Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s)[** ] A start job is running for dev-ttyS0.device (9s / 1min 30s)[*** ] A start job is running for dev-ttyS0.device (9s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ **] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ *] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ **] A start job is running for dev-ttyS0.device (13s / 1min 30s)[ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s)[ 23.293171][ T22] audit: type=1400 audit(1612965166.356:8): avc: denied { execmem } for pid=337 comm="syz-executor474" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 23.293856][ T337] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.346990][ T337] FAULT_INJECTION: forcing a failure. [ 23.346990][ T337] name failslab, interval 1, probability 0, space 0, times 1 [ 23.359635][ T337] CPU: 0 PID: 337 Comm: syz-executor474 Not tainted 5.4.96-syzkaller-00126-g72d1876a39cf #0 [ 23.369673][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.379786][ T337] Call Trace: [ 23.383055][ T337] dump_stack+0x1d8/0x24e [ 23.387381][ T337] ? devkmsg_release+0x11c/0x11c [ 23.392286][ T337] ? avc_has_perm+0x173/0x270 [ 23.396931][ T337] ? show_regs_print_info+0x12/0x12 [ 23.402101][ T337] ? avc_has_perm_noaudit+0x400/0x400 [ 23.407447][ T337] should_fail+0x6f6/0x860 [ 23.411840][ T337] ? setup_fault_attr+0x3d0/0x3d0 [ 23.416840][ T337] ? arch_stack_walk+0xde/0x140 [ 23.421665][ T337] ? kvm_io_bus_unregister_dev+0x1ca/0x470 [ 23.427887][ T337] should_failslab+0x5/0x20 [ 23.436445][ T337] __kmalloc+0x5f/0x2f0 [ 23.440576][ T337] kvm_io_bus_unregister_dev+0x1ca/0x470 [ 23.446183][ T337] kvm_vm_ioctl_unregister_coalesced_mmio+0x268/0x3a0 [ 23.452916][ T337] kvm_vm_ioctl+0x947/0x1a40 [ 23.457477][ T337] ? stack_trace_save+0x1f0/0x1f0 [ 23.462471][ T337] ? __kernel_text_address+0x93/0x100 [ 23.467834][ T337] ? vcpu_stat_clear_per_vm+0x260/0x260 [ 23.473349][ T337] ? unwind_get_return_address+0x48/0x80 [ 23.478970][ T337] ? arch_stack_walk+0xf8/0x140 [ 23.483793][ T337] ? check_preemption_disabled+0x154/0x330 [ 23.489568][ T337] ? debug_smp_processor_id+0x20/0x20 [ 23.494920][ T337] ? _kstrtoull+0x390/0x490 [ 23.499533][ T337] ? kstrtouint_from_user+0x20f/0x2a0 [ 23.505009][ T337] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 23.511134][ T337] ? refcount_inc_checked+0x50/0x50 [ 23.516306][ T337] ? proc_fail_nth_write+0x1d5/0x240 [ 23.521562][ T337] ? proc_fail_nth_read+0x1c0/0x1c0 [ 23.526731][ T337] ? proc_fail_nth_read+0x1c0/0x1c0 [ 23.531905][ T337] ? memset+0x1f/0x40 [ 23.535875][ T337] ? fsnotify+0x1332/0x13f0 [ 23.540350][ T337] ? vcpu_stat_clear_per_vm+0x260/0x260 [ 23.545867][ T337] do_vfs_ioctl+0x76a/0x1720 [ 23.550693][ T337] ? selinux_file_ioctl+0x7c6/0x990 [ 23.556734][ T337] ? ioctl_preallocate+0x250/0x250 [ 23.561817][ T337] ? __sb_end_write+0xb5/0x100 [ 23.566656][ T337] ? vfs_write+0x422/0x4e0 [ 23.571048][ T337] ? check_preemption_disabled+0x154/0x330 [ 23.576840][ T337] ? debug_smp_processor_id+0x20/0x20 [ 23.582197][ T337] ? security_file_ioctl+0x9d/0xb0 [ 23.587278][ T337] __x64_sys_ioctl+0xd4/0x110 [ 23.591938][ T337] do_syscall_64+0xcb/0x150 [ 23.596694][ T337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.602555][ T337] RIP: 0033:0x43f5a9 [ 23.606421][ T337] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.626082][ T337] RSP: 002b:00007fff0459d488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 23.634486][ T337] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000043f5a9 [ 23.642432][ T337] RDX: 00000000200000c0 RSI: 000000004010ae68 RDI: 0000000000000004 [ 23.650380][ T337] RBP: 00007fff0459d490 R08: 0000000000000001 R09: 0000000000400031 [ 23.658414][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 23.676361][ T337] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 23.684433][ T337] kvm: failed to shrink bus, removing it completely [ 23.695426][ T337] ================================================================== [ 23.703510][ T337] BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0xe6/0x3a0 [ 23.712676][ T337] Read of size 8 at addr ffff8881ea59ea00 by task syz-executor474/337 [ 23.720791][ T337] [ 23.723097][ T337] CPU: 1 PID: 337 Comm: syz-executor474 Not tainted 5.4.96-syzkaller-00126-g72d1876a39cf #0 [ 23.733121][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.743146][ T337] Call Trace: [ 23.746412][ T337] dump_stack+0x1d8/0x24e [ 23.750737][ T337] ? show_regs_print_info+0x12/0x12 [ 23.756029][ T337] ? printk+0xcf/0x114 [ 23.760100][ T337] print_address_description+0x9b/0x650 [ 23.771869][ T337] ? devkmsg_release+0x11c/0x11c [ 23.776777][ T337] ? slab_free_freelist_hook+0x7b/0x150 [ 23.782291][ T337] __kasan_report+0x182/0x1f0 [ 23.786942][ T337] ? kvm_vm_ioctl_unregister_coalesced_mmio+0xe6/0x3a0 [ 23.793935][ T337] ? coalesced_mmio_write+0x460/0x460 [ 23.799276][ T337] kasan_report+0x30/0x60 [ 23.803580][ T337] kvm_vm_ioctl_unregister_coalesced_mmio+0xe6/0x3a0 [ 23.810222][ T337] kvm_vm_ioctl+0x947/0x1a40 [ 23.814782][ T337] ? stack_trace_save+0x1f0/0x1f0 [ 23.819777][ T337] ? __kernel_text_address+0x93/0x100 [ 23.825226][ T337] ? vcpu_stat_clear_per_vm+0x260/0x260 [ 23.830743][ T337] ? unwind_get_return_address+0x48/0x80 [ 23.836366][ T337] ? arch_stack_walk+0xf8/0x140 [ 23.841186][ T337] ? check_preemption_disabled+0x154/0x330 [ 23.851940][ T337] ? debug_smp_processor_id+0x20/0x20 [ 23.857286][ T337] ? _kstrtoull+0x390/0x490 [ 23.861792][ T337] ? kstrtouint_from_user+0x20f/0x2a0 [ 23.861800][ T337] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 23.861807][ T337] ? refcount_inc_checked+0x50/0x50 [ 23.861820][ T337] ? proc_fail_nth_write+0x1d5/0x240 [ 23.884011][ T337] ? proc_fail_nth_read+0x1c0/0x1c0 [ 23.889223][ T337] ? proc_fail_nth_read+0x1c0/0x1c0 [ 23.894411][ T337] ? memset+0x1f/0x40 [ 23.898380][ T337] ? fsnotify+0x1332/0x13f0 [ 23.903213][ T337] ? vcpu_stat_clear_per_vm+0x260/0x260 [ 23.911473][ T337] do_vfs_ioctl+0x76a/0x1720 [ 23.916053][ T337] ? selinux_file_ioctl+0x7c6/0x990 [ 23.921265][ T337] ? ioctl_preallocate+0x250/0x250 [ 23.926380][ T337] ? __sb_end_write+0xb5/0x100 [ 23.931140][ T337] ? vfs_write+0x422/0x4e0 [ 23.935555][ T337] ? check_preemption_disabled+0x154/0x330 [ 23.941366][ T337] ? debug_smp_processor_id+0x20/0x20 [ 23.947260][ T337] ? security_file_ioctl+0x9d/0xb0 [ 23.953003][ T337] __x64_sys_ioctl+0xd4/0x110 [ 23.957677][ T337] do_syscall_64+0xcb/0x150 [ 23.962175][ T337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [*[0;1;3[ 23.968053][ T337] RIP: 0033:0x43f5a9 [ 23.975502][ T337] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.995316][ T337] RSP: 002b:00007fff0459d488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.003769][ T337] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000043f5a9 [ 24.011734][ T337] RDX: 00000000200000c0 RSI: 000000004010ae68 RDI: 0000000000000004 [ 24.019709][ T337] RBP: 00007fff0459d490 R08: 0000000000000001 R09: 0000000000400031 [ 24.030100][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 24.038057][ T337] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 24.046014][ T337] [ 24.048330][ T337] Allocated by task 337: [ 24.052564][ T337] __kasan_kmalloc+0x137/0x1e0 1m** [ 24.061047][ T337] kmem_cache_alloc_trace+0x139/0x2b0 [ 24.067805][ T337] kvm_vm_ioctl_register_coalesced_mmio+0x86/0x310 [ 24.074289][ T337] kvm_vm_ioctl+0x7f2/0x1a40 [ 24.078910][ T337] do_vfs_ioctl+0x76a/0x1720 [ 24.083483][ T337] __x64_sys_ioctl+0xd4/0x110 [ 24.088145][ T337] do_syscall_64+0xcb/0x150 [ 24.092632][ T337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.098504][ T337] [ 24.100831][ T337] Freed by task 337: [ 24.104738][ T337] __kasan_slab_free+0x18a/0x240 ] A start [ 24.109664][ T337] slab_free_freelist_hook+0x7b/0x150 [ 24.116459][ T337] kfree+0xe0/0x660 [ 24.120336][ T337] kvm_io_bus_unregister_dev+0x377/0x470 job is running f[ 24.125959][ T337] kvm_vm_ioctl_unregister_coalesced_mmio+0x268/0x3a0 [ 24.134106][ T337] kvm_vm_ioctl+0x947/0x1a40 [ 24.138707][ T337] do_vfs_ioctl+0x76a/0x1720 or dev-ttyS0.dev[ 24.143304][ T337] __x64_sys_ioctl+0xd4/0x110 [ 24.149422][ T337] do_syscall_64+0xcb/0x150 [ 24.153921][ T337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.159792][ T337] [ 24.162126][ T337] The buggy address belongs to the object at ffff8881ea59ea00 [ 24.162126][ T337] which belongs to the cache kmalloc-64 of size 64 [ 24.176002][ T337] The buggy address is located 0 bytes inside of [ 24.176002][ T337] 64-byte region [ffff8881ea59ea00, ffff8881ea59ea40) [ 24.188991][ T337] The buggy address belongs to the page: [ 24.194609][ T337] page:ffffea0007a96780 refcount:1 mapcount:0 mapping:ffff8881f5c03180 index:0x0 [ 24.208050][ T337] flags: 0x8000000000000200(slab) [ 24.213063][ T337] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f5c03180 [ 24.221631][ T337] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 24.230194][ T337] page dumped because: kasan: bad access detected [ 24.236585][ T337] [ 24.238897][ T337] Memory state around the buggy address: [ 24.244511][ T337] ffff8881ea59e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.252557][ T337] ffff8881ea59e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.260620][ T337] >ffff8881ea59ea00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.268660][ T337] ^ [ 24.272712][ T337] ffff8881ea59ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.280766][ T337] ffff8881ea59eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.288848][ T337] ================================================================== [ 24.296888][ T337] Disabling lock debugging due to kernel taint ice (16s / 1min [ 24.303645][ T337] Kernel panic - not syncing: panic_on_warn set ... [ 24.311096][ T337] CPU: 1 PID: 337 Comm: syz-executor474 Tainted: G B 5.4.96-syzkaller-00126-g72d1876a39cf #0 3[0s) 24.324547][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.334946][ T337] Call Trace: [ 24.338230][ T337] dump_stack+0x1d8/0x24e [ 24.342561][ T337] ? devkmsg_release+0x11c/0x11c [ 24.347502][ T337] ? show_regs_print_info+0x12/0x12 [ 24.352685][ T337] panic+0x285/0x740 [ 24.356584][ T337] ? add_taint+0x3e/0x90 [ 24.360812][ T337] ? nmi_panic+0x90/0x90 [ 24.365043][ T337] ? ___preempt_schedule+0x16/0x20 [ 24.370166][ T337] __kasan_report+0x1ec/0x1f0 [ 24.374848][ T337] ? kvm_vm_ioctl_unregister_coalesced_mmio+0xe6/0x3a0 [ 24.381701][ T337] ? coalesced_mmio_write+0x460/0x460 [ 24.387060][ T337] kasan_report+0x30/0x60 [ 24.391403][ T337] kvm_vm_ioctl_unregister_coalesced_mmio+0xe6/0x3a0 [ 24.398120][ T337] kvm_vm_ioctl+0x947/0x1a40 [ 24.402704][ T337] ? stack_trace_save+0x1f0/0x1f0 [ 24.407718][ T337] ? __kernel_text_address+0x93/0x100 [ 24.413080][ T337] ? vcpu_stat_clear_per_vm+0x260/0x260 [ 24.418611][ T337] ? unwind_get_return_address+0x48/0x80 [ 24.424227][ T337] ? arch_stack_walk+0xf8/0x140 [ 24.430023][ T337] ? check_preemption_disabled+0x154/0x330 [ 24.436078][ T337] ? debug_smp_processor_id+0x20/0x20 [ 24.441434][ T337] ? _kstrtoull+0x390/0x490 [ 24.445931][ T337] ? kstrtouint_from_user+0x20f/0x2a0 [ 24.451305][ T337] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 24.457549][ T337] ? refcount_inc_checked+0x50/0x50 [ 24.462735][ T337] ? proc_fail_nth_write+0x1d5/0x240 [ 24.468006][ T337] ? proc_fail_nth_read+0x1c0/0x1c0 [ 24.473207][ T337] ? proc_fail_nth_read+0x1c0/0x1c0 [ 24.478394][ T337] ? memset+0x1f/0x40 [ 24.482387][ T337] ? fsnotify+0x1332/0x13f0 [ 24.486879][ T337] ? vcpu_stat_clear_per_vm+0x260/0x260 [ 24.492420][ T337] do_vfs_ioctl+0x76a/0x1720 [ 24.497003][ T337] ? selinux_file_ioctl+0x7c6/0x990 [ 24.502185][ T337] ? ioctl_preallocate+0x250/0x250 [ 24.507284][ T337] ? __sb_end_write+0xb5/0x100 [ 24.512032][ T337] ? vfs_write+0x422/0x4e0 [ 24.516437][ T337] ? check_preemption_disabled+0x154/0x330 [ 24.522227][ T337] ? debug_smp_processor_id+0x20/0x20 [ 24.527672][ T337] ? security_file_ioctl+0x9d/0xb0 [ 24.532768][ T337] __x64_sys_ioctl+0xd4/0x110 [ 24.537456][ T337] do_syscall_64+0xcb/0x150 [ 24.541952][ T337] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.547838][ T337] RIP: 0033:0x43f5a9 [ 24.551716][ T337] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 24.572344][ T337] RSP: 002b:00007fff0459d488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.580826][ T337] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000043f5a9 [ 24.588855][ T337] RDX: 00000000200000c0 RSI: 000000004010ae68 RDI: 0000000000000004 [ 24.596836][ T337] RBP: 00007fff0459d490 R08: 0000000000000001 R09: 0000000000400031 [ 24.604794][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 24.612751][ T337] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 24.621248][ T337] Kernel Offset: disabled [ 24.625559][ T337] Rebooting in 86400 seconds..