[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.386910][ T7206] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 63.719914][ T7206] ================================================================== [ 63.728216][ T7206] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.736533][ T7206] Read of size 8 at addr ffff888093de2468 by task syz-executor860/7206 [ 63.744785][ T7206] [ 63.747109][ T7206] CPU: 0 PID: 7206 Comm: syz-executor860 Not tainted 5.6.0-syzkaller #0 [ 63.755427][ T7206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.765471][ T7206] Call Trace: [ 63.768772][ T7206] dump_stack+0x188/0x20d [ 63.773104][ T7206] print_address_description.constprop.0.cold+0xd3/0x315 [ 63.780115][ T7206] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.785732][ T7206] __kasan_report.cold+0x35/0x4d [ 63.790657][ T7206] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.796293][ T7206] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.801911][ T7206] kasan_report+0x33/0x50 [ 63.806242][ T7206] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 63.811688][ T7206] try_async_pf+0x12b/0xac0 [ 63.816178][ T7206] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 63.821019][ T7206] ? mark_held_locks+0x9f/0xe0 [ 63.825770][ T7206] ? mmu_topup_memory_caches+0x325/0x460 [ 63.831391][ T7206] direct_page_fault+0x27d/0x1d70 [ 63.836410][ T7206] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 63.841596][ T7206] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 63.848444][ T7206] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 63.853478][ T7206] kvm_mmu_page_fault+0x187/0x15d0 [ 63.858579][ T7206] ? find_held_lock+0x2d/0x110 [ 63.863337][ T7206] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 63.869400][ T7206] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.874932][ T7206] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.880902][ T7206] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.886438][ T7206] ? handle_ept_violation+0x206/0x550 [ 63.891798][ T7206] ? vmx_inject_irq+0x5b0/0x5b0 [ 63.896635][ T7206] vmx_handle_exit+0x2b8/0x1700 [ 63.901497][ T7206] vcpu_enter_guest+0xfea/0x59d0 [ 63.906437][ T7206] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 63.912896][ T7206] ? kvm_vcpu_kick+0x162/0x2a0 [ 63.917671][ T7206] ? __apic_accept_irq+0x423/0xb80 [ 63.922793][ T7206] ? kvm_lapic_enable_pv_eoi+0x160/0x160 [ 63.928421][ T7206] ? kvm_check_async_pf_completion+0x2a4/0x400 [ 63.934571][ T7206] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 63.940382][ T7206] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 63.945941][ T7206] kvm_vcpu_ioctl+0x493/0xe60 [ 63.950668][ T7206] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 63.957095][ T7206] ? ioctl_file_clone+0x180/0x180 [ 63.962142][ T7206] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.967681][ T7206] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.973664][ T7206] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 63.980071][ T7206] ksys_ioctl+0x11a/0x180 [ 63.984395][ T7206] __x64_sys_ioctl+0x6f/0xb0 [ 63.989063][ T7206] ? lockdep_hardirqs_on+0x463/0x620 [ 63.994351][ T7206] do_syscall_64+0xf6/0x7d0 [ 63.998854][ T7206] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.004739][ T7206] RIP: 0033:0x440209 [ 64.008622][ T7206] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.028219][ T7206] RSP: 002b:00007ffd44eefac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.036637][ T7206] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440209 [ 64.044604][ T7206] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 64.052571][ T7206] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 64.060637][ T7206] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401a90 [ 64.068603][ T7206] R13: 0000000000401b20 R14: 0000000000000000 R15: 0000000000000000 [ 64.076577][ T7206] [ 64.078935][ T7206] Allocated by task 7206: [ 64.083269][ T7206] save_stack+0x1b/0x40 [ 64.087416][ T7206] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 64.093043][ T7206] kvmalloc_node+0x61/0xf0 [ 64.097449][ T7206] kvm_set_memslot+0x115/0x1530 [ 64.102285][ T7206] __kvm_set_memory_region+0xcf7/0x1320 [ 64.107813][ T7206] __x86_set_memory_region+0x2a3/0x5a0 [ 64.113262][ T7206] vmx_create_vcpu+0x2107/0x2b40 [ 64.118189][ T7206] kvm_arch_vcpu_create+0x6ef/0xb80 [ 64.123372][ T7206] kvm_vm_ioctl+0x15f7/0x23e0 [ 64.128031][ T7206] ksys_ioctl+0x11a/0x180 [ 64.132346][ T7206] __x64_sys_ioctl+0x6f/0xb0 [ 64.136920][ T7206] do_syscall_64+0xf6/0x7d0 [ 64.141412][ T7206] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.147293][ T7206] [ 64.149605][ T7206] Freed by task 0: [ 64.153304][ T7206] (stack is not available) [ 64.157698][ T7206] [ 64.160021][ T7206] The buggy address belongs to the object at ffff888093de2000 [ 64.160021][ T7206] which belongs to the cache kmalloc-2k of size 2048 [ 64.174075][ T7206] The buggy address is located 1128 bytes inside of [ 64.174075][ T7206] 2048-byte region [ffff888093de2000, ffff888093de2800) [ 64.187512][ T7206] The buggy address belongs to the page: [ 64.193248][ T7206] page:ffffea00024f7880 refcount:1 mapcount:0 mapping:00000000c9df4f87 index:0x0 [ 64.202354][ T7206] flags: 0xfffe0000000200(slab) [ 64.207198][ T7206] raw: 00fffe0000000200 ffffea00026633c8 ffffea00028d1188 ffff8880aa000e00 [ 64.215774][ T7206] raw: 0000000000000000 ffff888093de2000 0000000100000001 0000000000000000 [ 64.224377][ T7206] page dumped because: kasan: bad access detected [ 64.230777][ T7206] [ 64.233088][ T7206] Memory state around the buggy address: [ 64.238732][ T7206] ffff888093de2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.246782][ T7206] ffff888093de2380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.254847][ T7206] >ffff888093de2400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 64.262904][ T7206] ^ [ 64.270402][ T7206] ffff888093de2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.278458][ T7206] ffff888093de2500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.286534][ T7206] ================================================================== [ 64.294696][ T7206] Disabling lock debugging due to kernel taint [ 64.301198][ T7206] Kernel panic - not syncing: panic_on_warn set ... [ 64.307799][ T7206] CPU: 0 PID: 7206 Comm: syz-executor860 Tainted: G B 5.6.0-syzkaller #0 [ 64.317508][ T7206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.327570][ T7206] Call Trace: [ 64.330871][ T7206] dump_stack+0x188/0x20d [ 64.335220][ T7206] panic+0x2e3/0x75c [ 64.339117][ T7206] ? add_taint.cold+0x16/0x16 [ 64.343794][ T7206] ? preempt_schedule_common+0x5e/0xc0 [ 64.349241][ T7206] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 64.354866][ T7206] ? preempt_schedule_thunk+0x16/0x18 [ 64.360226][ T7206] ? trace_hardirqs_on+0x55/0x220 [ 64.365239][ T7206] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 64.370861][ T7206] end_report+0x4d/0x53 [ 64.375008][ T7206] __kasan_report.cold+0xd/0x4d [ 64.379844][ T7206] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 64.385459][ T7206] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 64.391070][ T7206] kasan_report+0x33/0x50 [ 64.395386][ T7206] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 64.400829][ T7206] try_async_pf+0x12b/0xac0 [ 64.405316][ T7206] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 64.410156][ T7206] ? mark_held_locks+0x9f/0xe0 [ 64.414905][ T7206] ? mmu_topup_memory_caches+0x325/0x460 [ 64.420538][ T7206] direct_page_fault+0x27d/0x1d70 [ 64.425569][ T7206] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 64.430749][ T7206] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 64.437496][ T7206] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 64.442506][ T7206] kvm_mmu_page_fault+0x187/0x15d0 [ 64.447615][ T7206] ? find_held_lock+0x2d/0x110 [ 64.452365][ T7206] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 64.458414][ T7206] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.463952][ T7206] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.469923][ T7206] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.475470][ T7206] ? handle_ept_violation+0x206/0x550 [ 64.480822][ T7206] ? vmx_inject_irq+0x5b0/0x5b0 [ 64.485650][ T7206] vmx_handle_exit+0x2b8/0x1700 [ 64.490505][ T7206] vcpu_enter_guest+0xfea/0x59d0 [ 64.495452][ T7206] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 64.501848][ T7206] ? kvm_vcpu_kick+0x162/0x2a0 [ 64.506587][ T7206] ? __apic_accept_irq+0x423/0xb80 [ 64.511680][ T7206] ? kvm_lapic_enable_pv_eoi+0x160/0x160 [ 64.517292][ T7206] ? kvm_check_async_pf_completion+0x2a4/0x400 [ 64.523429][ T7206] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 64.529145][ T7206] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 64.534675][ T7206] kvm_vcpu_ioctl+0x493/0xe60 [ 64.539335][ T7206] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 64.545730][ T7206] ? ioctl_file_clone+0x180/0x180 [ 64.550752][ T7206] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.556354][ T7206] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.562318][ T7206] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 64.568712][ T7206] ksys_ioctl+0x11a/0x180 [ 64.573034][ T7206] __x64_sys_ioctl+0x6f/0xb0 [ 64.577660][ T7206] ? lockdep_hardirqs_on+0x463/0x620 [ 64.582986][ T7206] do_syscall_64+0xf6/0x7d0 [ 64.587481][ T7206] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.593358][ T7206] RIP: 0033:0x440209 [ 64.597237][ T7206] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.616824][ T7206] RSP: 002b:00007ffd44eefac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.625222][ T7206] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440209 [ 64.633181][ T7206] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 64.641141][ T7206] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 64.649097][ T7206] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401a90 [ 64.657054][ T7206] R13: 0000000000401b20 R14: 0000000000000000 R15: 0000000000000000 [ 64.666192][ T7206] Kernel Offset: disabled [ 64.670527][ T7206] Rebooting in 86400 seconds..