syzkaller login: [ 10.512366][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 10.512375][ T23] audit: type=1400 audit(1642877918.929:71): avc: denied { transition } for pid=288 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.518669][ T23] audit: type=1400 audit(1642877918.939:72): avc: denied { write } for pid=288 comm="sh" path="pipe:[11441]" dev="pipefs" ino=11441 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 10.655152][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 10.714823][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 11.253811][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! [ 11.256018][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! [ 11.258898][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 11.623848][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 11.632783][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. executing program [ 44.318935][ T23] audit: type=1400 audit(1642877952.739:73): avc: denied { execmem } for pid=365 comm="syz-executor686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.320507][ T367] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 44.338443][ T23] audit: type=1400 audit(1642877952.739:74): avc: denied { read } for pid=366 comm="syz-executor686" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 44.377324][ T23] audit: type=1400 audit(1642877952.739:75): avc: denied { open } for pid=366 comm="syz-executor686" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 executing program executing program [ 44.400608][ T23] audit: type=1400 audit(1642877952.739:76): avc: denied { ioctl } for pid=366 comm="syz-executor686" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 44.444170][ T23] audit: type=1400 audit(1642877952.869:77): avc: denied { write } for pid=372 comm="syz-executor686" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 46.933912][ T722] ------------[ cut here ]------------ [ 46.939503][ T722] WARNING: CPU: 1 PID: 722 at arch/x86/kvm/vmx/vmx.c:2615 vmx_free_vcpu+0x266/0x2b0 [ 46.949254][ T722] Modules linked in: [ 46.953166][ T722] CPU: 1 PID: 722 Comm: syz-executor686 Not tainted 5.10.93-syzkaller-01028-g0347b1658399 #0 [ 46.963364][ T722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.973471][ T722] RIP: 0010:vmx_free_vcpu+0x266/0x2b0 [ 46.978841][ T722] Code: 42 80 3c 20 00 74 08 48 89 df e8 45 c8 86 00 48 83 3b 00 75 10 e8 8a d3 4c 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7a d3 4c 00 <0f> 0b eb ec 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 2d fe ff ff 48 89 [ 46.998454][ T722] RSP: 0018:ffffc9000144f7a8 EFLAGS: 00010293 [ 47.004552][ T722] RAX: ffffffff81201806 RBX: ffff88810eb02418 RCX: ffff88810f730000 [ 47.012510][ T722] RDX: 0000000000000000 RSI: ffff8881f715ab88 RDI: ffffea00042a1748 [ 47.020495][ T722] RBP: ffffc9000144f7d0 R08: dffffc0000000000 R09: ffffed102150ba00 [ 47.028475][ T722] R10: ffffed102074f22f R11: 0000000000000000 R12: dffffc0000000000 [ 47.036447][ T722] R13: dffffc0000000000 R14: ffff88810a85d000 R15: 1ffff11021d60482 [ 47.044414][ T722] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 47.053332][ T722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.059915][ T722] CR2: 00007fdcd6d79328 CR3: 000000000640f000 CR4: 00000000003526a0 [ 47.067895][ T722] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.075870][ T722] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.083851][ T722] Call Trace: [ 47.087126][ T722] kvm_arch_vcpu_destroy+0xd8/0x2f0 [ 47.092297][ T722] kvm_vcpu_destroy+0x21/0xb0 [ 47.096985][ T722] kvm_arch_destroy_vm+0x40f/0x6c0 [ 47.102097][ T722] kvm_put_kvm+0x95a/0x10a0 [ 47.106615][ T722] kvm_vm_release+0x46/0x50 [ 47.111168][ T722] ? kvm_vm_compat_ioctl+0x520/0x520 [ 47.116447][ T722] __fput+0x348/0x7d0 [ 47.120412][ T722] ____fput+0x15/0x20 [ 47.124410][ T722] task_work_run+0x147/0x1b0 [ 47.129006][ T722] do_exit+0x70e/0x23a0 [ 47.133187][ T722] ? vmx_handle_exit+0x3b9/0xd20 [ 47.138130][ T722] ? vmx_prepare_switch_to_host+0x491/0x9d0 [ 47.144023][ T722] ? mm_update_next_owner+0x6e0/0x6e0 [ 47.149413][ T722] ? seg_setup+0x230/0x230 [ 47.153834][ T722] ? vmx_complete_nested_posted_interrupt+0x162/0x660 [ 47.160575][ T722] ? __kasan_check_write+0x14/0x20 [ 47.165685][ T722] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 47.170834][ T722] do_group_exit+0x16a/0x2d0 [ 47.175420][ T722] get_signal+0x131f/0x1f70 [ 47.179919][ T722] ? ptrace_notify+0x340/0x340 [ 47.184677][ T722] ? kvm_vcpu_ioctl+0xab9/0xd70 [ 47.189515][ T722] ? kvm_vm_ioctl_clear_dirty_log+0x6d0/0x6d0 [ 47.195577][ T722] arch_do_signal+0x8d/0x620 [ 47.200155][ T722] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 47.205617][ T722] ? debug_smp_processor_id+0x1c/0x20 [ 47.210975][ T722] exit_to_user_mode_prepare+0xaa/0xe0 [ 47.216435][ T722] syscall_exit_to_user_mode+0x24/0x40 [ 47.221881][ T722] do_syscall_64+0x3d/0x70 [ 47.226299][ T722] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.232202][ T722] RIP: 0033:0x7fdcd6d24729 [ 47.236621][ T722] Code: Unable to access opcode bytes at RIP 0x7fdcd6d246ff. [ 47.244032][ T722] RSP: 002b:00007fdcd6cd4308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 47.252438][ T722] RAX: fffffffffffffe00 RBX: 00007fdcd6dad408 RCX: 00007fdcd6d24729 [ 47.260407][ T722] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdcd6dad408 [ 47.268381][ T722] RBP: 00007fdcd6dad400 R08: 0000000000000000 R09: 0000000000000000 [ 47.276352][ T722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcd6dad40c [ 47.284416][ T722] R13: 00007fdcd6d7a0b8 R14: 6d766b2f7665642f R15: 0000000000022000 [ 47.292380][ T722] ---[ end trace 2295e30337d94a30 ]--- [ 47.299290][ T722] ================================================================== [ 47.307399][ T722] BUG: KASAN: use-after-free in hardware_disable+0x10f/0x250 [ 47.314786][ T722] Read of size 8 at addr ffff88810eb028f8 by task syz-executor686/722 [ 47.322949][ T722] [ 47.325257][ T722] CPU: 0 PID: 722 Comm: syz-executor686 Tainted: G W 5.10.93-syzkaller-01028-g0347b1658399 #0 [ 47.336756][ T722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.346782][ T722] Call Trace: [ 47.350052][ T722] dump_stack_lvl+0x1e2/0x24b [ 47.354745][ T722] ? show_regs_print_info+0x18/0x18 [ 47.359912][ T722] ? devkmsg_release+0x127/0x127 [ 47.364823][ T722] print_address_description+0x8d/0x3d0 [ 47.370336][ T722] __kasan_report+0x142/0x220 [ 47.374988][ T722] ? hardware_disable+0x10f/0x250 [ 47.379983][ T722] kasan_report+0x51/0x70 [ 47.384300][ T722] __asan_report_load8_noabort+0x14/0x20 [ 47.389903][ T722] hardware_disable+0x10f/0x250 [ 47.394724][ T722] ? smp_call_function_many_cond+0x945/0xa20 [ 47.400671][ T722] ? hardware_enable+0x260/0x260 [ 47.405577][ T722] ? mutex_lock+0xa6/0x110 [ 47.409961][ T722] ? __kasan_check_write+0x14/0x20 [ 47.415059][ T722] ? kvm_exit+0x80/0x80 [ 47.419188][ T722] kvm_arch_hardware_disable+0x16/0xe0 [ 47.424614][ T722] ? kvm_exit+0x80/0x80 [ 47.428754][ T722] hardware_disable_nolock+0x77/0x80 [ 47.434011][ T722] on_each_cpu+0x117/0x1a0 [ 47.438410][ T722] ? __kasan_check_write+0x14/0x20 [ 47.443496][ T722] ? _raw_spin_lock+0xa3/0x1b0 [ 47.448246][ T722] ? smp_call_function+0x90/0x90 [ 47.453152][ T722] ? cpus_read_unlock+0x59/0x90 [ 47.457973][ T722] ? __static_key_slow_dec+0xab/0x150 [ 47.463316][ T722] kvm_put_kvm+0xf72/0x10a0 [ 47.467787][ T722] kvm_vm_release+0x46/0x50 [ 47.472261][ T722] ? kvm_vm_compat_ioctl+0x520/0x520 [ 47.477532][ T722] __fput+0x348/0x7d0 [ 47.481485][ T722] ____fput+0x15/0x20 [ 47.485438][ T722] task_work_run+0x147/0x1b0 [ 47.490002][ T722] do_exit+0x70e/0x23a0 [ 47.494128][ T722] ? vmx_handle_exit+0x3b9/0xd20 [ 47.499038][ T722] ? vmx_prepare_switch_to_host+0x491/0x9d0 [ 47.504901][ T722] ? mm_update_next_owner+0x6e0/0x6e0 [ 47.510240][ T722] ? seg_setup+0x230/0x230 [ 47.514625][ T722] ? vmx_complete_nested_posted_interrupt+0x162/0x660 [ 47.521368][ T722] ? __kasan_check_write+0x14/0x20 [ 47.526469][ T722] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 47.531566][ T722] do_group_exit+0x16a/0x2d0 [ 47.536141][ T722] get_signal+0x131f/0x1f70 [ 47.540614][ T722] ? ptrace_notify+0x340/0x340 [ 47.545361][ T722] ? kvm_vcpu_ioctl+0xab9/0xd70 [ 47.550196][ T722] ? kvm_vm_ioctl_clear_dirty_log+0x6d0/0x6d0 [ 47.556249][ T722] arch_do_signal+0x8d/0x620 [ 47.560812][ T722] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 47.566239][ T722] ? debug_smp_processor_id+0x1c/0x20 [ 47.571597][ T722] exit_to_user_mode_prepare+0xaa/0xe0 [ 47.577027][ T722] syscall_exit_to_user_mode+0x24/0x40 [ 47.582456][ T722] do_syscall_64+0x3d/0x70 [ 47.586845][ T722] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.592723][ T722] RIP: 0033:0x7fdcd6d24729 [ 47.597107][ T722] Code: Unable to access opcode bytes at RIP 0x7fdcd6d246ff. [ 47.604442][ T722] RSP: 002b:00007fdcd6cd4308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 47.612824][ T722] RAX: fffffffffffffe00 RBX: 00007fdcd6dad408 RCX: 00007fdcd6d24729 [ 47.620767][ T722] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdcd6dad408 [ 47.628723][ T722] RBP: 00007fdcd6dad400 R08: 0000000000000000 R09: 0000000000000000 [ 47.636775][ T722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcd6dad40c [ 47.644728][ T722] R13: 00007fdcd6d7a0b8 R14: 6d766b2f7665642f R15: 0000000000022000 [ 47.652698][ T722] [ 47.654999][ T722] Allocated by task 722: [ 47.659230][ T722] __kasan_slab_alloc+0xb2/0xe0 [ 47.664048][ T722] kmem_cache_alloc+0x1a2/0x380 [ 47.668871][ T722] kvm_vm_ioctl+0xd78/0x1fa0 [ 47.673433][ T722] __se_sys_ioctl+0x115/0x190 [ 47.678077][ T722] __x64_sys_ioctl+0x7b/0x90 [ 47.682635][ T722] do_syscall_64+0x31/0x70 [ 47.687171][ T722] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.693041][ T722] [ 47.695355][ T722] Freed by task 722: [ 47.699222][ T722] kasan_set_track+0x4c/0x80 [ 47.703784][ T722] kasan_set_free_info+0x23/0x40 [ 47.708693][ T722] ____kasan_slab_free+0x133/0x170 [ 47.713789][ T722] __kasan_slab_free+0x11/0x20 [ 47.718523][ T722] slab_free_freelist_hook+0xcc/0x1a0 [ 47.723875][ T722] kmem_cache_free+0xb5/0x1f0 [ 47.728529][ T722] kvm_vcpu_destroy+0x7e/0xb0 [ 47.733196][ T722] kvm_arch_destroy_vm+0x40f/0x6c0 [ 47.738274][ T722] kvm_put_kvm+0x95a/0x10a0 [ 47.742746][ T722] kvm_vm_release+0x46/0x50 [ 47.747845][ T722] __fput+0x348/0x7d0 [ 47.751799][ T722] ____fput+0x15/0x20 [ 47.755749][ T722] task_work_run+0x147/0x1b0 [ 47.760311][ T722] do_exit+0x70e/0x23a0 [ 47.764437][ T722] do_group_exit+0x16a/0x2d0 [ 47.769013][ T722] get_signal+0x131f/0x1f70 [ 47.773486][ T722] arch_do_signal+0x8d/0x620 [ 47.778046][ T722] exit_to_user_mode_prepare+0xaa/0xe0 [ 47.783473][ T722] syscall_exit_to_user_mode+0x24/0x40 [ 47.788903][ T722] do_syscall_64+0x3d/0x70 [ 47.793291][ T722] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.799167][ T722] [ 47.801468][ T722] The buggy address belongs to the object at ffff88810eb00000 [ 47.801468][ T722] which belongs to the cache kvm_vcpu of size 11328 [ 47.815400][ T722] The buggy address is located 10488 bytes inside of [ 47.815400][ T722] 11328-byte region [ffff88810eb00000, ffff88810eb02c40) [ 47.828982][ T722] The buggy address belongs to the page: [ 47.834588][ T722] page:ffffea00043ac000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10eb00 [ 47.844802][ T722] head:ffffea00043ac000 order:2 compound_mapcount:0 compound_pincount:0 [ 47.853101][ T722] flags: 0x8000000000010200(slab|head) [ 47.858532][ T722] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881047b4480 [ 47.867086][ T722] raw: 0000000000000000 0000000080010001 00000001ffffffff 0000000000000000 [ 47.875646][ T722] page dumped because: kasan: bad access detected [ 47.882029][ T722] page_owner tracks the page as allocated [ 47.887722][ T722] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 722, ts 46910148457, free_ts 46760683630 [ 47.904611][ T722] get_page_from_freelist+0xa74/0xa90 [ 47.909958][ T722] __alloc_pages_nodemask+0x3c8/0x820 [ 47.915297][ T722] allocate_slab+0x6b/0x350 [ 47.919770][ T722] ___slab_alloc+0x143/0x2f0 [ 47.924341][ T722] kmem_cache_alloc+0x26f/0x380 [ 47.929162][ T722] kvm_vm_ioctl+0xd78/0x1fa0 [ 47.933736][ T722] __se_sys_ioctl+0x115/0x190 [ 47.938379][ T722] __x64_sys_ioctl+0x7b/0x90 [ 47.942941][ T722] do_syscall_64+0x31/0x70 [ 47.947326][ T722] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.953184][ T722] page last free stack trace: [ 47.957851][ T722] __free_pages_ok+0xbe7/0xc20 [ 47.962594][ T722] __free_pages+0x2d6/0x4a0 [ 47.967077][ T722] __free_slab+0xdf/0x1a0 [ 47.971380][ T722] unfreeze_partials+0x17d/0x1b0 [ 47.976291][ T722] put_cpu_partial+0xc8/0x190 [ 47.980941][ T722] __slab_free+0x2eb/0x4e0 [ 47.985330][ T722] ___cache_free+0x131/0x150 [ 47.989891][ T722] qlink_free+0x38/0x40 [ 47.994026][ T722] kasan_quarantine_reduce+0x178/0x1d0 [ 47.999494][ T722] __kasan_slab_alloc+0x2f/0xe0 [ 48.004313][ T722] kmem_cache_alloc+0x1a2/0x380 [ 48.009136][ T722] getname_flags+0xba/0x650 [ 48.013606][ T722] user_path_at_empty+0x2d/0x50 [ 48.018426][ T722] do_utimes+0x116/0x260 [ 48.022639][ T722] __x64_sys_utimensat+0x150/0x250 [ 48.027720][ T722] do_syscall_64+0x31/0x70 [ 48.032103][ T722] [ 48.034399][ T722] Memory state around the buggy address: [ 48.040001][ T722] ffff88810eb02780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.048044][ T722] ffff88810eb02800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.056080][ T722] >ffff88810eb02880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.064106][ T722] ^ [ 48.072070][ T722] ffff88810eb02900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.080099][ T722] ffff88810eb02980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program executing program [ 48.088126][ T722] ================================================================== [ 48.096159][ T722] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 49.644241][ T938] ------------[ cut here ]------------ [ 49.649772][ T938] WARNING: CPU: 1 PID: 938 at arch/x86/kvm/vmx/vmx.c:2615 vmx_free_vcpu+0x266/0x2b0 [ 49.659284][ T938] Modules linked in: [ 49.663178][ T938] CPU: 0 PID: 938 Comm: syz-executor686 Tainted: G B W 5.10.93-syzkaller-01028-g0347b1658399 #0 [ 49.674803][ T938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.684922][ T938] RIP: 0010:vmx_free_vcpu+0x266/0x2b0 [ 49.690305][ T938] Code: 42 80 3c 20 00 74 08 48 89 df e8 45 c8 86 00 48 83 3b 00 75 10 e8 8a d3 4c 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7a d3 4c 00 <0f> 0b eb ec 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 2d fe ff ff 48 89 [ 49.709967][ T938] RSP: 0018:ffffc9000187f7a8 EFLAGS: 00010293 [ 49.716077][ T938] RAX: ffffffff81201806 RBX: ffff8881123de418 RCX: ffff888112720000 [ 49.724074][ T938] RDX: 0000000000000000 RSI: ffff8881f715ab88 RDI: ffffea0004416b88 [ 49.732051][ T938] RBP: ffffc9000187f7d0 R08: dffffc0000000000 R09: ffffed10220b5c00 [ 49.740042][ T938] R10: ffffed1020782215 R11: 0000000000000000 R12: dffffc0000000000 [ 49.748028][ T938] R13: dffffc0000000000 R14: ffff8881105ae000 R15: 1ffff1102247bc82 [ 49.756014][ T938] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 49.764937][ T938] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.771513][ T938] CR2: 00007fdcd6d79328 CR3: 0000000106d89000 CR4: 00000000003526a0 [ 49.779493][ T938] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.787495][ T938] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.795467][ T938] Call Trace: [ 49.798756][ T938] kvm_arch_vcpu_destroy+0xd8/0x2f0 [ 49.803954][ T938] kvm_vcpu_destroy+0x21/0xb0 [ 49.808616][ T938] kvm_arch_destroy_vm+0x40f/0x6c0 [ 49.813706][ T938] kvm_put_kvm+0x95a/0x10a0 [ 49.818209][ T938] kvm_vm_release+0x46/0x50 [ 49.822703][ T938] ? kvm_vm_compat_ioctl+0x520/0x520 [ 49.827983][ T938] __fput+0x348/0x7d0 [ 49.831946][ T938] ____fput+0x15/0x20 [ 49.835930][ T938] task_work_run+0x147/0x1b0 [ 49.840509][ T938] do_exit+0x70e/0x23a0 [ 49.844663][ T938] ? __this_cpu_preempt_check+0x1c/0x20 [ 49.850203][ T938] ? mm_update_next_owner+0x6e0/0x6e0 [ 49.855572][ T938] ? seg_setup+0x230/0x230 [ 49.859974][ T938] ? __schedule+0x94c/0xda0 [ 49.864580][ T938] ? _raw_spin_lock_irq+0x137/0x1b0 [ 49.869808][ T938] do_group_exit+0x16a/0x2d0 [ 49.874459][ T938] get_signal+0x131f/0x1f70 [ 49.878976][ T938] ? ptrace_notify+0x340/0x340 [ 49.883743][ T938] ? kvm_vcpu_ioctl+0xab9/0xd70 [ 49.888639][ T938] ? kvm_vm_ioctl_clear_dirty_log+0x6d0/0x6d0 [ 49.894734][ T938] arch_do_signal+0x8d/0x620 [ 49.899335][ T938] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 49.904826][ T938] ? debug_smp_processor_id+0x1c/0x20 [ 49.910223][ T938] exit_to_user_mode_prepare+0xaa/0xe0 [ 49.915699][ T938] syscall_exit_to_user_mode+0x24/0x40 [ 49.921182][ T938] do_syscall_64+0x3d/0x70 [ 49.925612][ T938] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.931516][ T938] RIP: 0033:0x7fdcd6d24729 [ 49.935943][ T938] Code: Unable to access opcode bytes at RIP 0x7fdcd6d246ff. [ 49.943318][ T938] RSP: 002b:00007fdcd6cd4308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 49.951755][ T938] RAX: fffffffffffffe00 RBX: 00007fdcd6dad408 RCX: 00007fdcd6d24729 [ 49.959770][ T938] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdcd6dad408 [ 49.967781][ T938] RBP: 00007fdcd6dad400 R08: 0000000000000000 R09: 0000000000000000 [ 49.975814][ T938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcd6dad40c [ 49.983894][ T938] R13: 00007fdcd6d7a0b8 R14: 6d766b2f7665642f R15: 0000000000022000 executing program executing program [ 49.991852][ T938] ---[ end trace 2295e30337d94a31 ]--- executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 53.905616][ T1504] ------------[ cut here ]------------ [ 53.911203][ T1504] WARNING: CPU: 1 PID: 1504 at arch/x86/kvm/vmx/vmx.c:2615 vmx_free_vcpu+0x266/0x2b0 [ 53.920966][ T1504] Modules linked in: [ 53.924942][ T1504] CPU: 1 PID: 1504 Comm: syz-executor686 Tainted: G B W 5.10.93-syzkaller-01028-g0347b1658399 #0 [ 53.936567][ T1504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.946640][ T1504] RIP: 0010:vmx_free_vcpu+0x266/0x2b0 [ 53.952006][ T1504] Code: 42 80 3c 20 00 74 08 48 89 df e8 45 c8 86 00 48 83 3b 00 75 10 e8 8a d3 4c 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7a d3 4c 00 <0f> 0b eb ec 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 2d fe ff ff 48 89 [ 53.971629][ T1504] RSP: 0018:ffffc900026377a8 EFLAGS: 00010293 [ 53.977707][ T1504] RAX: ffffffff81201806 RBX: ffff888116fb6418 RCX: ffff88811c403b40 [ 53.985690][ T1504] RDX: 0000000000000000 RSI: ffff8881f715ab88 RDI: ffffea000471fe88 [ 53.993792][ T1504] RBP: ffffc900026377d0 R08: dffffc0000000000 R09: ffffed10238ff400 [ 54.001784][ T1504] R10: ffffed10207dafdd R11: 0000000000000000 R12: dffffc0000000000 [ 54.009761][ T1504] R13: dffffc0000000000 R14: ffff88811c7fa000 R15: 1ffff11022df6c82 [ 54.017784][ T1504] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 54.026709][ T1504] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.033332][ T1504] CR2: 00007fdcd6d79328 CR3: 000000010c586000 CR4: 00000000003526a0 [ 54.041310][ T1504] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.049294][ T1504] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.057271][ T1504] Call Trace: [ 54.060546][ T1504] kvm_arch_vcpu_destroy+0xd8/0x2f0 [ 54.065836][ T1504] kvm_vcpu_destroy+0x21/0xb0 [ 54.070499][ T1504] kvm_arch_destroy_vm+0x40f/0x6c0 [ 54.075607][ T1504] kvm_put_kvm+0x95a/0x10a0 [ 54.080100][ T1504] kvm_vm_release+0x46/0x50 [ 54.084607][ T1504] ? kvm_vm_compat_ioctl+0x520/0x520 [ 54.089878][ T1504] __fput+0x348/0x7d0 [ 54.093861][ T1504] ____fput+0x15/0x20 [ 54.097832][ T1504] task_work_run+0x147/0x1b0 [ 54.102396][ T1504] do_exit+0x70e/0x23a0 [ 54.106553][ T1504] ? __this_cpu_preempt_check+0x1c/0x20 [ 54.112099][ T1504] ? mm_update_next_owner+0x6e0/0x6e0 [ 54.117473][ T1504] ? _raw_spin_lock_irq+0x137/0x1b0 [ 54.122675][ T1504] do_group_exit+0x16a/0x2d0 [ 54.127266][ T1504] get_signal+0x131f/0x1f70 [ 54.131766][ T1504] ? ptrace_notify+0x340/0x340 [ 54.136528][ T1504] ? kvm_vcpu_ioctl+0xab9/0xd70 [ 54.141381][ T1504] ? kvm_vm_ioctl_clear_dirty_log+0x6d0/0x6d0 [ 54.147459][ T1504] arch_do_signal+0x8d/0x620 [ 54.152037][ T1504] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 54.157493][ T1504] exit_to_user_mode_prepare+0xaa/0xe0 [ 54.162941][ T1504] syscall_exit_to_user_mode+0x24/0x40 [ 54.168487][ T1504] do_syscall_64+0x3d/0x70 [ 54.172891][ T1504] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.178779][ T1504] RIP: 0033:0x7fdcd6d24729 [ 54.183286][ T1504] Code: Unable to access opcode bytes at RIP 0x7fdcd6d246ff. [ 54.190663][ T1504] RSP: 002b:00007fdcd6cb3308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 54.199074][ T1504] RAX: fffffffffffffe00 RBX: 00007fdcd6dad418 RCX: 00007fdcd6d24729 executing program executing program executing program [ 54.207038][ T1504] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdcd6dad418 [ 54.215005][ T1504] RBP: 00007fdcd6dad410 R08: 0000000000000000 R09: 0000000000000000 [ 54.222958][ T1504] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcd6dad41c [ 54.230945][ T1504] R13: 00007fdcd6d7a0b8 R14: 6d766b2f7665642f R15: 0000000000022000 [ 54.238923][ T1504] ---[ end trace 2295e30337d94a32 ]--- executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 55.052892][ T1620] ------------[ cut here ]------------ [ 55.058456][ T1620] WARNING: CPU: 0 PID: 1620 at arch/x86/kvm/vmx/vmx.c:2615 vmx_free_vcpu+0x266/0x2b0 [ 55.068030][ T1620] Modules linked in: [ 55.072196][ T1620] CPU: 0 PID: 1620 Comm: syz-executor686 Tainted: G B W 5.10.93-syzkaller-01028-g0347b1658399 #0 [ 55.084217][ T1620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.094511][ T1620] RIP: 0010:vmx_free_vcpu+0x266/0x2b0 [ 55.099861][ T1620] Code: 42 80 3c 20 00 74 08 48 89 df e8 45 c8 86 00 48 83 3b 00 75 10 e8 8a d3 4c 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7a d3 4c 00 <0f> 0b eb ec 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 2d fe ff ff 48 89 [ 55.119874][ T1620] RSP: 0018:ffffc9000285f7a8 EFLAGS: 00010293 [ 55.126092][ T1620] RAX: ffffffff81201806 RBX: ffff88811d4c6418 RCX: ffff888106582780 [ 55.134063][ T1620] RDX: 0000000000000000 RSI: ffff8881f705ab88 RDI: ffffea0004734a08 [ 55.142017][ T1620] RBP: ffffc9000285f7d0 R08: dffffc0000000000 R09: ffffed10239a5000 [ 55.149987][ T1620] R10: ffffed10207dcef1 R11: 0000000000000000 R12: dffffc0000000000 [ 55.157959][ T1620] R13: dffffc0000000000 R14: ffff88811cd28000 R15: 1ffff11023a98c82 [ 55.165929][ T1620] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 55.174929][ T1620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.181524][ T1620] CR2: 0000000000000000 CR3: 0000000106d89000 CR4: 00000000003526b0 [ 55.189495][ T1620] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.197466][ T1620] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.205430][ T1620] Call Trace: [ 55.208705][ T1620] kvm_arch_vcpu_destroy+0xd8/0x2f0 [ 55.213901][ T1620] kvm_vcpu_destroy+0x21/0xb0 [ 55.218616][ T1620] kvm_arch_destroy_vm+0x40f/0x6c0 [ 55.223702][ T1620] kvm_put_kvm+0x95a/0x10a0 [ 55.228206][ T1620] kvm_vm_release+0x46/0x50 [ 55.232690][ T1620] ? kvm_vm_compat_ioctl+0x520/0x520 [ 55.237978][ T1620] __fput+0x348/0x7d0 [ 55.241947][ T1620] ____fput+0x15/0x20 [ 55.245968][ T1620] task_work_run+0x147/0x1b0 [ 55.250796][ T1620] do_exit+0x70e/0x23a0 [ 55.256462][ T1620] ? __this_cpu_preempt_check+0x1c/0x20 [ 55.261995][ T1620] ? mm_update_next_owner+0x6e0/0x6e0 [ 55.267365][ T1620] ? _raw_spin_lock_irq+0x137/0x1b0 [ 55.272543][ T1620] do_group_exit+0x16a/0x2d0 [ 55.277134][ T1620] get_signal+0x131f/0x1f70 [ 55.281626][ T1620] ? ptrace_notify+0x340/0x340 [ 55.286390][ T1620] ? kvm_vcpu_ioctl+0xab9/0xd70 [ 55.291237][ T1620] ? kvm_vm_ioctl_clear_dirty_log+0x6d0/0x6d0 [ 55.297307][ T1620] arch_do_signal+0x8d/0x620 [ 55.301885][ T1620] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 55.307341][ T1620] exit_to_user_mode_prepare+0xaa/0xe0 [ 55.312788][ T1620] syscall_exit_to_user_mode+0x24/0x40 [ 55.318245][ T1620] do_syscall_64+0x3d/0x70 [ 55.322644][ T1620] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.328529][ T1620] RIP: 0033:0x7fdcd6d24729 [ 55.332923][ T1620] Code: Unable to access opcode bytes at RIP 0x7fdcd6d246ff. [ 55.340285][ T1620] RSP: 002b:00007fdcd6cb3308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca executing program executing program [ 55.348700][ T1620] RAX: fffffffffffffe00 RBX: 00007fdcd6dad418 RCX: 00007fdcd6d24729 [ 55.356673][ T1620] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdcd6dad418 [ 55.364647][ T1620] RBP: 00007fdcd6dad410 R08: 0000000000000000 R09: 0000000000000000 [ 55.372595][ T1620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcd6dad41c [ 55.380569][ T1620] R13: 00007fdcd6d7a0b8 R14: 6d766b2f7665642f R15: 0000000000022000 [ 55.388560][ T1620] ---[ end trace 2295e30337d94a33 ]--- executing program executing program executing program executing program [ 55.557923][ T1644] ------------[ cut here ]------------ [ 55.563398][ T1644] WARNING: CPU: 0 PID: 1644 at arch/x86/kvm/vmx/vmx.c:2615 vmx_free_vcpu+0x266/0x2b0 [ 55.572939][ T1644] Modules linked in: [ 55.576876][ T1644] CPU: 0 PID: 1644 Comm: syz-executor686 Tainted: G B W 5.10.93-syzkaller-01028-g0347b1658399 #0 [ 55.588565][ T1644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.598666][ T1644] RIP: 0010:vmx_free_vcpu+0x266/0x2b0 [ 55.604055][ T1644] Code: 42 80 3c 20 00 74 08 48 89 df e8 45 c8 86 00 48 83 3b 00 75 10 e8 8a d3 4c 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7a d3 4c 00 <0f> 0b eb ec 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 2d fe ff ff 48 89 [ 55.623669][ T1644] RSP: 0018:ffffc900029277a8 EFLAGS: 00010293 [ 55.629757][ T1644] RAX: ffffffff81201806 RBX: ffff88810a32e418 RCX: ffff88811d532780 [ 55.637737][ T1644] RDX: 0000000000000000 RSI: ffff8881f705ab88 RDI: ffffea0004734188 [ 55.645740][ T1644] RBP: ffffc900029277d0 R08: dffffc0000000000 R09: ffffed10239a0c00 [ 55.653709][ T1644] R10: ffffed10207dce25 R11: 0000000000000000 R12: dffffc0000000000 [ 55.661705][ T1644] R13: dffffc0000000000 R14: ffff88811cd06000 R15: 1ffff11021465c82 [ 55.669690][ T1644] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 55.678634][ T1644] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.685217][ T1644] CR2: 00007fdcd6d79328 CR3: 000000000640f000 CR4: 00000000003526b0 [ 55.693342][ T1644] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.701319][ T1644] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.709292][ T1644] Call Trace: [ 55.712560][ T1644] kvm_arch_vcpu_destroy+0xd8/0x2f0 [ 55.717759][ T1644] kvm_vcpu_destroy+0x21/0xb0 [ 55.722427][ T1644] kvm_arch_destroy_vm+0x40f/0x6c0 [ 55.727558][ T1644] kvm_put_kvm+0x95a/0x10a0 [ 55.732048][ T1644] kvm_vm_release+0x46/0x50 [ 55.736563][ T1644] ? kvm_vm_compat_ioctl+0x520/0x520 [ 55.741890][ T1644] __fput+0x348/0x7d0 [ 55.745878][ T1644] ____fput+0x15/0x20 [ 55.749849][ T1644] task_work_run+0x147/0x1b0 [ 55.754460][ T1644] do_exit+0x70e/0x23a0 [ 55.758596][ T1644] ? mm_update_next_owner+0x6e0/0x6e0 [ 55.763988][ T1644] ? __kasan_check_write+0x14/0x20 [ 55.769087][ T1644] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 55.774222][ T1644] do_group_exit+0x16a/0x2d0 [ 55.778797][ T1644] get_signal+0x131f/0x1f70 [ 55.783272][ T1644] ? ptrace_notify+0x340/0x340 [ 55.788035][ T1644] ? kvm_vcpu_ioctl+0xab9/0xd70 [ 55.792872][ T1644] ? kvm_vm_ioctl_clear_dirty_log+0x6d0/0x6d0 [ 55.798938][ T1644] arch_do_signal+0x8d/0x620 [ 55.803516][ T1644] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 55.808983][ T1644] ? debug_smp_processor_id+0x1c/0x20 [ 55.814352][ T1644] exit_to_user_mode_prepare+0xaa/0xe0 [ 55.819792][ T1644] syscall_exit_to_user_mode+0x24/0x40 [ 55.825270][ T1644] do_syscall_64+0x3d/0x70 [ 55.829843][ T1644] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.835748][ T1644] RIP: 0033:0x7fdcd6d24729 [ 55.840145][ T1644] Code: Unable to access opcode bytes at RIP 0x7fdcd6d246ff. [ 55.847516][ T1644] RSP: 002b:00007fdcd6cb3308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca executing program executing program [ 55.855938][ T1644] RAX: fffffffffffffe00 RBX: 00007fdcd6dad418 RCX: 00007fdcd6d24729 [ 55.863960][ T1644] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdcd6dad418 [ 55.871941][ T1644] RBP: 00007fdcd6dad410 R08: 0000000000000000 R09: 0000000000000000 [ 55.879931][ T1644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcd6dad41c [ 55.887917][ T1644] R13: 00007fdcd6d7a0b8 R14: 6d766b2f7665642f R15: 0000000000022000 [ 55.895901][ T1644] ---[ end trace 2295e30337d94a34 ]--- executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program