[[0;32m  OK  [0m] Started Getty on tty2.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   65.019568][ T7070] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   65.057116][ T7070] ==================================================================
[   65.065394][ T7070] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.073761][ T7070] Read of size 8 at addr ffff88809ebf3468 by task syz-executor276/7070
[   65.081993][ T7070] 
[   65.084323][ T7070] CPU: 0 PID: 7070 Comm: syz-executor276 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0
[   65.094183][ T7070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.104216][ T7070] Call Trace:
[   65.107487][ T7070]  dump_stack+0x188/0x20d
[   65.111819][ T7070]  print_address_description.constprop.0.cold+0xd3/0x315
[   65.118825][ T7070]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.124436][ T7070]  __kasan_report.cold+0x35/0x4d
[   65.129354][ T7070]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.134987][ T7070]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.140597][ T7070]  kasan_report+0x33/0x50
[   65.144928][ T7070]  kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.150367][ T7070]  try_async_pf+0x12b/0xac0
[   65.154853][ T7070]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   65.159709][ T7070]  ? mark_held_locks+0x9f/0xe0
[   65.164471][ T7070]  ? mmu_topup_memory_caches+0x325/0x460
[   65.170084][ T7070]  direct_page_fault+0x27d/0x1d70
[   65.175098][ T7070]  ? kvm_mmu_get_page+0x1e70/0x1e70
[   65.180294][ T7070]  ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0
[   65.187035][ T7070]  ? kvm_vcpu_mtrr_init+0x70/0x70
[   65.192069][ T7070]  kvm_mmu_page_fault+0x187/0x15d0
[   65.197165][ T7070]  ? kvm_deliver_exception_payload+0x42/0x1a0
[   65.203211][ T7070]  ? kvm_multiple_exception+0x51e/0x720
[   65.208739][ T7070]  ? kvm_nx_lpage_recovery_worker+0x790/0x790
[   65.214808][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.220334][ T7070]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.226316][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.231863][ T7070]  ? handle_ept_violation+0x206/0x550
[   65.237217][ T7070]  ? vmx_inject_irq+0x5b0/0x5b0
[   65.242045][ T7070]  vmx_handle_exit+0x2b8/0x1700
[   65.246883][ T7070]  vcpu_enter_guest+0xfea/0x59d0
[   65.251798][ T7070]  ? vmx_vcpu_load_vmcs+0x960/0x960
[   65.256981][ T7070]  ? kvm_vcpu_reload_apic_access_page+0x300/0x300
[   65.263374][ T7070]  ? kvm_arch_vcpu_ioctl_run+0x23a/0x16e0
[   65.269078][ T7070]  ? lock_release+0x800/0x800
[   65.273738][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.279280][ T7070]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.285240][ T7070]  ? lockdep_hardirqs_on+0x463/0x620
[   65.290506][ T7070]  ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   65.296219][ T7070]  ? kvm_arch_vcpu_ioctl_run+0x27b/0x16e0
[   65.301932][ T7070]  kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   65.307464][ T7070]  kvm_vcpu_ioctl+0x493/0xe60
[   65.312126][ T7070]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.318542][ T7070]  ? ioctl_file_clone+0x180/0x180
[   65.323561][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.329103][ T7070]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.335075][ T7070]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.341467][ T7070]  ksys_ioctl+0x11a/0x180
[   65.345777][ T7070]  __x64_sys_ioctl+0x6f/0xb0
[   65.350346][ T7070]  ? lockdep_hardirqs_on+0x463/0x620
[   65.355612][ T7070]  do_syscall_64+0xf6/0x7d0
[   65.360123][ T7070]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.365995][ T7070] RIP: 0033:0x440269
[   65.369886][ T7070] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.389471][ T7070] RSP: 002b:00007ffe108f3cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.397903][ T7070] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269
[   65.405869][ T7070] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   65.413834][ T7070] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   65.421840][ T7070] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401af0
[   65.429797][ T7070] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000
[   65.437760][ T7070] 
[   65.440067][ T7070] Allocated by task 7070:
[   65.444378][ T7070]  save_stack+0x1b/0x40
[   65.448510][ T7070]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.454136][ T7070]  kvmalloc_node+0x61/0xf0
[   65.458545][ T7070]  kvm_set_memslot+0x115/0x1530
[   65.463388][ T7070]  __kvm_set_memory_region+0xcf7/0x1320
[   65.468924][ T7070]  kvm_set_memory_region+0x29/0x50
[   65.474028][ T7070]  kvm_vm_ioctl+0x678/0x2400
[   65.478594][ T7070]  ksys_ioctl+0x11a/0x180
[   65.482922][ T7070]  __x64_sys_ioctl+0x6f/0xb0
[   65.487490][ T7070]  do_syscall_64+0xf6/0x7d0
[   65.492009][ T7070]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.497887][ T7070] 
[   65.500192][ T7070] Freed by task 0:
[   65.503883][ T7070] (stack is not available)
[   65.508270][ T7070] 
[   65.510576][ T7070] The buggy address belongs to the object at ffff88809ebf3000
[   65.510576][ T7070]  which belongs to the cache kmalloc-2k of size 2048
[   65.524620][ T7070] The buggy address is located 1128 bytes inside of
[   65.524620][ T7070]  2048-byte region [ffff88809ebf3000, ffff88809ebf3800)
[   65.538057][ T7070] The buggy address belongs to the page:
[   65.543671][ T7070] page:ffffea00027afcc0 refcount:1 mapcount:0 mapping:00000000e4547147 index:0x0
[   65.552752][ T7070] flags: 0xfffe0000000200(slab)
[   65.557583][ T7070] raw: 00fffe0000000200 ffffea00025cbe48 ffff8880aa001950 ffff8880aa000e00
[   65.566162][ T7070] raw: 0000000000000000 ffff88809ebf3000 0000000100000001 0000000000000000
[   65.574735][ T7070] page dumped because: kasan: bad access detected
[   65.581120][ T7070] 
[   65.583421][ T7070] Memory state around the buggy address:
[   65.589028][ T7070]  ffff88809ebf3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.597081][ T7070]  ffff88809ebf3380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.605140][ T7070] >ffff88809ebf3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   65.613177][ T7070]                                                           ^
[   65.620612][ T7070]  ffff88809ebf3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.628675][ T7070]  ffff88809ebf3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.636728][ T7070] ==================================================================
[   65.644766][ T7070] Disabling lock debugging due to kernel taint
[   65.652143][ T7070] Kernel panic - not syncing: panic_on_warn set ...
[   65.658745][ T7070] CPU: 0 PID: 7070 Comm: syz-executor276 Tainted: G    B             5.7.0-rc1-next-20200415-syzkaller #0
[   65.670021][ T7070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.680072][ T7070] Call Trace:
[   65.683367][ T7070]  dump_stack+0x188/0x20d
[   65.687706][ T7070]  panic+0x2e3/0x75c
[   65.691607][ T7070]  ? add_taint.cold+0x16/0x16
[   65.696292][ T7070]  ? preempt_schedule_common+0x5e/0xc0
[   65.701768][ T7070]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.707403][ T7070]  ? preempt_schedule_thunk+0x16/0x18
[   65.712771][ T7070]  ? trace_hardirqs_on+0x55/0x220
[   65.717819][ T7070]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.723446][ T7070]  end_report+0x4d/0x53
[   65.727603][ T7070]  __kasan_report.cold+0xd/0x4d
[   65.732458][ T7070]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.738134][ T7070]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.743752][ T7070]  kasan_report+0x33/0x50
[   65.748078][ T7070]  kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.753540][ T7070]  try_async_pf+0x12b/0xac0
[   65.758045][ T7070]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   65.762907][ T7070]  ? mark_held_locks+0x9f/0xe0
[   65.767666][ T7070]  ? mmu_topup_memory_caches+0x325/0x460
[   65.773288][ T7070]  direct_page_fault+0x27d/0x1d70
[   65.778293][ T7070]  ? kvm_mmu_get_page+0x1e70/0x1e70
[   65.783469][ T7070]  ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0
[   65.790221][ T7070]  ? kvm_vcpu_mtrr_init+0x70/0x70
[   65.795244][ T7070]  kvm_mmu_page_fault+0x187/0x15d0
[   65.800332][ T7070]  ? kvm_deliver_exception_payload+0x42/0x1a0
[   65.806397][ T7070]  ? kvm_multiple_exception+0x51e/0x720
[   65.811936][ T7070]  ? kvm_nx_lpage_recovery_worker+0x790/0x790
[   65.817981][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.823501][ T7070]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.829453][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.834991][ T7070]  ? handle_ept_violation+0x206/0x550
[   65.840341][ T7070]  ? vmx_inject_irq+0x5b0/0x5b0
[   65.845168][ T7070]  vmx_handle_exit+0x2b8/0x1700
[   65.849999][ T7070]  vcpu_enter_guest+0xfea/0x59d0
[   65.854930][ T7070]  ? vmx_vcpu_load_vmcs+0x960/0x960
[   65.860103][ T7070]  ? kvm_vcpu_reload_apic_access_page+0x300/0x300
[   65.866507][ T7070]  ? kvm_arch_vcpu_ioctl_run+0x23a/0x16e0
[   65.872203][ T7070]  ? lock_release+0x800/0x800
[   65.876860][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.882381][ T7070]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.888338][ T7070]  ? lockdep_hardirqs_on+0x463/0x620
[   65.893618][ T7070]  ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   65.899312][ T7070]  ? kvm_arch_vcpu_ioctl_run+0x27b/0x16e0
[   65.905004][ T7070]  kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   65.910546][ T7070]  kvm_vcpu_ioctl+0x493/0xe60
[   65.915198][ T7070]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.921605][ T7070]  ? ioctl_file_clone+0x180/0x180
[   65.926626][ T7070]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.932148][ T7070]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.938104][ T7070]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.944491][ T7070]  ksys_ioctl+0x11a/0x180
[   65.948814][ T7070]  __x64_sys_ioctl+0x6f/0xb0
[   65.953379][ T7070]  ? lockdep_hardirqs_on+0x463/0x620
[   65.958641][ T7070]  do_syscall_64+0xf6/0x7d0
[   65.963227][ T7070]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.969110][ T7070] RIP: 0033:0x440269
[   65.972998][ T7070] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.992581][ T7070] RSP: 002b:00007ffe108f3cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   66.000995][ T7070] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269
[   66.008943][ T7070] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   66.016890][ T7070] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   66.024834][ T7070] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401af0
[   66.032789][ T7070] R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000
[   66.041974][ T7070] Kernel Offset: disabled
[   66.046310][ T7070] Rebooting in 86400 seconds..