L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
------------[ cut here ]------------
kernel BUG at arch/x86/kvm/mmu.c:3324!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9398 Comm: syz-executor266 Not tainted 5.4.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:transparent_hugepage_adjust+0x490/0x530 arch/x86/kvm/mmu.c:3324
Code: 63 00 48 8b 45 b8 48 83 e8 01 e9 19 fd ff ff e8 e6 3e 63 00 48 8b 45 b8 48 83 e8 01 48 89 45 c8 e9 a1 fd ff ff e8 d0 3e 63 00 <0f> 0b 48 89 df e8 36 a1 9e 00 e9 9f fb ff ff 4c 89 ff e8 29 a1 9e
RSP: 0018:ffff8880942f7690 EFLAGS: 00010293
RAX: ffff888093148500 RBX: ffff8880942f7778 RCX: ffffffff810fe787
RDX: 0000000000000000 RSI: ffffffff810fe8c0 RDI: 0000000000000007
RBP: ffff8880942f76d8 R08: ffff888093148500 R09: ffffed1014809682
R10: ffffed1014809681 R11: ffff8880a404b40b R12: ffff8880942f7768
R13: 00000000000001a3 R14: 000000000008aba1 R15: 0000000000000000
FS: 000000000202d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a9270000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
tdp_page_fault+0x56e/0x650 arch/x86/kvm/mmu.c:4216
kvm_mmu_page_fault+0x1dd/0x1800 arch/x86/kvm/mmu.c:5439
handle_ept_violation+0x259/0x560 arch/x86/kvm/vmx/vmx.c:5185
vmx_handle_exit+0x29f/0x1730 arch/x86/kvm/vmx/vmx.c:5929
vcpu_enter_guest arch/x86/kvm/x86.c:8227 [inline]
vcpu_run arch/x86/kvm/x86.c:8291 [inline]
kvm_arch_vcpu_ioctl_run+0x1cb8/0x70d0 arch/x86/kvm/x86.c:8498
kvm_vcpu_ioctl+0x4dc/0xfc0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2772
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:509 [inline]
do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
__do_sys_ioctl fs/ioctl.c:720 [inline]
__se_sys_ioctl fs/ioctl.c:718 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x443f49
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd76f8f418 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f49
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
RBP: 00000000006ce018 R08: 00000000004002e0 R09: 00000000004002e0
R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000401c50
R13: 0000000000401ce0 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace a620bbd2bf29c775 ]---
RIP: 0010:transparent_hugepage_adjust+0x490/0x530 arch/x86/kvm/mmu.c:3324
Code: 63 00 48 8b 45 b8 48 83 e8 01 e9 19 fd ff ff e8 e6 3e 63 00 48 8b 45 b8 48 83 e8 01 48 89 45 c8 e9 a1 fd ff ff e8 d0 3e 63 00 <0f> 0b 48 89 df e8 36 a1 9e 00 e9 9f fb ff ff 4c 89 ff e8 29 a1 9e
RSP: 0018:ffff8880942f7690 EFLAGS: 00010293
RAX: ffff888093148500 RBX: ffff8880942f7778 RCX: ffffffff810fe787
RDX: 0000000000000000 RSI: ffffffff810fe8c0 RDI: 0000000000000007
RBP: ffff8880942f76d8 R08: ffff888093148500 R09: ffffed1014809682
R10: ffffed1014809681 R11: ffff8880a404b40b R12: ffff8880942f7768
R13: 00000000000001a3 R14: 000000000008aba1 R15: 0000000000000000
FS: 000000000202d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a9270000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400