[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 67.739391][ T7087] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 67.812068][ T7090] ================================================================== [ 67.820639][ T7090] BUG: KASAN: slab-out-of-bounds in gfn_to_hva+0x4a0/0x4c0 [ 67.827839][ T7090] Read of size 8 at addr ffff8880a8c49468 by task syz-executor012/7090 [ 67.836075][ T7090] [ 67.838428][ T7090] CPU: 0 PID: 7090 Comm: syz-executor012 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 67.848320][ T7090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.858478][ T7090] Call Trace: [ 67.862047][ T7090] dump_stack+0x188/0x20d [ 67.866411][ T7090] print_address_description.constprop.0.cold+0xd3/0x315 [ 67.873456][ T7090] ? gfn_to_hva+0x4a0/0x4c0 [ 67.877981][ T7090] __kasan_report.cold+0x35/0x4d [ 67.882935][ T7090] ? gfn_to_hva+0x4a0/0x4c0 [ 67.887456][ T7090] ? gfn_to_hva+0x4a0/0x4c0 [ 67.891965][ T7090] kasan_report+0x33/0x50 [ 67.896303][ T7090] gfn_to_hva+0x4a0/0x4c0 [ 67.900650][ T7090] kvm_arch_mmu_notifier_invalidate_range+0x21/0x80 [ 67.907265][ T7090] kvm_mmu_notifier_invalidate_range_start+0x1a1/0x280 [ 67.914154][ T7090] ? kvm_flush_remote_tlbs+0x120/0x120 [ 67.919641][ T7090] __mmu_notifier_invalidate_range_start+0x4bc/0x6b0 [ 67.926336][ T7090] change_protection+0x1ed0/0x2710 [ 67.931477][ T7090] ? __vma_adjust+0xbf6/0x1c50 [ 67.936254][ T7090] ? prot_none_pte_entry+0x150/0x150 [ 67.941544][ T7090] ? vma_wants_writenotify+0x223/0x4f0 [ 67.947016][ T7090] ? vma_set_page_prot+0x19c/0x250 [ 67.952139][ T7090] mprotect_fixup+0x46c/0x940 [ 67.956826][ T7090] ? change_protection+0x2710/0x2710 [ 67.962123][ T7090] ? vmacache_find+0x62/0x300 [ 67.966805][ T7090] ? apparmor_file_mprotect+0xe8/0x110 [ 67.972285][ T7090] do_mprotect_pkey+0x542/0x950 [ 67.977158][ T7090] ? mprotect_fixup+0x940/0x940 [ 67.982030][ T7090] ? handle_mm_fault+0x29e/0x660 [ 67.986983][ T7090] ? trace_hardirqs_off_caller+0x55/0x230 [ 67.992751][ T7090] __x64_sys_mprotect+0x74/0xb0 [ 67.997619][ T7090] ? lockdep_hardirqs_on+0x463/0x620 [ 68.002969][ T7090] do_syscall_64+0xf6/0x7d0 [ 68.007494][ T7090] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.013397][ T7090] RIP: 0033:0x446927 [ 68.017337][ T7090] Code: 00 00 00 b8 0b 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.037048][ T7090] RSP: 002b:00007ffef1644d38 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 68.045500][ T7090] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 0000000000446927 [ 68.053490][ T7090] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 00007f3782e88000 [ 68.061568][ T7090] RBP: 00007ffef1644e20 R08: 00000000006dba00 R09: 00000000006dba00 [ 68.069558][ T7090] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffef1644e40 [ 68.077547][ T7090] R13: 00007f3782ea8700 R14: 00007f3782ea89c0 R15: 000000000000002d [ 68.085631][ T7090] [ 68.087965][ T7090] Allocated by task 7094: [ 68.092309][ T7090] save_stack+0x1b/0x40 [ 68.096480][ T7090] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 68.102296][ T7090] kvmalloc_node+0x61/0xf0 [ 68.106723][ T7090] kvm_set_memslot+0x115/0x1530 [ 68.111585][ T7090] __kvm_set_memory_region+0xcf7/0x1320 [ 68.117145][ T7090] kvm_set_memory_region+0x29/0x50 [ 68.122267][ T7090] kvm_vm_ioctl+0x678/0x2400 [ 68.126867][ T7090] ksys_ioctl+0x11a/0x180 [ 68.131209][ T7090] __x64_sys_ioctl+0x6f/0xb0 [ 68.135808][ T7090] do_syscall_64+0xf6/0x7d0 [ 68.140322][ T7090] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.146215][ T7090] [ 68.148543][ T7090] Freed by task 0: [ 68.152258][ T7090] (stack is not available) [ 68.156671][ T7090] [ 68.159008][ T7090] The buggy address belongs to the object at ffff8880a8c49000 [ 68.159008][ T7090] which belongs to the cache kmalloc-2k of size 2048 [ 68.173091][ T7090] The buggy address is located 1128 bytes inside of [ 68.173091][ T7090] 2048-byte region [ffff8880a8c49000, ffff8880a8c49800) [ 68.186537][ T7090] The buggy address belongs to the page: [ 68.192176][ T7090] page:ffffea0002a31240 refcount:1 mapcount:0 mapping:0000000056c727a7 index:0x0 [ 68.201276][ T7090] flags: 0xfffe0000000200(slab) [ 68.206155][ T7090] raw: 00fffe0000000200 ffffea0002573948 ffffea0002516c48 ffff8880aa000e00 [ 68.214760][ T7090] raw: 0000000000000000 ffff8880a8c49000 0000000100000001 0000000000000000 [ 68.223354][ T7090] page dumped because: kasan: bad access detected [ 68.229863][ T7090] [ 68.232190][ T7090] Memory state around the buggy address: [ 68.237824][ T7090] ffff8880a8c49300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.245888][ T7090] ffff8880a8c49380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.253955][ T7090] >ffff8880a8c49400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 68.262191][ T7090] ^ [ 68.269649][ T7090] ffff8880a8c49480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.277730][ T7090] ffff8880a8c49500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.285786][ T7090] ================================================================== [ 68.293848][ T7090] Disabling lock debugging due to kernel taint [ 68.301063][ T7090] Kernel panic - not syncing: panic_on_warn set ... [ 68.307666][ T7090] CPU: 0 PID: 7090 Comm: syz-executor012 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 68.319022][ T7090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.329073][ T7090] Call Trace: [ 68.332365][ T7090] dump_stack+0x188/0x20d [ 68.336696][ T7090] panic+0x2e3/0x75c [ 68.340606][ T7090] ? add_taint.cold+0x16/0x16 [ 68.345306][ T7090] ? preempt_schedule_common+0x5e/0xc0 [ 68.350765][ T7090] ? gfn_to_hva+0x4a0/0x4c0 [ 68.355272][ T7090] ? preempt_schedule_thunk+0x16/0x18 [ 68.360636][ T7090] ? trace_hardirqs_on+0x55/0x220 [ 68.365649][ T7090] ? gfn_to_hva+0x4a0/0x4c0 [ 68.370148][ T7090] end_report+0x4d/0x53 [ 68.374295][ T7090] __kasan_report.cold+0xd/0x4d [ 68.379141][ T7090] ? gfn_to_hva+0x4a0/0x4c0 [ 68.383631][ T7090] ? gfn_to_hva+0x4a0/0x4c0 [ 68.388121][ T7090] kasan_report+0x33/0x50 [ 68.392451][ T7090] gfn_to_hva+0x4a0/0x4c0 [ 68.396800][ T7090] kvm_arch_mmu_notifier_invalidate_range+0x21/0x80 [ 68.403396][ T7090] kvm_mmu_notifier_invalidate_range_start+0x1a1/0x280 [ 68.410249][ T7090] ? kvm_flush_remote_tlbs+0x120/0x120 [ 68.415703][ T7090] __mmu_notifier_invalidate_range_start+0x4bc/0x6b0 [ 68.422373][ T7090] change_protection+0x1ed0/0x2710 [ 68.427486][ T7090] ? __vma_adjust+0xbf6/0x1c50 [ 68.432247][ T7090] ? prot_none_pte_entry+0x150/0x150 [ 68.437522][ T7090] ? vma_wants_writenotify+0x223/0x4f0 [ 68.442978][ T7090] ? vma_set_page_prot+0x19c/0x250 [ 68.448077][ T7090] mprotect_fixup+0x46c/0x940 [ 68.455264][ T7090] ? change_protection+0x2710/0x2710 [ 68.460562][ T7090] ? vmacache_find+0x62/0x300 [ 68.465242][ T7090] ? apparmor_file_mprotect+0xe8/0x110 [ 68.470694][ T7090] do_mprotect_pkey+0x542/0x950 [ 68.475538][ T7090] ? mprotect_fixup+0x940/0x940 [ 68.480378][ T7090] ? handle_mm_fault+0x29e/0x660 [ 68.485307][ T7090] ? trace_hardirqs_off_caller+0x55/0x230 [ 68.491034][ T7090] __x64_sys_mprotect+0x74/0xb0 [ 68.495881][ T7090] ? lockdep_hardirqs_on+0x463/0x620 [ 68.501161][ T7090] do_syscall_64+0xf6/0x7d0 [ 68.505663][ T7090] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.511542][ T7090] RIP: 0033:0x446927 [ 68.515429][ T7090] Code: 00 00 00 b8 0b 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.537726][ T7090] RSP: 002b:00007ffef1644d38 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 68.546130][ T7090] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 0000000000446927 [ 68.554262][ T7090] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 00007f3782e88000 [ 68.563001][ T7090] RBP: 00007ffef1644e20 R08: 00000000006dba00 R09: 00000000006dba00 [ 68.570978][ T7090] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffef1644e40 [ 68.578937][ T7090] R13: 00007f3782ea8700 R14: 00007f3782ea89c0 R15: 000000000000002d [ 68.588344][ T7090] Kernel Offset: disabled [ 68.592883][ T7090] Rebooting in 86400 seconds..