[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   42.536538][ T7156] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   42.578768][ T7156] ==================================================================
[   42.587458][ T7156] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x2b5/0x4c0
[   42.595889][ T7156] Read of size 8 at addr ffff8880a6aec468 by task syz-executor438/7156
[   42.604467][ T7156] 
[   42.606785][ T7156] CPU: 0 PID: 7156 Comm: syz-executor438 Not tainted 5.6.0-syzkaller #0
[   42.618145][ T7156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.628716][ T7156] Call Trace:
[   42.632068][ T7156]  dump_stack+0x1e9/0x30e
[   42.636401][ T7156]  print_address_description+0x74/0x5c0
[   42.644613][ T7156]  ? vprintk_emit+0x2f3/0x3b0
[   42.650043][ T7156]  ? printk+0x62/0x83
[   42.654032][ T7156]  ? trace_irq_disable_rcuidle+0x1f/0x1d0
[   42.659895][ T7156]  __kasan_report+0x103/0x190
[   42.664551][ T7156]  ? kvm_vcpu_gfn_to_memslot+0x2b5/0x4c0
[   42.670176][ T7156]  ? kvm_vcpu_gfn_to_memslot+0x2b5/0x4c0
[   42.675795][ T7156]  kasan_report+0x4d/0x80
[   42.680217][ T7156]  ? kvm_arch_vcpu_ioctl_run+0x419/0x880
[   42.685836][ T7156]  ? kvm_vcpu_gfn_to_memslot+0x2b5/0x4c0
[   42.691453][ T7156]  ? try_async_pf+0xc4/0x500
[   42.696024][ T7156]  ? lockdep_hardirqs_on+0x4a4/0x8a0
[   42.701520][ T7156]  ? direct_page_fault+0xb91/0x1ba0
[   42.706723][ T7156]  ? kvm_mmu_page_fault+0x13d/0xde0
[   42.711907][ T7156]  ? rcu_read_lock_sched_held+0x106/0x170
[   42.717618][ T7156]  ? trace_kvm_page_fault+0x28a/0x2d0
[   42.722967][ T7156]  ? handle_ept_violation+0x158/0x200
[   42.728312][ T7156]  ? handle_desc+0x70/0x70
[   42.732702][ T7156]  ? vmx_vcpu_run+0x2500/0x2500
[   42.737532][ T7156]  ? vcpu_enter_guest+0x6586/0x87a0
[   42.742726][ T7156]  ? __kasan_slab_free+0x1ac/0x1e0
[   42.747835][ T7156]  ? __kasan_slab_free+0x12e/0x1e0
[   42.752954][ T7156]  ? kfree+0x10a/0x220
[   42.757027][ T7156]  ? __se_sys_ioctl+0x48/0x160
[   42.761794][ T7156]  ? __lock_acquire+0x116c/0x2b90
[   42.766840][ T7156]  ? __lock_acquire+0x116c/0x2b90
[   42.771889][ T7156]  ? lock_acquire+0x169/0x480
[   42.776569][ T7156]  ? rcu_lock_acquire+0x9/0x30
[   42.781348][ T7156]  ? kvm_check_async_pf_completion+0x34e/0x360
[   42.787514][ T7156]  ? vcpu_run+0x342/0xcb0
[   42.791849][ T7156]  ? kvm_arch_vcpu_ioctl_run+0x419/0x880
[   42.797553][ T7156]  ? kvm_vcpu_ioctl+0x67c/0xa80
[   42.802380][ T7156]  ? check_preemption_disabled+0xb0/0x240
[   42.808085][ T7156]  ? debug_smp_processor_id+0x5/0x20
[   42.813379][ T7156]  ? kvm_vm_ioctl_get_dirty_log+0x650/0x650
[   42.819387][ T7156]  ? __se_sys_ioctl+0xf9/0x160
[   42.824141][ T7156]  ? do_syscall_64+0xf3/0x1b0
[   42.828825][ T7156]  ? entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   42.834935][ T7156] 
[   42.837269][ T7156] Allocated by task 7156:
[   42.841583][ T7156]  __kasan_kmalloc+0x118/0x1c0
[   42.846320][ T7156]  kvmalloc_node+0x81/0x100
[   42.850947][ T7156]  kvm_set_memslot+0x124/0x15b0
[   42.856299][ T7156]  __kvm_set_memory_region+0x1388/0x16c0
[   42.861912][ T7156]  __x86_set_memory_region+0x319/0x620
[   42.867369][ T7156]  vmx_create_vcpu+0x843/0x1380
[   42.872208][ T7156]  kvm_arch_vcpu_create+0x660/0x950
[   42.877380][ T7156]  kvm_vm_ioctl+0xe6d/0x2530
[   42.881957][ T7156]  __se_sys_ioctl+0xf9/0x160
[   42.886520][ T7156]  do_syscall_64+0xf3/0x1b0
[   42.890999][ T7156]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   42.896884][ T7156] 
[   42.899196][ T7156] Freed by task 7123:
[   42.903166][ T7156]  __kasan_slab_free+0x12e/0x1e0
[   42.908100][ T7156]  kfree+0x10a/0x220
[   42.912087][ T7156]  __kfree_skb+0x56/0x1c0
[   42.916535][ T7156]  unix_stream_read_generic+0x1b20/0x2080
[   42.922390][ T7156]  unix_stream_recvmsg+0x106/0x150
[   42.927496][ T7156]  sock_read_iter+0x2c2/0x3a0
[   42.932322][ T7156]  __vfs_read+0x549/0x700
[   42.936638][ T7156]  vfs_read+0x1c3/0x400
[   42.940775][ T7156]  ksys_read+0x11b/0x220
[   42.944998][ T7156]  do_syscall_64+0xf3/0x1b0
[   42.949477][ T7156]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   42.955345][ T7156] 
[   42.957671][ T7156] The buggy address belongs to the object at ffff8880a6aec000
[   42.957671][ T7156]  which belongs to the cache kmalloc-2k of size 2048
[   42.971696][ T7156] The buggy address is located 1128 bytes inside of
[   42.971696][ T7156]  2048-byte region [ffff8880a6aec000, ffff8880a6aec800)
[   42.985110][ T7156] The buggy address belongs to the page:
[   42.990742][ T7156] page:ffffea00029abb00 refcount:1 mapcount:0 mapping:00000000fb1151f5 index:0x0
[   42.999879][ T7156] flags: 0xfffe0000000200(slab)
[   43.004716][ T7156] raw: 00fffe0000000200 ffffea00029aba08 ffffea00029abbc8 ffff8880aa400e00
[   43.013387][ T7156] raw: 0000000000000000 ffff8880a6aec000 0000000100000001 0000000000000000
[   43.021949][ T7156] page dumped because: kasan: bad access detected
[   43.028341][ T7156] 
[   43.030660][ T7156] Memory state around the buggy address:
[   43.036266][ T7156]  ffff8880a6aec300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.044300][ T7156]  ffff8880a6aec380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.052347][ T7156] >ffff8880a6aec400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   43.060381][ T7156]                                                           ^
[   43.067910][ T7156]  ffff8880a6aec480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.075943][ T7156]  ffff8880a6aec500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.084016][ T7156] ==================================================================
[   43.092072][ T7156] Disabling lock debugging due to kernel taint
[   43.099167][ T7156] Kernel panic - not syncing: panic_on_warn set ...
[   43.105768][ T7156] CPU: 0 PID: 7156 Comm: syz-executor438 Tainted: G    B             5.6.0-syzkaller #0
[   43.115474][ T7156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.125533][ T7156] Call Trace:
[   43.128812][ T7156]  dump_stack+0x1e9/0x30e
[   43.133114][ T7156]  panic+0x264/0x7a0
[   43.136983][ T7156]  ? trace_hardirqs_on+0x30/0x70
[   43.141905][ T7156]  __kasan_report+0x187/0x190
[   43.146556][ T7156]  ? kvm_vcpu_gfn_to_memslot+0x2b5/0x4c0
[   43.152226][ T7156]  ? kvm_vcpu_gfn_to_memslot+0x2b5/0x4c0
[   43.157857][ T7156]  kasan_report+0x4d/0x80
[   43.162190][ T7156]  ? kvm_arch_vcpu_ioctl_run+0x419/0x880
[   43.167810][ T7156]  ? kvm_vcpu_gfn_to_memslot+0x2b5/0x4c0
[   43.173435][ T7156]  ? try_async_pf+0xc4/0x500
[   43.178021][ T7156]  ? lockdep_hardirqs_on+0x4a4/0x8a0
[   43.183472][ T7156]  ? direct_page_fault+0xb91/0x1ba0
[   43.188735][ T7156]  ? kvm_mmu_page_fault+0x13d/0xde0
[   43.193954][ T7156]  ? rcu_read_lock_sched_held+0x106/0x170
[   43.199655][ T7156]  ? trace_kvm_page_fault+0x28a/0x2d0
[   43.205023][ T7156]  ? handle_ept_violation+0x158/0x200
[   43.210364][ T7156]  ? handle_desc+0x70/0x70
[   43.214752][ T7156]  ? vmx_vcpu_run+0x2500/0x2500
[   43.219586][ T7156]  ? vcpu_enter_guest+0x6586/0x87a0
[   43.224757][ T7156]  ? __kasan_slab_free+0x1ac/0x1e0
[   43.229837][ T7156]  ? __kasan_slab_free+0x12e/0x1e0
[   43.235123][ T7156]  ? kfree+0x10a/0x220
[   43.239166][ T7156]  ? __se_sys_ioctl+0x48/0x160
[   43.243903][ T7156]  ? __lock_acquire+0x116c/0x2b90
[   43.248990][ T7156]  ? __lock_acquire+0x116c/0x2b90
[   43.253987][ T7156]  ? lock_acquire+0x169/0x480
[   43.258650][ T7156]  ? rcu_lock_acquire+0x9/0x30
[   43.263395][ T7156]  ? kvm_check_async_pf_completion+0x34e/0x360
[   43.269523][ T7156]  ? vcpu_run+0x342/0xcb0
[   43.273831][ T7156]  ? kvm_arch_vcpu_ioctl_run+0x419/0x880
[   43.279432][ T7156]  ? kvm_vcpu_ioctl+0x67c/0xa80
[   43.284253][ T7156]  ? check_preemption_disabled+0xb0/0x240
[   43.289941][ T7156]  ? debug_smp_processor_id+0x5/0x20
[   43.295198][ T7156]  ? kvm_vm_ioctl_get_dirty_log+0x650/0x650
[   43.301071][ T7156]  ? __se_sys_ioctl+0xf9/0x160
[   43.305811][ T7156]  ? do_syscall_64+0xf3/0x1b0
[   43.311243][ T7156]  ? entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   43.318727][ T7156] Kernel Offset: disabled
[   43.323061][ T7156] Rebooting in 86400 seconds..