[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 61.882291][ T7010] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 61.921173][ T7010] ================================================================== [ 61.929413][ T7010] BUG: KASAN: slab-out-of-bounds in __kvm_map_gfn+0x933/0xa10 [ 61.936920][ T7010] Read of size 8 at addr ffff8880a6608468 by task syz-executor475/7010 [ 61.945272][ T7010] [ 61.947802][ T7010] CPU: 0 PID: 7010 Comm: syz-executor475 Not tainted 5.6.0-syzkaller #0 [ 61.956560][ T7010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.966718][ T7010] Call Trace: [ 61.970264][ T7010] dump_stack+0x188/0x20d [ 61.974616][ T7010] print_address_description.constprop.0.cold+0xd3/0x315 [ 61.982519][ T7010] ? __kvm_map_gfn+0x933/0xa10 [ 61.987296][ T7010] __kasan_report.cold+0x35/0x4d [ 61.992217][ T7010] ? lock_release+0x790/0x800 [ 61.996873][ T7010] ? __kvm_map_gfn+0x933/0xa10 [ 62.001621][ T7010] ? __kvm_map_gfn+0x933/0xa10 [ 62.006404][ T7010] kasan_report+0x33/0x50 [ 62.010726][ T7010] __kvm_map_gfn+0x933/0xa10 [ 62.015331][ T7010] kvm_arch_vcpu_put+0x3b9/0x530 [ 62.020262][ T7010] ? kvm_arch_vcpu_load+0x7d0/0x7d0 [ 62.025458][ T7010] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.030993][ T7010] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.036975][ T7010] vcpu_put+0x1b/0x70 [ 62.041051][ T7010] kvm_arch_vcpu_ioctl+0x1ae/0x2c20 [ 62.046244][ T7010] ? kvm_arch_vcpu_put+0x530/0x530 [ 62.051345][ T7010] ? lock_acquire+0x1f2/0x8f0 [ 62.056039][ T7010] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.061015][ T7010] ? lock_release+0x800/0x800 [ 62.066718][ T7010] ? find_held_lock+0x2d/0x110 [ 62.071566][ T7010] ? __mutex_lock+0x458/0x13c0 [ 62.076338][ T7010] ? kfree+0x1eb/0x2b0 [ 62.080410][ T7010] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.085244][ T7010] ? mutex_trylock+0x2c0/0x2c0 [ 62.089989][ T7010] ? tomoyo_execute_permission+0x470/0x470 [ 62.095810][ T7010] kvm_vcpu_ioctl+0x866/0xe60 [ 62.100490][ T7010] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.107036][ T7010] ? ioctl_file_clone+0x180/0x180 [ 62.112055][ T7010] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.117742][ T7010] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.123783][ T7010] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.130202][ T7010] ksys_ioctl+0x11a/0x180 [ 62.134519][ T7010] __x64_sys_ioctl+0x6f/0xb0 [ 62.139112][ T7010] ? lockdep_hardirqs_on+0x463/0x620 [ 62.144470][ T7010] do_syscall_64+0xf6/0x7d0 [ 62.148994][ T7010] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.154881][ T7010] RIP: 0033:0x4403f9 [ 62.158760][ T7010] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.178343][ T7010] RSP: 002b:00007ffdedbb7d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.186749][ T7010] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9 [ 62.194725][ T7010] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005 [ 62.202692][ T7010] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 62.210671][ T7010] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401c80 [ 62.219713][ T7010] R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000 [ 62.227690][ T7010] [ 62.230005][ T7010] Allocated by task 7010: [ 62.234316][ T7010] save_stack+0x1b/0x40 [ 62.238468][ T7010] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.244075][ T7010] kvmalloc_node+0x61/0xf0 [ 62.248471][ T7010] kvm_set_memslot+0x115/0x1530 [ 62.253394][ T7010] __kvm_set_memory_region+0xcf7/0x1320 [ 62.259037][ T7010] __x86_set_memory_region+0x2a3/0x5a0 [ 62.264496][ T7010] vmx_create_vcpu+0x2107/0x2b40 [ 62.269554][ T7010] kvm_arch_vcpu_create+0x6ef/0xb80 [ 62.274797][ T7010] kvm_vm_ioctl+0x15f7/0x23e0 [ 62.279532][ T7010] ksys_ioctl+0x11a/0x180 [ 62.284281][ T7010] __x64_sys_ioctl+0x6f/0xb0 [ 62.288895][ T7010] do_syscall_64+0xf6/0x7d0 [ 62.293392][ T7010] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.299282][ T7010] [ 62.301677][ T7010] Freed by task 4104: [ 62.305639][ T7010] save_stack+0x1b/0x40 [ 62.309771][ T7010] __kasan_slab_free+0xf7/0x140 [ 62.314614][ T7010] kfree+0x109/0x2b0 [ 62.318503][ T7010] __scm_destroy+0xf1/0x130 [ 62.322983][ T7010] unix_dgram_sendmsg+0xd70/0x12e0 [ 62.328073][ T7010] sock_sendmsg+0xcf/0x120 [ 62.332476][ T7010] ____sys_sendmsg+0x6bf/0x7e0 [ 62.337241][ T7010] ___sys_sendmsg+0x100/0x170 [ 62.341894][ T7010] __sys_sendmsg+0xec/0x1b0 [ 62.346376][ T7010] do_syscall_64+0xf6/0x7d0 [ 62.350860][ T7010] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.356725][ T7010] [ 62.359065][ T7010] The buggy address belongs to the object at ffff8880a6608000 [ 62.359065][ T7010] which belongs to the cache kmalloc-2k of size 2048 [ 62.373103][ T7010] The buggy address is located 1128 bytes inside of [ 62.373103][ T7010] 2048-byte region [ffff8880a6608000, ffff8880a6608800) [ 62.390801][ T7010] The buggy address belongs to the page: [ 62.396522][ T7010] page:ffffea0002998200 refcount:1 mapcount:0 mapping:0000000074f32ef5 index:0x0 [ 62.405704][ T7010] flags: 0xfffe0000000200(slab) [ 62.410556][ T7010] raw: 00fffe0000000200 ffffea0002998008 ffffea00029981c8 ffff8880aa000e00 [ 62.419121][ T7010] raw: 0000000000000000 ffff8880a6608000 0000000100000001 0000000000000000 [ 62.427682][ T7010] page dumped because: kasan: bad access detected [ 62.434072][ T7010] [ 62.436383][ T7010] Memory state around the buggy address: [ 62.441994][ T7010] ffff8880a6608300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.450043][ T7010] ffff8880a6608380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.458082][ T7010] >ffff8880a6608400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 62.466116][ T7010] ^ [ 62.473691][ T7010] ffff8880a6608480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.481761][ T7010] ffff8880a6608500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.489815][ T7010] ================================================================== [ 62.497856][ T7010] Disabling lock debugging due to kernel taint [ 62.504167][ T7010] Kernel panic - not syncing: panic_on_warn set ... [ 62.510767][ T7010] CPU: 0 PID: 7010 Comm: syz-executor475 Tainted: G B 5.6.0-syzkaller #0 [ 62.520484][ T7010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.530560][ T7010] Call Trace: [ 62.533855][ T7010] dump_stack+0x188/0x20d [ 62.538185][ T7010] panic+0x2e3/0x75c [ 62.542059][ T7010] ? add_taint.cold+0x16/0x16 [ 62.546714][ T7010] ? retint_kernel+0x2b/0x2b [ 62.551284][ T7010] ? __kvm_map_gfn+0x933/0xa10 [ 62.556026][ T7010] ? trace_hardirqs_on+0x55/0x220 [ 62.561033][ T7010] ? __kvm_map_gfn+0x933/0xa10 [ 62.565777][ T7010] end_report+0x4d/0x53 [ 62.569922][ T7010] __kasan_report.cold+0xd/0x4d [ 62.574760][ T7010] ? lock_release+0x790/0x800 [ 62.579429][ T7010] ? __kvm_map_gfn+0x933/0xa10 [ 62.584180][ T7010] ? __kvm_map_gfn+0x933/0xa10 [ 62.588916][ T7010] kasan_report+0x33/0x50 [ 62.593224][ T7010] __kvm_map_gfn+0x933/0xa10 [ 62.597803][ T7010] kvm_arch_vcpu_put+0x3b9/0x530 [ 62.602728][ T7010] ? kvm_arch_vcpu_load+0x7d0/0x7d0 [ 62.607917][ T7010] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.613509][ T7010] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.619567][ T7010] vcpu_put+0x1b/0x70 [ 62.623547][ T7010] kvm_arch_vcpu_ioctl+0x1ae/0x2c20 [ 62.628736][ T7010] ? kvm_arch_vcpu_put+0x530/0x530 [ 62.633826][ T7010] ? lock_acquire+0x1f2/0x8f0 [ 62.638481][ T7010] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.643318][ T7010] ? lock_release+0x800/0x800 [ 62.647975][ T7010] ? find_held_lock+0x2d/0x110 [ 62.652721][ T7010] ? __mutex_lock+0x458/0x13c0 [ 62.657476][ T7010] ? kfree+0x1eb/0x2b0 [ 62.661532][ T7010] ? kvm_vcpu_ioctl+0x175/0xe60 [ 62.666375][ T7010] ? mutex_trylock+0x2c0/0x2c0 [ 62.671123][ T7010] ? tomoyo_execute_permission+0x470/0x470 [ 62.676910][ T7010] kvm_vcpu_ioctl+0x866/0xe60 [ 62.681566][ T7010] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.687980][ T7010] ? ioctl_file_clone+0x180/0x180 [ 62.692999][ T7010] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.698528][ T7010] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.704500][ T7010] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.710911][ T7010] ksys_ioctl+0x11a/0x180 [ 62.715282][ T7010] __x64_sys_ioctl+0x6f/0xb0 [ 62.719907][ T7010] ? lockdep_hardirqs_on+0x463/0x620 [ 62.725218][ T7010] do_syscall_64+0xf6/0x7d0 [ 62.729702][ T7010] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.735705][ T7010] RIP: 0033:0x4403f9 [ 62.739593][ T7010] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.759186][ T7010] RSP: 002b:00007ffdedbb7d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.767630][ T7010] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9 [ 62.775640][ T7010] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005 [ 62.783752][ T7010] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 62.791708][ T7010] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401c80 [ 62.800157][ T7010] R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000 [ 62.809466][ T7010] Kernel Offset: disabled [ 62.813845][ T7010] Rebooting in 86400 seconds..