[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.948771][ T7017] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 56.988394][ T7017] ================================================================== [ 56.996606][ T7017] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.004910][ T7017] Read of size 8 at addr ffff8880a66dc468 by task syz-executor217/7017 [ 57.013261][ T7017] [ 57.015580][ T7017] CPU: 1 PID: 7017 Comm: syz-executor217 Not tainted 5.6.0-syzkaller #0 [ 57.023950][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.033987][ T7017] Call Trace: [ 57.037266][ T7017] dump_stack+0x188/0x20d [ 57.041590][ T7017] print_address_description.constprop.0.cold+0xd3/0x315 [ 57.048593][ T7017] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.054210][ T7017] __kasan_report.cold+0x35/0x4d [ 57.059127][ T7017] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.064757][ T7017] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.070386][ T7017] kasan_report+0x33/0x50 [ 57.074712][ T7017] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.080170][ T7017] try_async_pf+0x12b/0xac0 [ 57.084666][ T7017] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 57.089598][ T7017] ? mark_held_locks+0x9f/0xe0 [ 57.094345][ T7017] ? mmu_topup_memory_caches+0x325/0x460 [ 57.100058][ T7017] direct_page_fault+0x27d/0x1d70 [ 57.105073][ T7017] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 57.110388][ T7017] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 57.117313][ T7017] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 57.122343][ T7017] kvm_mmu_page_fault+0x187/0x15d0 [ 57.127570][ T7017] ? kvm_deliver_exception_payload+0x42/0x1a0 [ 57.133634][ T7017] ? kvm_multiple_exception+0x51e/0x720 [ 57.139174][ T7017] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 57.145520][ T7017] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.151336][ T7017] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.157318][ T7017] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.162867][ T7017] ? handle_ept_violation+0x206/0x550 [ 57.168223][ T7017] ? vmx_inject_irq+0x5b0/0x5b0 [ 57.173149][ T7017] vmx_handle_exit+0x2b8/0x1700 [ 57.178001][ T7017] vcpu_enter_guest+0xfea/0x59d0 [ 57.182924][ T7017] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 57.189328][ T7017] ? kvm_arch_vcpu_ioctl_run+0x23a/0x16a0 [ 57.195029][ T7017] ? lock_release+0x800/0x800 [ 57.199684][ T7017] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.205206][ T7017] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.211161][ T7017] ? lockdep_hardirqs_on+0x463/0x620 [ 57.216429][ T7017] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 57.222124][ T7017] ? kvm_arch_vcpu_ioctl_run+0x27b/0x16a0 [ 57.227824][ T7017] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 57.233425][ T7017] kvm_vcpu_ioctl+0x493/0xe60 [ 57.238195][ T7017] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 57.244738][ T7017] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.250679][ T7017] ? do_vfs_ioctl+0x50c/0x12d0 [ 57.255435][ T7017] ? ioctl_file_clone+0x180/0x180 [ 57.260506][ T7017] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 57.265789][ T7017] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.271759][ T7017] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 57.276598][ T7017] ? do_sys_open+0xc3/0x140 [ 57.281094][ T7017] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 57.286019][ T7017] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 57.291470][ T7017] do_fast_syscall_32+0x270/0xe90 [ 57.296480][ T7017] entry_SYSENTER_compat+0x70/0x7f [ 57.301591][ T7017] [ 57.303903][ T7017] Allocated by task 7017: [ 57.308217][ T7017] save_stack+0x1b/0x40 [ 57.312352][ T7017] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 57.317964][ T7017] kvmalloc_node+0x61/0xf0 [ 57.322550][ T7017] kvm_set_memslot+0x115/0x1530 [ 57.327380][ T7017] __kvm_set_memory_region+0xcf7/0x1320 [ 57.332902][ T7017] kvm_set_memory_region+0x29/0x50 [ 57.338104][ T7017] kvm_vm_ioctl+0x678/0x23e0 [ 57.342931][ T7017] kvm_vm_compat_ioctl+0x125/0x240 [ 57.348728][ T7017] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 57.354182][ T7017] do_fast_syscall_32+0x270/0xe90 [ 57.359204][ T7017] entry_SYSENTER_compat+0x70/0x7f [ 57.364561][ T7017] [ 57.366887][ T7017] Freed by task 12: [ 57.370690][ T7017] save_stack+0x1b/0x40 [ 57.374933][ T7017] __kasan_slab_free+0xf7/0x140 [ 57.379771][ T7017] kfree+0x109/0x2b0 [ 57.383645][ T7017] process_one_work+0x965/0x16a0 [ 57.388844][ T7017] worker_thread+0x96/0xe20 [ 57.393784][ T7017] kthread+0x388/0x470 [ 57.397862][ T7017] ret_from_fork+0x24/0x30 [ 57.402274][ T7017] [ 57.404608][ T7017] The buggy address belongs to the object at ffff8880a66dc000 [ 57.404608][ T7017] which belongs to the cache kmalloc-2k of size 2048 [ 57.418829][ T7017] The buggy address is located 1128 bytes inside of [ 57.418829][ T7017] 2048-byte region [ffff8880a66dc000, ffff8880a66dc800) [ 57.436049][ T7017] The buggy address belongs to the page: [ 57.441776][ T7017] page:ffffea000299b700 refcount:1 mapcount:0 mapping:00000000422ea319 index:0x0 [ 57.451635][ T7017] flags: 0xfffe0000000200(slab) [ 57.456822][ T7017] raw: 00fffe0000000200 ffffea0002a1c1c8 ffffea000299a108 ffff8880aa000e00 [ 57.465513][ T7017] raw: 0000000000000000 ffff8880a66dc000 0000000100000001 0000000000000000 [ 57.474085][ T7017] page dumped because: kasan: bad access detected [ 57.480492][ T7017] [ 57.482800][ T7017] Memory state around the buggy address: [ 57.488944][ T7017] ffff8880a66dc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.497002][ T7017] ffff8880a66dc380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.505152][ T7017] >ffff8880a66dc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 57.513202][ T7017] ^ [ 57.520637][ T7017] ffff8880a66dc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.528779][ T7017] ffff8880a66dc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.537268][ T7017] ================================================================== [ 57.545401][ T7017] Disabling lock debugging due to kernel taint [ 57.552238][ T7017] Kernel panic - not syncing: panic_on_warn set ... [ 57.558950][ T7017] CPU: 1 PID: 7017 Comm: syz-executor217 Tainted: G B 5.6.0-syzkaller #0 [ 57.568662][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.578712][ T7017] Call Trace: [ 57.582024][ T7017] dump_stack+0x188/0x20d [ 57.586440][ T7017] panic+0x2e3/0x75c [ 57.590327][ T7017] ? add_taint.cold+0x16/0x16 [ 57.594981][ T7017] ? preempt_schedule_common+0x5e/0xc0 [ 57.600415][ T7017] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.606022][ T7017] ? preempt_schedule_thunk+0x16/0x18 [ 57.611390][ T7017] ? trace_hardirqs_on+0x55/0x220 [ 57.616518][ T7017] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.622141][ T7017] end_report+0x4d/0x53 [ 57.626441][ T7017] __kasan_report.cold+0xd/0x4d [ 57.631282][ T7017] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.636894][ T7017] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.642534][ T7017] kasan_report+0x33/0x50 [ 57.646857][ T7017] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 57.652309][ T7017] try_async_pf+0x12b/0xac0 [ 57.656797][ T7017] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 57.661636][ T7017] ? mark_held_locks+0x9f/0xe0 [ 57.666386][ T7017] ? mmu_topup_memory_caches+0x325/0x460 [ 57.671994][ T7017] direct_page_fault+0x27d/0x1d70 [ 57.676993][ T7017] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 57.682174][ T7017] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 57.689185][ T7017] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 57.694188][ T7017] kvm_mmu_page_fault+0x187/0x15d0 [ 57.699279][ T7017] ? kvm_deliver_exception_payload+0x42/0x1a0 [ 57.705318][ T7017] ? kvm_multiple_exception+0x51e/0x720 [ 57.710844][ T7017] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 57.716901][ T7017] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.722538][ T7017] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.728511][ T7017] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.734043][ T7017] ? handle_ept_violation+0x206/0x550 [ 57.739390][ T7017] ? vmx_inject_irq+0x5b0/0x5b0 [ 57.744242][ T7017] vmx_handle_exit+0x2b8/0x1700 [ 57.749072][ T7017] vcpu_enter_guest+0xfea/0x59d0 [ 57.753997][ T7017] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 57.760386][ T7017] ? kvm_arch_vcpu_ioctl_run+0x23a/0x16a0 [ 57.766277][ T7017] ? lock_release+0x800/0x800 [ 57.770934][ T7017] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.776466][ T7017] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.782433][ T7017] ? lockdep_hardirqs_on+0x463/0x620 [ 57.787698][ T7017] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 57.793396][ T7017] ? kvm_arch_vcpu_ioctl_run+0x27b/0x16a0 [ 57.799089][ T7017] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 57.804612][ T7017] kvm_vcpu_ioctl+0x493/0xe60 [ 57.809263][ T7017] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 57.815665][ T7017] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.821535][ T7017] ? do_vfs_ioctl+0x50c/0x12d0 [ 57.826286][ T7017] ? ioctl_file_clone+0x180/0x180 [ 57.831295][ T7017] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 57.836586][ T7017] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.842666][ T7017] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 57.847520][ T7017] ? do_sys_open+0xc3/0x140 [ 57.852109][ T7017] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 57.856945][ T7017] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 57.862406][ T7017] do_fast_syscall_32+0x270/0xe90 [ 57.867412][ T7017] entry_SYSENTER_compat+0x70/0x7f [ 57.874235][ T7017] Kernel Offset: disabled [ 57.878746][ T7017] Rebooting in 86400 seconds..