] ? ioctl_file_clone+0x180/0x180 [ 67.575725][ T7134] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.581273][ T7134] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.587258][ T7134] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 67.593678][ T7134] ksys_ioctl+0x11a/0x180 [ 67.597990][ T7134] __x64_sys_ioctl+0x6f/0xb0 [ 67.602560][ T7134] ? lockdep_hardirqs_on+0x463/0x620 [ 67.607842][ T7134] do_syscall_64+0xf6/0x7d0 [ 67.612339][ T7134] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.618222][ T7134] RIP: 0033:0x440439 [ 67.622101][ T7134] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.643525][ T7134] RSP: 002b:00007fffc1a95fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.651937][ T7134] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440439 [ 67.659994][ T7134] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005 [ 67.667971][ T7134] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 67.675943][ T7134] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401cc0 [ 67.684053][ T7134] R13: 0000000000401d50 R14: 0000000000000000 R15: 0000000000000000 [ 67.692470][ T7134] [ 67.694817][ T7134] Allocated by task 7134: [ 67.699265][ T7134] save_stack+0x1b/0x40 [ 67.703438][ T7134] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.709597][ T7134] kvmalloc_node+0x61/0xf0 [ 67.715820][ T7134] kvm_set_memslot+0x115/0x1530 [ 67.720668][ T7134] __kvm_set_memory_region+0xcf7/0x1320 [ 67.726209][ T7134] kvm_set_memory_region+0x29/0x50 [ 67.731317][ T7134] kvm_vm_ioctl+0x678/0x23e0 [ 67.739192][ T7134] ksys_ioctl+0x11a/0x180 [ 67.743516][ T7134] __x64_sys_ioctl+0x6f/0xb0 [ 67.748188][ T7134] do_syscall_64+0xf6/0x7d0 [ 67.752678][ T7134] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.758559][ T7134] [ 67.760882][ T7134] Freed by task 0: [ 67.764575][ T7134] (stack is not available) [ 67.768982][ T7134] [ 67.771307][ T7134] The buggy address belongs to the object at ffff8880a6f4c000 [ 67.771307][ T7134] which belongs to the cache kmalloc-2k of size 2048 [ 67.785357][ T7134] The buggy address is located 1128 bytes inside of [ 67.785357][ T7134] 2048-byte region [ffff8880a6f4c000, ffff8880a6f4c800) [ 67.802892][ T7134] The buggy address belongs to the page: [ 67.810931][ T7134] page:ffffea00029bd300 refcount:1 mapcount:0 mapping:00000000b535bfac index:0x0 [ 67.820057][ T7134] flags: 0xfffe0000000200(slab) [ 67.825019][ T7134] raw: 00fffe0000000200 ffffea00029abe08 ffffea00027feec8 ffff8880aa000e00 [ 67.833598][ T7134] raw: 0000000000000000 ffff8880a6f4c000 0000000100000001 0000000000000000 [ 67.842278][ T7134] page dumped because: kasan: bad access detected [ 67.848843][ T7134] [ 67.853860][ T7134] Memory state around the buggy address: [ 67.859473][ T7134] ffff8880a6f4c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.867517][ T7134] ffff8880a6f4c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.875563][ T7134] >ffff8880a6f4c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 67.883619][ T7134] ^ [ 67.891057][ T7134] ffff8880a6f4c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.899313][ T7134] ffff8880a6f4c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.907372][ T7134] ================================================================== [ 67.915434][ T7134] Disabling lock debugging due to kernel taint [ 67.922752][ T7134] Kernel panic - not syncing: panic_on_warn set ... [ 67.929396][ T7134] CPU: 1 PID: 7134 Comm: syz-executor664 Tainted: G B 5.6.0-syzkaller #0 [ 67.939108][ T7134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.949175][ T7134] Call Trace: [ 67.952609][ T7134] dump_stack+0x188/0x20d [ 67.957096][ T7134] panic+0x2e3/0x75c [ 67.960970][ T7134] ? add_taint.cold+0x16/0x16 [ 67.965769][ T7134] ? preempt_schedule_common+0x5e/0xc0 [ 67.971687][ T7134] ? kvm_read_guest_page+0x4b5/0x4d0 [ 67.976957][ T7134] ? preempt_schedule_thunk+0x16/0x18 [ 67.982371][ T7134] ? trace_hardirqs_on+0x55/0x220 [ 67.987377][ T7134] ? kvm_read_guest_page+0x4b5/0x4d0 [ 67.992642][ T7134] end_report+0x4d/0x53 [ 67.996819][ T7134] __kasan_report.cold+0xd/0x4d [ 68.001742][ T7134] ? kvm_read_guest_page+0x4b5/0x4d0 [ 68.007116][ T7134] ? kvm_read_guest_page+0x4b5/0x4d0 [ 68.012381][ T7134] kasan_report+0x33/0x50 [ 68.017319][ T7134] kvm_read_guest_page+0x4b5/0x4d0 [ 68.022520][ T7134] kvm_read_guest+0x51/0xd0 [ 68.027180][ T7134] kvm_set_msr_common+0xdf3/0x27c0 [ 68.032290][ T7134] ? get_kvmclock_ns+0x370/0x370 [ 68.037218][ T7134] vmx_set_msr+0xa83/0x26a0 [ 68.042263][ T7134] ? pt_update_intercept_for_msr+0x960/0x960 [ 68.048228][ T7134] ? lock_downgrade+0x840/0x840 [ 68.053063][ T7134] __kvm_set_msr+0x15f/0x2d0 [ 68.057638][ T7134] ? kvm_enable_efer_bits+0x20/0x20 [ 68.062819][ T7134] ? __might_fault+0x190/0x1d0 [ 68.067568][ T7134] ? _copy_from_user+0x13c/0x1a0 [ 68.072505][ T7134] ? do_get_msr+0x100/0x100 [ 68.076988][ T7134] msr_io+0x173/0x290 [ 68.080970][ T7134] ? emulator_write_std+0xb0/0xb0 [ 68.085978][ T7134] ? save_stack+0x32/0x40 [ 68.090305][ T7134] ? __kasan_slab_free+0xf7/0x140 [ 68.095311][ T7134] kvm_arch_vcpu_ioctl+0x1004/0x2c20 [ 68.100590][ T7134] ? kvm_arch_vcpu_ioctl+0xfb5/0x2c20 [ 68.105961][ T7134] ? kvm_arch_vcpu_put+0x530/0x530 [ 68.111056][ T7134] ? lock_acquire+0x1f2/0x8f0 [ 68.115730][ T7134] ? kvm_vcpu_ioctl+0x175/0xe60 [ 68.120671][ T7134] ? lock_release+0x800/0x800 [ 68.125352][ T7134] ? find_held_lock+0x2d/0x110 [ 68.130103][ T7134] ? __mutex_lock+0x458/0x13c0 [ 68.135997][ T7134] ? kfree+0x1eb/0x2b0 [ 68.140048][ T7134] ? kvm_vcpu_ioctl+0x175/0xe60 [ 68.144900][ T7134] ? mutex_trylock+0x2c0/0x2c0 [ 68.149649][ T7134] ? tomoyo_execute_permission+0x470/0x470 [ 68.155446][ T7134] kvm_vcpu_ioctl+0x866/0xe60 [ 68.160107][ T7134] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 68.166505][ T7134] ? ioctl_file_clone+0x180/0x180 [ 68.171517][ T7134] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.177222][ T7134] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.183191][ T7134] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 68.189586][ T7134] ksys_ioctl+0x11a/0x180 [ 68.193919][ T7134] __x64_sys_ioctl+0x6f/0xb0 [ 68.198508][ T7134] ? lockdep_hardirqs_on+0x463/0x620 [ 68.203795][ T7134] do_syscall_64+0xf6/0x7d0 [ 68.208317][ T7134] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.214212][ T7134] RIP: 0033:0x440439 [ 68.218087][ T7134] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.237984][ T7134] RSP: 002b:00007fffc1a95fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.246525][ T7134] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440439 [ 68.256974][ T7134] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005 [ 68.264946][ T7134] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 68.273099][ T7134] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401cc0 [ 68.281124][ T7134] R13: 0000000000401d50 R14: 0000000000000000 R15: 0000000000000000 [ 68.290428][ T7134] Kernel Offset: disabled [ 68.294891][ T7134] Rebooting in 86400 seconds..