[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 61.985546][ T7091] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 62.026221][ T7091] ================================================================== [ 62.034427][ T7091] BUG: KASAN: slab-out-of-bounds in __kvm_map_gfn+0x933/0xa10 [ 62.041861][ T7091] Read of size 8 at addr ffff8880a966f468 by task syz-executor455/7091 [ 62.050064][ T7091] [ 62.052388][ T7091] CPU: 0 PID: 7091 Comm: syz-executor455 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 62.062388][ T7091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.072419][ T7091] Call Trace: [ 62.075687][ T7091] dump_stack+0x188/0x20d [ 62.079997][ T7091] print_address_description.constprop.0.cold+0xd3/0x315 [ 62.086996][ T7091] ? __kvm_map_gfn+0x933/0xa10 [ 62.091736][ T7091] __kasan_report.cold+0x35/0x4d [ 62.096710][ T7091] ? lock_release+0x7b0/0x800 [ 62.101498][ T7091] ? __kvm_map_gfn+0x933/0xa10 [ 62.106238][ T7091] ? __kvm_map_gfn+0x933/0xa10 [ 62.111006][ T7091] kasan_report+0x33/0x50 [ 62.115342][ T7091] __kvm_map_gfn+0x933/0xa10 [ 62.119999][ T7091] kvm_arch_vcpu_put+0x3b9/0x530 [ 62.124913][ T7091] ? kvm_arch_vcpu_load+0x7d0/0x7d0 [ 62.130087][ T7091] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.135618][ T7091] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.141608][ T7091] vcpu_put+0x1b/0x70 [ 62.145564][ T7091] kvm_arch_vcpu_ioctl+0x1ae/0x2c00 [ 62.150755][ T7091] ? kvm_arch_vcpu_put+0x530/0x530 [ 62.155869][ T7091] ? lock_acquire+0x1f2/0x8f0 [ 62.160624][ T7091] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.165453][ T7091] ? lock_release+0x800/0x800 [ 62.170105][ T7091] ? find_held_lock+0x2d/0x110 [ 62.174854][ T7091] ? __mutex_lock+0x458/0x13c0 [ 62.179589][ T7091] ? kfree+0x1eb/0x2b0 [ 62.183636][ T7091] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.188460][ T7091] ? mutex_trylock+0x2c0/0x2c0 [ 62.193199][ T7091] ? tomoyo_execute_permission+0x470/0x470 [ 62.198991][ T7091] kvm_vcpu_ioctl+0x866/0xe60 [ 62.203646][ T7091] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.210045][ T7091] ? ioctl_file_clone+0x180/0x180 [ 62.215052][ T7091] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.220574][ T7091] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.226532][ T7091] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.232928][ T7091] ksys_ioctl+0x11a/0x180 [ 62.237234][ T7091] __x64_sys_ioctl+0x6f/0xb0 [ 62.241798][ T7091] ? lockdep_hardirqs_on+0x463/0x620 [ 62.247055][ T7091] do_syscall_64+0xf6/0x7d0 [ 62.251536][ T7091] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.257403][ T7091] RIP: 0033:0x440459 [ 62.261282][ T7091] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.281043][ T7091] RSP: 002b:00007fff049900b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.289426][ T7091] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440459 [ 62.297373][ T7091] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005 [ 62.305341][ T7091] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 62.313287][ T7091] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ce0 [ 62.321233][ T7091] R13: 0000000000401d70 R14: 0000000000000000 R15: 0000000000000000 [ 62.329193][ T7091] [ 62.331495][ T7091] Allocated by task 7091: [ 62.335799][ T7091] save_stack+0x1b/0x40 [ 62.339944][ T7091] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.345555][ T7091] kvmalloc_node+0x61/0xf0 [ 62.349943][ T7091] kvm_set_memslot+0x115/0x1530 [ 62.354770][ T7091] __kvm_set_memory_region+0xcf7/0x1320 [ 62.360390][ T7091] __x86_set_memory_region+0x2a3/0x5a0 [ 62.365820][ T7091] vmx_create_vcpu+0x2107/0x2b40 [ 62.370730][ T7091] kvm_arch_vcpu_create+0x6ef/0xb80 [ 62.375913][ T7091] kvm_vm_ioctl+0x1614/0x2400 [ 62.380563][ T7091] ksys_ioctl+0x11a/0x180 [ 62.384884][ T7091] __x64_sys_ioctl+0x6f/0xb0 [ 62.389444][ T7091] do_syscall_64+0xf6/0x7d0 [ 62.393919][ T7091] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.399877][ T7091] [ 62.402181][ T7091] Freed by task 2757: [ 62.406135][ T7091] save_stack+0x1b/0x40 [ 62.410260][ T7091] __kasan_slab_free+0xf7/0x140 [ 62.415207][ T7091] kfree+0x109/0x2b0 [ 62.419091][ T7091] process_one_work+0x965/0x16a0 [ 62.424001][ T7091] worker_thread+0x96/0xe20 [ 62.428486][ T7091] kthread+0x388/0x470 [ 62.432547][ T7091] ret_from_fork+0x24/0x30 [ 62.436928][ T7091] [ 62.439242][ T7091] The buggy address belongs to the object at ffff8880a966f000 [ 62.439242][ T7091] which belongs to the cache kmalloc-2k of size 2048 [ 62.453267][ T7091] The buggy address is located 1128 bytes inside of [ 62.453267][ T7091] 2048-byte region [ffff8880a966f000, ffff8880a966f800) [ 62.466678][ T7091] The buggy address belongs to the page: [ 62.472287][ T7091] page:ffffea0002a59bc0 refcount:1 mapcount:0 mapping:00000000de6f4463 index:0x0 [ 62.481363][ T7091] flags: 0xfffe0000000200(slab) [ 62.486205][ T7091] raw: 00fffe0000000200 ffffea0002989cc8 ffffea00025b0988 ffff8880aa000e00 [ 62.494770][ T7091] raw: 0000000000000000 ffff8880a966f000 0000000100000001 0000000000000000 [ 62.503332][ T7091] page dumped because: kasan: bad access detected [ 62.509714][ T7091] [ 62.512017][ T7091] Memory state around the buggy address: [ 62.517622][ T7091] ffff8880a966f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.525709][ T7091] ffff8880a966f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.533745][ T7091] >ffff8880a966f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 62.541779][ T7091] ^ [ 62.549205][ T7091] ffff8880a966f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.557243][ T7091] ffff8880a966f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.565275][ T7091] ================================================================== [ 62.573306][ T7091] Disabling lock debugging due to kernel taint [ 62.579536][ T7091] Kernel panic - not syncing: panic_on_warn set ... [ 62.586117][ T7091] CPU: 0 PID: 7091 Comm: syz-executor455 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 62.597371][ T7091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.607403][ T7091] Call Trace: [ 62.610663][ T7091] dump_stack+0x188/0x20d [ 62.614982][ T7091] panic+0x2e3/0x75c [ 62.618850][ T7091] ? add_taint.cold+0x16/0x16 [ 62.623585][ T7091] ? retint_kernel+0x2b/0x2b [ 62.628146][ T7091] ? __kvm_map_gfn+0x933/0xa10 [ 62.632899][ T7091] ? trace_hardirqs_on+0x55/0x220 [ 62.637891][ T7091] ? __kvm_map_gfn+0x933/0xa10 [ 62.642622][ T7091] end_report+0x4d/0x53 [ 62.646751][ T7091] __kasan_report.cold+0xd/0x4d [ 62.651572][ T7091] ? lock_release+0x7b0/0x800 [ 62.656217][ T7091] ? __kvm_map_gfn+0x933/0xa10 [ 62.660965][ T7091] ? __kvm_map_gfn+0x933/0xa10 [ 62.665714][ T7091] kasan_report+0x33/0x50 [ 62.670110][ T7091] __kvm_map_gfn+0x933/0xa10 [ 62.674673][ T7091] kvm_arch_vcpu_put+0x3b9/0x530 [ 62.679583][ T7091] ? kvm_arch_vcpu_load+0x7d0/0x7d0 [ 62.684761][ T7091] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.690279][ T7091] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.696230][ T7091] vcpu_put+0x1b/0x70 [ 62.700184][ T7091] kvm_arch_vcpu_ioctl+0x1ae/0x2c00 [ 62.705355][ T7091] ? kvm_arch_vcpu_put+0x530/0x530 [ 62.710440][ T7091] ? lock_acquire+0x1f2/0x8f0 [ 62.715089][ T7091] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.719913][ T7091] ? lock_release+0x800/0x800 [ 62.724562][ T7091] ? find_held_lock+0x2d/0x110 [ 62.729300][ T7091] ? __mutex_lock+0x458/0x13c0 [ 62.734033][ T7091] ? kfree+0x1eb/0x2b0 [ 62.738069][ T7091] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.742889][ T7091] ? mutex_trylock+0x2c0/0x2c0 [ 62.747628][ T7091] ? tomoyo_execute_permission+0x470/0x470 [ 62.753405][ T7091] kvm_vcpu_ioctl+0x866/0xe60 [ 62.758060][ T7091] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.764464][ T7091] ? ioctl_file_clone+0x180/0x180 [ 62.769481][ T7091] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.775002][ T7091] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.780976][ T7091] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.787359][ T7091] ksys_ioctl+0x11a/0x180 [ 62.791662][ T7091] __x64_sys_ioctl+0x6f/0xb0 [ 62.796232][ T7091] ? lockdep_hardirqs_on+0x463/0x620 [ 62.801485][ T7091] do_syscall_64+0xf6/0x7d0 [ 62.805970][ T7091] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.811831][ T7091] RIP: 0033:0x440459 [ 62.815825][ T7091] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.835396][ T7091] RSP: 002b:00007fff049900b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.843777][ T7091] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440459 [ 62.851738][ T7091] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005 [ 62.859699][ T7091] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 62.867642][ T7091] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401ce0 [ 62.875585][ T7091] R13: 0000000000401d70 R14: 0000000000000000 R15: 0000000000000000 [ 62.884788][ T7091] Kernel Offset: disabled [ 62.889114][ T7091] Rebooting in 86400 seconds..