[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.569385] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 43.590553] FAULT_INJECTION: forcing a failure. [ 43.590553] name failslab, interval 1, probability 0, space 0, times 1 [ 43.602307] CPU: 0 PID: 8118 Comm: syz-executor303 Not tainted 4.19.211-syzkaller #0 [ 43.610192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 43.619530] Call Trace: [ 43.622105] dump_stack+0x1fc/0x2ef [ 43.625717] should_fail.cold+0xa/0xf [ 43.629501] ? setup_fault_attr+0x200/0x200 [ 43.633891] ? lock_acquire+0x170/0x3c0 [ 43.637850] __should_failslab+0x115/0x180 [ 43.642071] should_failslab+0x5/0x10 [ 43.645853] __kmalloc+0x2ab/0x3c0 [ 43.649466] ? kvm_io_bus_unregister_dev+0x14a/0x3b0 [ 43.654626] kvm_io_bus_unregister_dev+0x14a/0x3b0 [ 43.659543] kvm_vm_ioctl_unregister_coalesced_mmio+0x1be/0x2c0 [ 43.665585] kvm_vm_ioctl+0x532/0x1700 [ 43.669456] ? _kstrtoull+0x297/0x540 [ 43.673243] ? kvm_vcpu_release+0xa0/0xa0 [ 43.677372] ? _copy_from_user+0xd2/0x130 [ 43.681611] ? get_pid_task+0xcd/0x190 [ 43.685487] ? check_preemption_disabled+0x41/0x280 [ 43.690485] ? lock_downgrade+0x720/0x720 [ 43.694616] ? check_preemption_disabled+0x41/0x280 [ 43.699622] ? get_pid_task+0xf4/0x190 [ 43.703493] ? proc_fail_nth_write+0x95/0x1d0 [ 43.707972] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 43.712883] ? debug_check_no_obj_freed+0x201/0x490 [ 43.717884] ? __vfs_write+0xff/0x770 [ 43.721665] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 43.726579] ? common_file_perm+0x4e5/0x850 [ 43.730885] ? kvm_vcpu_release+0xa0/0xa0 [ 43.735016] do_vfs_ioctl+0xcdb/0x12e0 [ 43.738885] ? vfs_write+0x3d7/0x540 [ 43.742580] ? ioctl_preallocate+0x200/0x200 [ 43.746972] ? lock_downgrade+0x720/0x720 [ 43.751106] ? check_preemption_disabled+0x41/0x280 [ 43.756103] ? vfs_write+0x393/0x540 [ 43.759802] ? ksys_write+0x1c8/0x2a0 [ 43.763585] ksys_ioctl+0x9b/0xc0 [ 43.767021] __x64_sys_ioctl+0x6f/0xb0 [ 43.770892] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 43.775456] do_syscall_64+0xf9/0x620 [ 43.779244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.784416] RIP: 0033:0x7f0647b6d759 [ 43.788124] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 43.807008] RSP: 002b:00007ffd5619c6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.814712] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0647b6d759 [ 43.821975] RDX: 00000000200000c0 RSI: 000000004010ae68 RDI: 0000000000000004 [ 43.829241] RBP: 00007ffd5619c6f0 R08: 0000000000000001 R09: 00007f0647b30031 [ 43.836492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 43.843740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 43.851820] kvm: failed to shrink bus, removing it completely [ 43.858299] ================================================================== [ 43.865800] BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 [ 43.874377] Read of size 8 at addr ffff8880a3fa4a00 by task syz-executor303/8118 [ 43.881918] [ 43.883531] CPU: 0 PID: 8118 Comm: syz-executor303 Not tainted 4.19.211-syzkaller #0 [ 43.891388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 43.900725] Call Trace: [ 43.903298] dump_stack+0x1fc/0x2ef [ 43.906910] print_address_description.cold+0x54/0x219 [ 43.912171] kasan_report_error.cold+0x8a/0x1b9 [ 43.916824] ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 [ 43.923037] __asan_report_load8_noabort+0x88/0x90 [ 43.927961] ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 [ 43.934174] ? kvm_vm_create_worker_thread+0x240/0x240 [ 43.939433] kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 [ 43.945474] kvm_vm_ioctl+0x532/0x1700 [ 43.949349] ? _kstrtoull+0x297/0x540 [ 43.953130] ? kvm_vcpu_release+0xa0/0xa0 [ 43.957258] ? _copy_from_user+0xd2/0x130 [ 43.961389] ? get_pid_task+0xcd/0x190 [ 43.965261] ? check_preemption_disabled+0x41/0x280 [ 43.970274] ? lock_downgrade+0x720/0x720 [ 43.974405] ? check_preemption_disabled+0x41/0x280 [ 43.979404] ? get_pid_task+0xf4/0x190 [ 43.983272] ? proc_fail_nth_write+0x95/0x1d0 [ 43.987765] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 43.992675] ? debug_check_no_obj_freed+0x201/0x490 [ 43.997673] ? __vfs_write+0xff/0x770 [ 44.001451] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 44.006364] ? common_file_perm+0x4e5/0x850 [ 44.010669] ? kvm_vcpu_release+0xa0/0xa0 [ 44.014798] do_vfs_ioctl+0xcdb/0x12e0 [ 44.018667] ? vfs_write+0x3d7/0x540 [ 44.022358] ? ioctl_preallocate+0x200/0x200 [ 44.026752] ? lock_downgrade+0x720/0x720 [ 44.030888] ? check_preemption_disabled+0x41/0x280 [ 44.035889] ? vfs_write+0x393/0x540 [ 44.039588] ? ksys_write+0x1c8/0x2a0 [ 44.043371] ksys_ioctl+0x9b/0xc0 [ 44.046805] __x64_sys_ioctl+0x6f/0xb0 [ 44.050675] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 44.055238] do_syscall_64+0xf9/0x620 [ 44.059024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.064209] RIP: 0033:0x7f0647b6d759 [ 44.067913] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 44.086884] RSP: 002b:00007ffd5619c6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.094577] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0647b6d759 [ 44.101824] RDX: 00000000200000c0 RSI: 000000004010ae68 RDI: 0000000000000004 [ 44.109072] RBP: 00007ffd5619c6f0 R08: 0000000000000001 R09: 00007f0647b30031 [ 44.116320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 44.123568] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 44.130841] [ 44.132448] Allocated by task 8118: [ 44.136061] kmem_cache_alloc_trace+0x12f/0x380 [ 44.140714] kvm_vm_ioctl_register_coalesced_mmio+0x51/0x350 [ 44.146521] kvm_vm_ioctl+0xc63/0x1700 [ 44.150391] do_vfs_ioctl+0xcdb/0x12e0 [ 44.154288] ksys_ioctl+0x9b/0xc0 [ 44.157724] __x64_sys_ioctl+0x6f/0xb0 [ 44.161589] do_syscall_64+0xf9/0x620 [ 44.165400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.170562] [ 44.172215] Freed by task 8118: [ 44.175473] kfree+0xcc/0x210 [ 44.178564] kvm_io_bus_unregister_dev.cold+0xf0/0x110 [ 44.183847] kvm_vm_ioctl_unregister_coalesced_mmio+0x1be/0x2c0 [ 44.189884] kvm_vm_ioctl+0x532/0x1700 [ 44.193750] do_vfs_ioctl+0xcdb/0x12e0 [ 44.197613] ksys_ioctl+0x9b/0xc0 [ 44.201043] __x64_sys_ioctl+0x6f/0xb0 [ 44.204907] do_syscall_64+0xf9/0x620 [ 44.208691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.213853] [ 44.215461] The buggy address belongs to the object at ffff8880a3fa4a00 [ 44.215461] which belongs to the cache kmalloc-64 of size 64 [ 44.227923] The buggy address is located 0 bytes inside of [ 44.227923] 64-byte region [ffff8880a3fa4a00, ffff8880a3fa4a40) [ 44.239515] The buggy address belongs to the page: [ 44.244424] page:ffffea00028fe900 count:1 mapcount:0 mapping:ffff88813bff0340 index:0x0 [ 44.252546] flags: 0xfff00000000100(slab) [ 44.256675] raw: 00fff00000000100 ffffea0002919108 ffffea00028cf188 ffff88813bff0340 [ 44.264664] raw: 0000000000000000 ffff8880a3fa4000 0000000100000020 0000000000000000 [ 44.272537] page dumped because: kasan: bad access detected [ 44.278235] [ 44.279843] Memory state around the buggy address: [ 44.284753] ffff8880a3fa4900: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 44.292103] ffff8880a3fa4980: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 44.299449] >ffff8880a3fa4a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.306804] ^ [ 44.310149] ffff8880a3fa4a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 44.317486] ffff8880a3fa4b00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 44.324819] ================================================================== [ 44.332154] Disabling lock debugging due to kernel taint [ 44.338764] Kernel panic - not syncing: panic_on_warn set ... [ 44.338764] [ 44.346144] CPU: 0 PID: 8118 Comm: syz-executor303 Tainted: G B 4.19.211-syzkaller #0 [ 44.355586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 44.364935] Call Trace: [ 44.367527] dump_stack+0x1fc/0x2ef [ 44.371136] panic+0x26a/0x50e [ 44.374310] ? __warn_printk+0xf3/0xf3 [ 44.378178] ? preempt_schedule_common+0x45/0xc0 [ 44.382912] ? ___preempt_schedule+0x16/0x18 [ 44.387317] ? trace_hardirqs_on+0x55/0x210 [ 44.391637] kasan_end_report+0x43/0x49 [ 44.395595] kasan_report_error.cold+0xa7/0x1b9 [ 44.400251] ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 [ 44.406465] __asan_report_load8_noabort+0x88/0x90 [ 44.411375] ? kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 [ 44.417586] ? kvm_vm_create_worker_thread+0x240/0x240 [ 44.422841] kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 [ 44.428891] kvm_vm_ioctl+0x532/0x1700 [ 44.432757] ? _kstrtoull+0x297/0x540 [ 44.436536] ? kvm_vcpu_release+0xa0/0xa0 [ 44.440684] ? _copy_from_user+0xd2/0x130 [ 44.444828] ? get_pid_task+0xcd/0x190 [ 44.448695] ? check_preemption_disabled+0x41/0x280 [ 44.453714] ? lock_downgrade+0x720/0x720 [ 44.457860] ? check_preemption_disabled+0x41/0x280 [ 44.462861] ? get_pid_task+0xf4/0x190 [ 44.466801] ? proc_fail_nth_write+0x95/0x1d0 [ 44.471278] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 44.476483] ? debug_check_no_obj_freed+0x201/0x490 [ 44.481500] ? __vfs_write+0xff/0x770 [ 44.485306] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 44.490230] ? common_file_perm+0x4e5/0x850 [ 44.494530] ? kvm_vcpu_release+0xa0/0xa0 [ 44.498654] do_vfs_ioctl+0xcdb/0x12e0 [ 44.502522] ? vfs_write+0x3d7/0x540 [ 44.506218] ? ioctl_preallocate+0x200/0x200 [ 44.510611] ? lock_downgrade+0x720/0x720 [ 44.514741] ? check_preemption_disabled+0x41/0x280 [ 44.519860] ? vfs_write+0x393/0x540 [ 44.523642] ? ksys_write+0x1c8/0x2a0 [ 44.527420] ksys_ioctl+0x9b/0xc0 [ 44.530856] __x64_sys_ioctl+0x6f/0xb0 [ 44.534732] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 44.539294] do_syscall_64+0xf9/0x620 [ 44.543079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.548248] RIP: 0033:0x7f0647b6d759 [ 44.551970] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 44.571456] RSP: 002b:00007ffd5619c6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.579141] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0647b6d759 [ 44.586388] RDX: 00000000200000c0 RSI: 000000004010ae68 RDI: 0000000000000004 [ 44.593637] RBP: 00007ffd5619c6f0 R08: 0000000000000001 R09: 00007f0647b30031 [ 44.600909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 44.608154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 44.615589] Kernel Offset: disabled [ 44.619200] Rebooting in 86400 seconds..