[ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.37' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.156400][ T7032] IPVS: ftp: loaded support on port[0] = 21 [ 56.193373][ T7032] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 56.226931][ T7032] ================================================================== [ 56.235174][ T7032] BUG: KASAN: slab-out-of-bounds in __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.243938][ T7032] Read of size 8 at addr ffff88809f030468 by task syz-executor072/7032 [ 56.252153][ T7032] [ 56.254474][ T7032] CPU: 0 PID: 7032 Comm: syz-executor072 Not tainted 5.7.0-rc1-syzkaller #0 [ 56.263248][ T7032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.273369][ T7032] Call Trace: [ 56.276752][ T7032] dump_stack+0x188/0x20d [ 56.281071][ T7032] print_address_description.constprop.0.cold+0xd3/0x315 [ 56.288337][ T7032] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.294299][ T7032] __kasan_report.cold+0x35/0x4d [ 56.299220][ T7032] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.305247][ T7032] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.311386][ T7032] kasan_report+0x33/0x50 [ 56.315727][ T7032] __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.321539][ T7032] ? __kvm_write_guest_page+0x170/0x170 [ 56.327244][ T7032] kvm_lapic_set_vapic_addr+0x88/0x180 [ 56.332697][ T7032] kvm_arch_vcpu_ioctl+0xf0d/0x2c20 [ 56.337879][ T7032] ? kvm_arch_vcpu_put+0x530/0x530 [ 56.342985][ T7032] ? lock_acquire+0x1f2/0x8f0 [ 56.347660][ T7032] ? kvm_vcpu_ioctl+0x175/0xe60 [ 56.352511][ T7032] ? lock_release+0x800/0x800 [ 56.357189][ T7032] ? find_held_lock+0x2d/0x110 [ 56.361952][ T7032] ? __mutex_lock+0x458/0x13c0 [ 56.366705][ T7032] ? kfree+0x1eb/0x2b0 [ 56.370815][ T7032] ? kvm_vcpu_ioctl+0x175/0xe60 [ 56.375783][ T7032] ? mutex_trylock+0x2c0/0x2c0 [ 56.380552][ T7032] ? tomoyo_execute_permission+0x470/0x470 [ 56.386444][ T7032] kvm_vcpu_ioctl+0x866/0xe60 [ 56.391154][ T7032] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 56.397551][ T7032] ? ioctl_file_clone+0x180/0x180 [ 56.402638][ T7032] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.408189][ T7032] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.414163][ T7032] ? down_read_nested+0x420/0x420 [ 56.419335][ T7032] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 56.426160][ T7032] ksys_ioctl+0x11a/0x180 [ 56.430478][ T7032] __x64_sys_ioctl+0x6f/0xb0 [ 56.435079][ T7032] ? lockdep_hardirqs_on+0x463/0x620 [ 56.440389][ T7032] do_syscall_64+0xf6/0x7d0 [ 56.444946][ T7032] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.450836][ T7032] RIP: 0033:0x440ac9 [ 56.454711][ T7032] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.475097][ T7032] RSP: 002b:00007ffe5f502ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.483541][ T7032] RAX: ffffffffffffffda RBX: 00000000004a22b0 RCX: 0000000000440ac9 [ 56.491516][ T7032] RDX: 0000000020000080 RSI: 000000004008ae93 RDI: 0000000000000005 [ 56.499487][ T7032] RBP: 00007ffe5f502ae0 R08: 0000000120080522 R09: 0000000120080522 [ 56.507554][ T7032] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a22b0 [ 56.515906][ T7032] R13: 0000000000402060 R14: 0000000000000000 R15: 0000000000000000 [ 56.523890][ T7032] [ 56.526227][ T7032] Allocated by task 7032: [ 56.530633][ T7032] save_stack+0x1b/0x40 [ 56.538855][ T7032] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 56.544474][ T7032] kvmalloc_node+0x61/0xf0 [ 56.548869][ T7032] kvm_set_memslot+0x115/0x1530 [ 56.553701][ T7032] __kvm_set_memory_region+0xcf7/0x1320 [ 56.559237][ T7032] __x86_set_memory_region+0x2a3/0x5a0 [ 56.564796][ T7032] vmx_create_vcpu+0x2107/0x2b40 [ 56.569738][ T7032] kvm_arch_vcpu_create+0x6ef/0xb80 [ 56.574943][ T7032] kvm_vm_ioctl+0x15f7/0x23e0 [ 56.579701][ T7032] ksys_ioctl+0x11a/0x180 [ 56.584018][ T7032] __x64_sys_ioctl+0x6f/0xb0 [ 56.588588][ T7032] do_syscall_64+0xf6/0x7d0 [ 56.593073][ T7032] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.598936][ T7032] [ 56.601252][ T7032] Freed by task 0: [ 56.604949][ T7032] (stack is not available) [ 56.609369][ T7032] [ 56.611695][ T7032] The buggy address belongs to the object at ffff88809f030000 [ 56.611695][ T7032] which belongs to the cache kmalloc-2k of size 2048 [ 56.625823][ T7032] The buggy address is located 1128 bytes inside of [ 56.625823][ T7032] 2048-byte region [ffff88809f030000, ffff88809f030800) [ 56.639241][ T7032] The buggy address belongs to the page: [ 56.644858][ T7032] page:ffffea00027c0c00 refcount:1 mapcount:0 mapping:0000000058c93d70 index:0x0 [ 56.653955][ T7032] flags: 0xfffe0000000200(slab) [ 56.658847][ T7032] raw: 00fffe0000000200 ffffea0002694008 ffffea00029e98c8 ffff8880aa000e00 [ 56.667412][ T7032] raw: 0000000000000000 ffff88809f030000 0000000100000001 0000000000000000 [ 56.675983][ T7032] page dumped because: kasan: bad access detected [ 56.682399][ T7032] [ 56.684780][ T7032] Memory state around the buggy address: [ 56.690407][ T7032] ffff88809f030300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.698454][ T7032] ffff88809f030380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.706498][ T7032] >ffff88809f030400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 56.714819][ T7032] ^ [ 56.722342][ T7032] ffff88809f030480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.730394][ T7032] ffff88809f030500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.738448][ T7032] ================================================================== [ 56.746577][ T7032] Disabling lock debugging due to kernel taint [ 56.753454][ T7032] Kernel panic - not syncing: panic_on_warn set ... [ 56.760402][ T7032] CPU: 0 PID: 7032 Comm: syz-executor072 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 56.770462][ T7032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.780599][ T7032] Call Trace: [ 56.783874][ T7032] dump_stack+0x188/0x20d [ 56.788184][ T7032] panic+0x2e3/0x75c [ 56.792070][ T7032] ? add_taint.cold+0x16/0x16 [ 56.796724][ T7032] ? preempt_schedule_common+0x5e/0xc0 [ 56.802163][ T7032] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.808296][ T7032] ? preempt_schedule_thunk+0x16/0x18 [ 56.813644][ T7032] ? trace_hardirqs_on+0x55/0x220 [ 56.818740][ T7032] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.824731][ T7032] end_report+0x4d/0x53 [ 56.828886][ T7032] __kasan_report.cold+0xd/0x4d [ 56.834168][ T7032] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.840224][ T7032] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.846202][ T7032] kasan_report+0x33/0x50 [ 56.850531][ T7032] __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 56.856836][ T7032] ? __kvm_write_guest_page+0x170/0x170 [ 56.862380][ T7032] kvm_lapic_set_vapic_addr+0x88/0x180 [ 56.867817][ T7032] kvm_arch_vcpu_ioctl+0xf0d/0x2c20 [ 56.873011][ T7032] ? kvm_arch_vcpu_put+0x530/0x530 [ 56.878100][ T7032] ? lock_acquire+0x1f2/0x8f0 [ 56.882755][ T7032] ? kvm_vcpu_ioctl+0x175/0xe60 [ 56.887582][ T7032] ? lock_release+0x800/0x800 [ 56.892246][ T7032] ? find_held_lock+0x2d/0x110 [ 56.896999][ T7032] ? __mutex_lock+0x458/0x13c0 [ 56.901832][ T7032] ? kfree+0x1eb/0x2b0 [ 56.905949][ T7032] ? kvm_vcpu_ioctl+0x175/0xe60 [ 56.911093][ T7032] ? mutex_trylock+0x2c0/0x2c0 [ 56.915980][ T7032] ? tomoyo_execute_permission+0x470/0x470 [ 56.921855][ T7032] kvm_vcpu_ioctl+0x866/0xe60 [ 56.926522][ T7032] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 56.933160][ T7032] ? ioctl_file_clone+0x180/0x180 [ 56.938172][ T7032] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.943800][ T7032] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.950078][ T7032] ? down_read_nested+0x420/0x420 [ 56.955144][ T7032] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 56.961544][ T7032] ksys_ioctl+0x11a/0x180 [ 56.965907][ T7032] __x64_sys_ioctl+0x6f/0xb0 [ 56.970484][ T7032] ? lockdep_hardirqs_on+0x463/0x620 [ 56.975751][ T7032] do_syscall_64+0xf6/0x7d0 [ 56.980235][ T7032] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.986132][ T7032] RIP: 0033:0x440ac9 [ 56.990133][ T7032] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.009778][ T7032] RSP: 002b:00007ffe5f502ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.018180][ T7032] RAX: ffffffffffffffda RBX: 00000000004a22b0 RCX: 0000000000440ac9 [ 57.026141][ T7032] RDX: 0000000020000080 RSI: 000000004008ae93 RDI: 0000000000000005 [ 57.034094][ T7032] RBP: 00007ffe5f502ae0 R08: 0000000120080522 R09: 0000000120080522 [ 57.042131][ T7032] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a22b0 [ 57.050516][ T7032] R13: 0000000000402060 R14: 0000000000000000 R15: 0000000000000000 [ 57.059696][ T7032] Kernel Offset: disabled [ 57.064034][ T7032] Rebooting in 86400 seconds..