Starting OpenBSD Secure Shell server... Starting System Logging Service... Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.117' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 59.349262][ T6995] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 59.389805][ T6995] ================================================================== [ 59.398167][ T6995] BUG: KASAN: slab-out-of-bounds in kvm_read_guest_page+0x4b5/0x4d0 [ 59.406176][ T6995] Read of size 8 at addr ffff8880953fd468 by task syz-executor431/6995 [ 59.414398][ T6995] [ 59.416726][ T6995] CPU: 1 PID: 6995 Comm: syz-executor431 Not tainted 5.6.0-syzkaller #0 [ 59.425129][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.435174][ T6995] Call Trace: [ 59.438476][ T6995] dump_stack+0x188/0x20d [ 59.442794][ T6995] print_address_description.constprop.0.cold+0xd3/0x315 [ 59.449824][ T6995] ? kvm_read_guest_page+0x4b5/0x4d0 [ 59.455178][ T6995] __kasan_report.cold+0x35/0x4d [ 59.460098][ T6995] ? kvm_read_guest_page+0x4b5/0x4d0 [ 59.465364][ T6995] ? kvm_read_guest_page+0x4b5/0x4d0 [ 59.470644][ T6995] kasan_report+0x33/0x50 [ 59.474957][ T6995] kvm_read_guest_page+0x4b5/0x4d0 [ 59.480071][ T6995] kvm_read_guest+0x51/0xd0 [ 59.484577][ T6995] kvm_set_msr_common+0xdf3/0x27c0 [ 59.489693][ T6995] ? get_kvmclock_ns+0x370/0x370 [ 59.495329][ T6995] vmx_set_msr+0xa83/0x26a0 [ 59.499822][ T6995] ? pt_update_intercept_for_msr+0x960/0x960 [ 59.505850][ T6995] ? lock_downgrade+0x840/0x840 [ 59.510703][ T6995] __kvm_set_msr+0x15f/0x2d0 [ 59.515281][ T6995] ? kvm_enable_efer_bits+0x20/0x20 [ 59.520480][ T6995] ? __might_fault+0x190/0x1d0 [ 59.525229][ T6995] ? _copy_from_user+0x13c/0x1a0 [ 59.530153][ T6995] ? do_get_msr+0x100/0x100 [ 59.534647][ T6995] msr_io+0x173/0x290 [ 59.538615][ T6995] ? emulator_write_std+0xb0/0xb0 [ 59.543646][ T6995] ? entry_SYSENTER_compat+0x70/0x7f [ 59.548999][ T6995] kvm_arch_vcpu_ioctl+0x1004/0x2c20 [ 59.554290][ T6995] ? kvm_arch_vcpu_ioctl+0xfb5/0x2c20 [ 59.559666][ T6995] ? kvm_arch_vcpu_put+0x530/0x530 [ 59.564771][ T6995] ? lock_acquire+0x1f2/0x8f0 [ 59.569552][ T6995] ? kvm_vcpu_ioctl+0x175/0xe60 [ 59.574392][ T6995] ? lock_release+0x800/0x800 [ 59.579075][ T6995] ? find_held_lock+0x2d/0x110 [ 59.583834][ T6995] ? __mutex_lock+0x458/0x13c0 [ 59.588585][ T6995] ? find_held_lock+0x2d/0x110 [ 59.593338][ T6995] ? kvm_vcpu_ioctl+0x175/0xe60 [ 59.598170][ T6995] ? tomoyo_path_number_perm+0x1ee/0x4d0 [ 59.603784][ T6995] ? mutex_trylock+0x2c0/0x2c0 [ 59.608546][ T6995] ? lock_downgrade+0x840/0x840 [ 59.613377][ T6995] ? quarantine_put+0x119/0x1c0 [ 59.618227][ T6995] ? kfree+0x1eb/0x2b0 [ 59.622274][ T6995] ? tomoyo_path_number_perm+0x411/0x4d0 [ 59.627907][ T6995] ? lockdep_hardirqs_on+0x463/0x620 [ 59.633186][ T6995] ? tomoyo_path_number_perm+0x238/0x4d0 [ 59.638826][ T6995] kvm_vcpu_ioctl+0x866/0xe60 [ 59.643586][ T6995] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 59.650004][ T6995] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 59.657017][ T6995] ? do_vfs_ioctl+0x50c/0x12d0 [ 59.661957][ T6995] ? ioctl_file_clone+0x180/0x180 [ 59.666975][ T6995] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 59.672266][ T6995] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.678227][ T6995] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 59.683101][ T6995] ? unlock_page_memcg+0x30/0x30 [ 59.688073][ T6995] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 59.692933][ T6995] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 59.698388][ T6995] do_fast_syscall_32+0x270/0xe90 [ 59.704227][ T6995] entry_SYSENTER_compat+0x70/0x7f [ 59.709389][ T6995] [ 59.711700][ T6995] Allocated by task 6995: [ 59.716043][ T6995] save_stack+0x1b/0x80 [ 59.720189][ T6995] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 59.725803][ T6995] kvmalloc_node+0x61/0xf0 [ 59.730203][ T6995] kvm_set_memslot+0x115/0x1530 [ 59.735090][ T6995] __kvm_set_memory_region+0xcf7/0x1320 [ 59.740643][ T6995] kvm_set_memory_region+0x29/0x50 [ 59.745755][ T6995] kvm_vm_ioctl+0x678/0x23e0 [ 59.750326][ T6995] kvm_vm_compat_ioctl+0x125/0x240 [ 59.755430][ T6995] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 59.760867][ T6995] do_fast_syscall_32+0x270/0xe90 [ 59.765870][ T6995] entry_SYSENTER_compat+0x70/0x7f [ 59.770956][ T6995] [ 59.773261][ T6995] Freed by task 0: [ 59.776955][ T6995] (stack is not available) [ 59.781346][ T6995] [ 59.783659][ T6995] The buggy address belongs to the object at ffff8880953fd000 [ 59.783659][ T6995] which belongs to the cache kmalloc-2k of size 2048 [ 59.797702][ T6995] The buggy address is located 1128 bytes inside of [ 59.797702][ T6995] 2048-byte region [ffff8880953fd000, ffff8880953fd800) [ 59.811139][ T6995] The buggy address belongs to the page: [ 59.816761][ T6995] page:ffffea000254ff40 refcount:1 mapcount:0 mapping:00000000f2d13e61 index:0x0 [ 59.825844][ T6995] flags: 0xfffe0000000200(slab) [ 59.830688][ T6995] raw: 00fffe0000000200 ffffea000290dd48 ffffea00029c98c8 ffff8880aa000e00 [ 59.839255][ T6995] raw: 0000000000000000 ffff8880953fd000 0000000100000001 0000000000000000 [ 59.847818][ T6995] page dumped because: kasan: bad access detected [ 59.854290][ T6995] [ 59.856770][ T6995] Memory state around the buggy address: [ 59.862398][ T6995] ffff8880953fd300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.870454][ T6995] ffff8880953fd380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.878582][ T6995] >ffff8880953fd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 59.886634][ T6995] ^ [ 59.894071][ T6995] ffff8880953fd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.902205][ T6995] ffff8880953fd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.910310][ T6995] ================================================================== [ 59.918471][ T6995] Disabling lock debugging due to kernel taint [ 59.926544][ T6995] Kernel panic - not syncing: panic_on_warn set ... [ 59.933165][ T6995] CPU: 0 PID: 6995 Comm: syz-executor431 Tainted: G B 5.6.0-syzkaller #0 [ 59.942878][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.953141][ T6995] Call Trace: [ 59.956451][ T6995] dump_stack+0x188/0x20d [ 59.960905][ T6995] panic+0x2e3/0x75c [ 59.964782][ T6995] ? add_taint.cold+0x16/0x16 [ 59.969457][ T6995] ? preempt_schedule_common+0x5e/0xc0 [ 59.974921][ T6995] ? kvm_read_guest_page+0x4b5/0x4d0 [ 59.980246][ T6995] ? preempt_schedule_thunk+0x16/0x18 [ 59.985618][ T6995] ? trace_hardirqs_on+0x55/0x220 [ 59.990624][ T6995] ? kvm_read_guest_page+0x4b5/0x4d0 [ 59.995902][ T6995] end_report+0x43/0x49 [ 60.000057][ T6995] __kasan_report.cold+0xd/0x4d [ 60.004912][ T6995] ? kvm_read_guest_page+0x4b5/0x4d0 [ 60.010184][ T6995] ? kvm_read_guest_page+0x4b5/0x4d0 [ 60.015449][ T6995] kasan_report+0x33/0x50 [ 60.019781][ T6995] kvm_read_guest_page+0x4b5/0x4d0 [ 60.024879][ T6995] kvm_read_guest+0x51/0xd0 [ 60.029375][ T6995] kvm_set_msr_common+0xdf3/0x27c0 [ 60.034483][ T6995] ? get_kvmclock_ns+0x370/0x370 [ 60.039448][ T6995] vmx_set_msr+0xa83/0x26a0 [ 60.043971][ T6995] ? pt_update_intercept_for_msr+0x960/0x960 [ 60.049933][ T6995] ? lock_downgrade+0x840/0x840 [ 60.054770][ T6995] __kvm_set_msr+0x15f/0x2d0 [ 60.059352][ T6995] ? kvm_enable_efer_bits+0x20/0x20 [ 60.064527][ T6995] ? __might_fault+0x190/0x1d0 [ 60.069281][ T6995] ? _copy_from_user+0x13c/0x1a0 [ 60.074196][ T6995] ? do_get_msr+0x100/0x100 [ 60.078683][ T6995] msr_io+0x173/0x290 [ 60.082658][ T6995] ? emulator_write_std+0xb0/0xb0 [ 60.087663][ T6995] ? entry_SYSENTER_compat+0x70/0x7f [ 60.092956][ T6995] kvm_arch_vcpu_ioctl+0x1004/0x2c20 [ 60.098218][ T6995] ? kvm_arch_vcpu_ioctl+0xfb5/0x2c20 [ 60.103565][ T6995] ? kvm_arch_vcpu_put+0x530/0x530 [ 60.108669][ T6995] ? lock_acquire+0x1f2/0x8f0 [ 60.113343][ T6995] ? kvm_vcpu_ioctl+0x175/0xe60 [ 60.118180][ T6995] ? lock_release+0x800/0x800 [ 60.122854][ T6995] ? find_held_lock+0x2d/0x110 [ 60.127602][ T6995] ? __mutex_lock+0x458/0x13c0 [ 60.132345][ T6995] ? find_held_lock+0x2d/0x110 [ 60.137093][ T6995] ? kvm_vcpu_ioctl+0x175/0xe60 [ 60.142055][ T6995] ? tomoyo_path_number_perm+0x1ee/0x4d0 [ 60.147675][ T6995] ? mutex_trylock+0x2c0/0x2c0 [ 60.152421][ T6995] ? lock_downgrade+0x840/0x840 [ 60.157250][ T6995] ? quarantine_put+0x119/0x1c0 [ 60.162080][ T6995] ? kfree+0x1eb/0x2b0 [ 60.166125][ T6995] ? tomoyo_path_number_perm+0x411/0x4d0 [ 60.171742][ T6995] ? lockdep_hardirqs_on+0x463/0x620 [ 60.177005][ T6995] ? tomoyo_path_number_perm+0x238/0x4d0 [ 60.182624][ T6995] kvm_vcpu_ioctl+0x866/0xe60 [ 60.187285][ T6995] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 60.193703][ T6995] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 60.199636][ T6995] ? do_vfs_ioctl+0x50c/0x12d0 [ 60.204531][ T6995] ? ioctl_file_clone+0x180/0x180 [ 60.209552][ T6995] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 60.214851][ T6995] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.220819][ T6995] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 60.227085][ T6995] ? unlock_page_memcg+0x30/0x30 [ 60.232107][ T6995] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 60.236952][ T6995] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 60.242437][ T6995] do_fast_syscall_32+0x270/0xe90 [ 60.247542][ T6995] entry_SYSENTER_compat+0x70/0x7f [ 60.253904][ T6995] Kernel Offset: disabled [ 60.258270][ T6995] Rebooting in 86400 seconds..