[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   57.545986][ T6829] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   57.590351][ T6829] ==================================================================
[   57.598555][ T6829] BUG: KASAN: use-after-free in paging32_walk_addr_generic+0x155d/0x1980
[   57.606947][ T6829] Write of size 4 at addr ffff888000105000 by task syz-executor406/6829
[   57.615237][ T6829] 
[   57.617543][ T6829] CPU: 0 PID: 6829 Comm: syz-executor406 Not tainted 5.8.0-syzkaller #0
[   57.625834][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.635862][ T6829] Call Trace:
[   57.639134][ T6829]  dump_stack+0x18f/0x20d
[   57.643441][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   57.649477][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   57.655519][ T6829]  print_address_description.constprop.0.cold+0xae/0x497
[   57.662513][ T6829]  ? region_intersects+0x257/0x2e0
[   57.667729][ T6829]  ? vprintk_func+0x97/0x1a6
[   57.672735][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   57.678776][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   57.684819][ T6829]  kasan_report.cold+0x1f/0x37
[   57.689603][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   57.695645][ T6829]  check_memory_region+0x13d/0x180
[   57.700775][ T6829]  paging32_walk_addr_generic+0x155d/0x1980
[   57.706646][ T6829]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   57.711472][ T6829]  ? lock_acquire+0x1f1/0xad0
[   57.716207][ T6829]  ? __might_fault+0xef/0x1d0
[   57.720854][ T6829]  ? find_held_lock+0x2d/0x110
[   57.725592][ T6829]  paging32_gva_to_gpa+0xb2/0x1d0
[   57.730592][ T6829]  ? paging32_walk_addr_generic+0x1980/0x1980
[   57.736634][ T6829]  ? vmx_read_guest_seg_ar+0x7a/0x160
[   57.741981][ T6829]  ? __virt_addr_valid+0x1fe/0x2b0
[   57.747106][ T6829]  ? __phys_addr+0x9a/0x110
[   57.751583][ T6829]  ? __phys_addr_symbol+0x2c/0x70
[   57.756579][ T6829]  ? __check_object_size+0x171/0x3e4
[   57.761838][ T6829]  ? __kvm_read_guest_page+0x138/0x170
[   57.767270][ T6829]  ? vmx_segment_cache_test_set+0xc3/0x170
[   57.773050][ T6829]  ? lock_is_held_type+0xbb/0xf0
[   57.777960][ T6829]  emulator_read_write_onepage+0x2f3/0xa70
[   57.783740][ T6829]  ? em_ltr+0xf0/0xf0
[   57.787699][ T6829]  emulator_read_write+0x1c4/0x5a0
[   57.792783][ T6829]  ? decode_operand+0xb7/0x30a0
[   57.797604][ T6829]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   57.803478][ T6829]  emulator_fix_hypercall+0x132/0x190
[   57.808824][ T6829]  ? trace_event_raw_event_kvm_pio+0x490/0x490
[   57.814953][ T6829]  ? em_clts+0x100/0x100
[   57.819285][ T6829]  em_hypercall+0x5d/0x130
[   57.823682][ T6829]  x86_emulate_insn+0x5e8/0x3d20
[   57.828604][ T6829]  ? kvm_put_guest_fpu+0x4c0/0x4c0
[   57.833694][ T6829]  ? init_decode_cache+0xb0/0xb0
[   57.838610][ T6829]  ? lock_is_held_type+0xbb/0xf0
[   57.843528][ T6829]  x86_emulate_instruction+0x752/0x1e00
[   57.849054][ T6829]  handle_ud+0xa8/0x240
[   57.853185][ T6829]  ? kvm_emulate_instruction+0x30/0x30
[   57.858619][ T6829]  ? lock_acquire+0x1f1/0xad0
[   57.863268][ T6829]  ? vcpu_enter_guest+0x1371/0x3b60
[   57.868444][ T6829]  ? vmx_skip_emulated_instruction+0x250/0x250
[   57.874569][ T6829]  handle_exception_nmi+0xaf7/0x1270
[   57.879830][ T6829]  ? vmx_skip_emulated_instruction+0x250/0x250
[   57.886031][ T6829]  vmx_handle_exit+0x293/0x14c0
[   57.890861][ T6829]  vcpu_enter_guest+0x14d6/0x3b60
[   57.895876][ T6829]  ? kvm_vcpu_reload_apic_access_page+0x80/0x80
[   57.902087][ T6829]  ? lock_release+0x8e0/0x8e0
[   57.906736][ T6829]  ? mark_held_locks+0x9f/0xe0
[   57.911475][ T6829]  ? __local_bh_enable_ip+0xd1/0x190
[   57.916734][ T6829]  ? lock_is_held_type+0xbb/0xf0
[   57.921649][ T6829]  ? kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   57.927337][ T6829]  kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   57.932875][ T6829]  kvm_vcpu_ioctl+0x467/0xdf0
[   57.937524][ T6829]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   57.943330][ T6829]  ? generic_block_fiemap+0x60/0x60
[   57.948511][ T6829]  ? __up_read+0x1a1/0x7b0
[   57.952906][ T6829]  ? _down_write_nest_lock+0x150/0x150
[   57.958441][ T6829]  ? bpf_lsm_file_ioctl+0x5/0x10
[   57.963354][ T6829]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   57.969137][ T6829]  __x64_sys_ioctl+0x193/0x200
[   57.973935][ T6829]  do_syscall_64+0x2d/0x70
[   57.978327][ T6829]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   57.984191][ T6829] RIP: 0033:0x443639
[   57.988073][ T6829] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0b fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   58.007651][ T6829] RSP: 002b:00007ffda47f1c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   58.016037][ T6829] RAX: ffffffffffffffda RBX: 00007ffda47f1c40 RCX: 0000000000443639
[   58.023989][ T6829] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   58.031949][ T6829] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000004011b0
[   58.039929][ T6829] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000404660
[   58.047882][ T6829] R13: 00000000004046f0 R14: 0000000000000000 R15: 0000000000000000
[   58.055838][ T6829] 
[   58.058155][ T6829] The buggy address belongs to the page:
[   58.063779][ T6829] page:000000003281db32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105
[   58.073730][ T6829] flags: 0x7ffe0000000000()
[   58.078216][ T6829] raw: 007ffe0000000000 ffffea0000004148 ffffea0000004148 0000000000000000
[   58.086786][ T6829] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   58.095357][ T6829] page dumped because: kasan: bad access detected
[   58.101744][ T6829] 
[   58.104059][ T6829] Memory state around the buggy address:
[   58.109664][ T6829]  ffff888000104f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   58.117700][ T6829]  ffff888000104f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   58.125733][ T6829] >ffff888000105000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   58.133762][ T6829]                    ^
[   58.137824][ T6829]  ffff888000105080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   58.145857][ T6829]  ffff888000105100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   58.153887][ T6829] ==================================================================
[   58.161926][ T6829] Disabling lock debugging due to kernel taint
[   58.178811][ T6829] Kernel panic - not syncing: panic_on_warn set ...
[   58.185408][ T6829] CPU: 0 PID: 6829 Comm: syz-executor406 Tainted: G    B             5.8.0-syzkaller #0
[   58.195106][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.205194][ T6829] Call Trace:
[   58.208508][ T6829]  dump_stack+0x18f/0x20d
[   58.212847][ T6829]  ? paging32_walk_addr_generic+0x14b0/0x1980
[   58.218926][ T6829]  panic+0x2e3/0x75c
[   58.222792][ T6829]  ? __warn_printk+0xf3/0xf3
[   58.227368][ T6829]  ? preempt_schedule_common+0x59/0xc0
[   58.232813][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.238853][ T6829]  ? preempt_schedule_thunk+0x16/0x18
[   58.244231][ T6829]  ? trace_hardirqs_on+0x55/0x220
[   58.249229][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.255267][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.261304][ T6829]  end_report+0x4d/0x53
[   58.265434][ T6829]  kasan_report.cold+0xd/0x37
[   58.270081][ T6829]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.276119][ T6829]  check_memory_region+0x13d/0x180
[   58.281199][ T6829]  paging32_walk_addr_generic+0x155d/0x1980
[   58.287067][ T6829]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   58.291889][ T6829]  ? lock_acquire+0x1f1/0xad0
[   58.296548][ T6829]  ? __might_fault+0xef/0x1d0
[   58.301195][ T6829]  ? find_held_lock+0x2d/0x110
[   58.305942][ T6829]  paging32_gva_to_gpa+0xb2/0x1d0
[   58.310940][ T6829]  ? paging32_walk_addr_generic+0x1980/0x1980
[   58.316980][ T6829]  ? vmx_read_guest_seg_ar+0x7a/0x160
[   58.322332][ T6829]  ? __virt_addr_valid+0x1fe/0x2b0
[   58.327414][ T6829]  ? __phys_addr+0x9a/0x110
[   58.331905][ T6829]  ? __phys_addr_symbol+0x2c/0x70
[   58.336899][ T6829]  ? __check_object_size+0x171/0x3e4
[   58.342156][ T6829]  ? __kvm_read_guest_page+0x138/0x170
[   58.347604][ T6829]  ? vmx_segment_cache_test_set+0xc3/0x170
[   58.353385][ T6829]  ? lock_is_held_type+0xbb/0xf0
[   58.358295][ T6829]  emulator_read_write_onepage+0x2f3/0xa70
[   58.364074][ T6829]  ? em_ltr+0xf0/0xf0
[   58.368036][ T6829]  emulator_read_write+0x1c4/0x5a0
[   58.373118][ T6829]  ? decode_operand+0xb7/0x30a0
[   58.377937][ T6829]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   58.383814][ T6829]  emulator_fix_hypercall+0x132/0x190
[   58.389170][ T6829]  ? trace_event_raw_event_kvm_pio+0x490/0x490
[   58.395309][ T6829]  ? em_clts+0x100/0x100
[   58.399521][ T6829]  em_hypercall+0x5d/0x130
[   58.403909][ T6829]  x86_emulate_insn+0x5e8/0x3d20
[   58.408820][ T6829]  ? kvm_put_guest_fpu+0x4c0/0x4c0
[   58.413899][ T6829]  ? init_decode_cache+0xb0/0xb0
[   58.418815][ T6829]  ? lock_is_held_type+0xbb/0xf0
[   58.423741][ T6829]  x86_emulate_instruction+0x752/0x1e00
[   58.429263][ T6829]  handle_ud+0xa8/0x240
[   58.433388][ T6829]  ? kvm_emulate_instruction+0x30/0x30
[   58.438817][ T6829]  ? lock_acquire+0x1f1/0xad0
[   58.443462][ T6829]  ? vcpu_enter_guest+0x1371/0x3b60
[   58.448632][ T6829]  ? vmx_skip_emulated_instruction+0x250/0x250
[   58.454776][ T6829]  handle_exception_nmi+0xaf7/0x1270
[   58.460031][ T6829]  ? vmx_skip_emulated_instruction+0x250/0x250
[   58.466152][ T6829]  vmx_handle_exit+0x293/0x14c0
[   58.470974][ T6829]  vcpu_enter_guest+0x14d6/0x3b60
[   58.475970][ T6829]  ? kvm_vcpu_reload_apic_access_page+0x80/0x80
[   58.482181][ T6829]  ? lock_release+0x8e0/0x8e0
[   58.486828][ T6829]  ? mark_held_locks+0x9f/0xe0
[   58.491575][ T6829]  ? __local_bh_enable_ip+0xd1/0x190
[   58.496831][ T6829]  ? lock_is_held_type+0xbb/0xf0
[   58.501766][ T6829]  ? kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   58.507641][ T6829]  kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   58.513258][ T6829]  kvm_vcpu_ioctl+0x467/0xdf0
[   58.517908][ T6829]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   58.523684][ T6829]  ? generic_block_fiemap+0x60/0x60
[   58.528851][ T6829]  ? __up_read+0x1a1/0x7b0
[   58.533258][ T6829]  ? _down_write_nest_lock+0x150/0x150
[   58.538699][ T6829]  ? bpf_lsm_file_ioctl+0x5/0x10
[   58.543699][ T6829]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   58.549480][ T6829]  __x64_sys_ioctl+0x193/0x200
[   58.554234][ T6829]  do_syscall_64+0x2d/0x70
[   58.558624][ T6829]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.564489][ T6829] RIP: 0033:0x443639
[   58.568358][ T6829] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0b fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   58.587934][ T6829] RSP: 002b:00007ffda47f1c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   58.596546][ T6829] RAX: ffffffffffffffda RBX: 00007ffda47f1c40 RCX: 0000000000443639
[   58.604494][ T6829] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   58.612437][ T6829] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000004011b0
[   58.620379][ T6829] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000404660
[   58.628322][ T6829] R13: 00000000004046f0 R14: 0000000000000000 R15: 0000000000000000
[   58.637526][ T6829] Kernel Offset: disabled
[   58.641839][ T6829] Rebooting in 86400 seconds..