Warning: Permanently added '10.128.1.27' (ECDSA) to the list of known hosts.
executing program
[   58.483272][ T6845] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   58.529203][ T6845] ==================================================================
[   58.537361][ T6845] BUG: KASAN: use-after-free in paging32_walk_addr_generic+0x155d/0x1980
[   58.545753][ T6845] Write of size 4 at addr ffff888000105000 by task syz-executor711/6845
[   58.554049][ T6845] 
[   58.556409][ T6845] CPU: 1 PID: 6845 Comm: syz-executor711 Not tainted 5.9.0-rc1-syzkaller #0
[   58.565570][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.575615][ T6845] Call Trace:
[   58.578982][ T6845]  dump_stack+0x18f/0x20d
[   58.583288][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.590060][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.596121][ T6845]  print_address_description.constprop.0.cold+0xae/0x497
[   58.603209][ T6845]  ? region_intersects+0x257/0x2e0
[   58.608299][ T6845]  ? vprintk_func+0x97/0x1a6
[   58.612865][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.618925][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.624975][ T6845]  kasan_report.cold+0x1f/0x37
[   58.629720][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   58.635765][ T6845]  check_memory_region+0x13d/0x180
[   58.640853][ T6845]  paging32_walk_addr_generic+0x155d/0x1980
[   58.646745][ T6845]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   58.651571][ T6845]  ? lock_acquire+0x1f1/0xad0
[   58.656238][ T6845]  ? __might_fault+0xef/0x1d0
[   58.660909][ T6845]  ? find_held_lock+0x2d/0x110
[   58.665651][ T6845]  paging32_gva_to_gpa+0xb2/0x1d0
[   58.670653][ T6845]  ? paging32_walk_addr_generic+0x1980/0x1980
[   58.676787][ T6845]  ? vmx_read_guest_seg_ar+0x7a/0x160
[   58.682134][ T6845]  ? __virt_addr_valid+0x1fe/0x2b0
[   58.687232][ T6845]  ? __phys_addr+0x9a/0x110
[   58.691731][ T6845]  ? __phys_addr_symbol+0x2c/0x70
[   58.696734][ T6845]  ? __check_object_size+0x171/0x3e4
[   58.702032][ T6845]  ? __kvm_read_guest_page+0x138/0x170
[   58.707485][ T6845]  ? vmx_segment_cache_test_set+0xc3/0x170
[   58.713284][ T6845]  ? lock_is_held_type+0xbb/0xf0
[   58.718214][ T6845]  emulator_read_write_onepage+0x2f3/0xa70
[   58.723995][ T6845]  ? em_ltr+0xf0/0xf0
[   58.727954][ T6845]  emulator_read_write+0x1c4/0x5a0
[   58.733055][ T6845]  ? decode_operand+0xb7/0x30a0
[   58.737880][ T6845]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   58.743747][ T6845]  emulator_fix_hypercall+0x132/0x190
[   58.749095][ T6845]  ? trace_event_raw_event_kvm_pio+0x490/0x490
[   58.755226][ T6845]  ? em_clts+0x100/0x100
[   58.759442][ T6845]  em_hypercall+0x5d/0x130
[   58.763834][ T6845]  x86_emulate_insn+0x5e8/0x3d20
[   58.768748][ T6845]  ? kvm_put_guest_fpu+0x4c0/0x4c0
[   58.773833][ T6845]  ? init_decode_cache+0xb0/0xb0
[   58.778749][ T6845]  ? lock_is_held_type+0xbb/0xf0
[   58.783665][ T6845]  x86_emulate_instruction+0x752/0x1e00
[   58.789206][ T6845]  handle_ud+0xa8/0x240
[   58.793350][ T6845]  ? kvm_emulate_instruction+0x30/0x30
[   58.798787][ T6845]  ? lock_acquire+0x1f1/0xad0
[   58.803447][ T6845]  ? vcpu_enter_guest+0x1371/0x3b60
[   58.808631][ T6845]  ? vmx_skip_emulated_instruction+0x250/0x250
[   58.814759][ T6845]  handle_exception_nmi+0xaf7/0x1270
[   58.820022][ T6845]  ? vmx_skip_emulated_instruction+0x250/0x250
[   58.826234][ T6845]  vmx_handle_exit+0x293/0x14c0
[   58.831068][ T6845]  vcpu_enter_guest+0x14d6/0x3b60
[   58.836083][ T6845]  ? kvm_vcpu_reload_apic_access_page+0x80/0x80
[   58.842297][ T6845]  ? lock_release+0x8e0/0x8e0
[   58.846958][ T6845]  ? mark_held_locks+0x9f/0xe0
[   58.851700][ T6845]  ? __local_bh_enable_ip+0xd1/0x190
[   58.857019][ T6845]  ? lock_is_held_type+0xbb/0xf0
[   58.862001][ T6845]  ? kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   58.867707][ T6845]  kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   58.873242][ T6845]  kvm_vcpu_ioctl+0x467/0xdf0
[   58.877899][ T6845]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   58.883691][ T6845]  ? generic_block_fiemap+0x60/0x60
[   58.888867][ T6845]  ? __up_read+0x1a1/0x7b0
[   58.893261][ T6845]  ? _down_write_nest_lock+0x150/0x150
[   58.898696][ T6845]  ? vmacache_update+0xce/0x140
[   58.903564][ T6845]  ? bpf_lsm_file_ioctl+0x5/0x10
[   58.908528][ T6845]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   58.914314][ T6845]  __x64_sys_ioctl+0x193/0x200
[   58.919062][ T6845]  do_syscall_64+0x2d/0x70
[   58.923457][ T6845]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.929525][ T6845] RIP: 0033:0x443639
[   58.933414][ T6845] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0b fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   58.953085][ T6845] RSP: 002b:00007ffeb5160548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   58.961493][ T6845] RAX: ffffffffffffffda RBX: 00007ffeb5160550 RCX: 0000000000443639
[   58.969454][ T6845] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   58.977494][ T6845] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000004011b0
[   58.985587][ T6845] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000404660
[   58.993643][ T6845] R13: 00000000004046f0 R14: 0000000000000000 R15: 0000000000000000
[   59.001606][ T6845] 
[   59.003927][ T6845] The buggy address belongs to the page:
[   59.009577][ T6845] page:00000000e4efb04a refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105
[   59.019525][ T6845] flags: 0x7ffe0000000000()
[   59.024006][ T6845] raw: 007ffe0000000000 ffffea0000004148 ffffea0000004148 0000000000000000
[   59.032568][ T6845] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   59.041130][ T6845] page dumped because: kasan: bad access detected
[   59.047516][ T6845] 
[   59.049851][ T6845] Memory state around the buggy address:
[   59.055457][ T6845]  ffff888000104f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.063548][ T6845]  ffff888000104f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.071594][ T6845] >ffff888000105000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.079689][ T6845]                    ^
[   59.083733][ T6845]  ffff888000105080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.091789][ T6845]  ffff888000105100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.099821][ T6845] ==================================================================
[   59.107863][ T6845] Disabling lock debugging due to kernel taint
[   59.114209][ T6845] Kernel panic - not syncing: panic_on_warn set ...
[   59.120802][ T6845] CPU: 1 PID: 6845 Comm: syz-executor711 Tainted: G    B             5.9.0-rc1-syzkaller #0
[   59.130852][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.140902][ T6845] Call Trace:
[   59.144202][ T6845]  dump_stack+0x18f/0x20d
[   59.148523][ T6845]  ? paging32_walk_addr_generic+0x14b0/0x1980
[   59.154560][ T6845]  panic+0x2e3/0x75c
[   59.158440][ T6845]  ? __warn_printk+0xf3/0xf3
[   59.163523][ T6845]  ? preempt_schedule_common+0x59/0xc0
[   59.169303][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   59.175361][ T6845]  ? preempt_schedule_thunk+0x16/0x18
[   59.180716][ T6845]  ? trace_hardirqs_on+0x55/0x220
[   59.185722][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   59.192236][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   59.198290][ T6845]  end_report+0x4d/0x53
[   59.202427][ T6845]  kasan_report.cold+0xd/0x37
[   59.207423][ T6845]  ? paging32_walk_addr_generic+0x155d/0x1980
[   59.213924][ T6845]  check_memory_region+0x13d/0x180
[   59.219036][ T6845]  paging32_walk_addr_generic+0x155d/0x1980
[   59.225673][ T6845]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   59.230614][ T6845]  ? lock_acquire+0x1f1/0xad0
[   59.235269][ T6845]  ? __might_fault+0xef/0x1d0
[   59.239921][ T6845]  ? find_held_lock+0x2d/0x110
[   59.244660][ T6845]  paging32_gva_to_gpa+0xb2/0x1d0
[   59.250009][ T6845]  ? paging32_walk_addr_generic+0x1980/0x1980
[   59.256049][ T6845]  ? vmx_read_guest_seg_ar+0x7a/0x160
[   59.261574][ T6845]  ? __virt_addr_valid+0x1fe/0x2b0
[   59.266685][ T6845]  ? __phys_addr+0x9a/0x110
[   59.271330][ T6845]  ? __phys_addr_symbol+0x2c/0x70
[   59.276343][ T6845]  ? __check_object_size+0x171/0x3e4
[   59.281698][ T6845]  ? __kvm_read_guest_page+0x138/0x170
[   59.287132][ T6845]  ? vmx_segment_cache_test_set+0xc3/0x170
[   59.292936][ T6845]  ? lock_is_held_type+0xbb/0xf0
[   59.297853][ T6845]  emulator_read_write_onepage+0x2f3/0xa70
[   59.303636][ T6845]  ? em_ltr+0xf0/0xf0
[   59.307596][ T6845]  emulator_read_write+0x1c4/0x5a0
[   59.312727][ T6845]  ? decode_operand+0xb7/0x30a0
[   59.317568][ T6845]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   59.323538][ T6845]  emulator_fix_hypercall+0x132/0x190
[   59.328895][ T6845]  ? trace_event_raw_event_kvm_pio+0x490/0x490
[   59.335026][ T6845]  ? em_clts+0x100/0x100
[   59.339261][ T6845]  em_hypercall+0x5d/0x130
[   59.343653][ T6845]  x86_emulate_insn+0x5e8/0x3d20
[   59.348565][ T6845]  ? kvm_put_guest_fpu+0x4c0/0x4c0
[   59.353649][ T6845]  ? init_decode_cache+0xb0/0xb0
[   59.358562][ T6845]  ? lock_is_held_type+0xbb/0xf0
[   59.363473][ T6845]  x86_emulate_instruction+0x752/0x1e00
[   59.368993][ T6845]  handle_ud+0xa8/0x240
[   59.373123][ T6845]  ? kvm_emulate_instruction+0x30/0x30
[   59.378556][ T6845]  ? lock_acquire+0x1f1/0xad0
[   59.383204][ T6845]  ? vcpu_enter_guest+0x1371/0x3b60
[   59.388376][ T6845]  ? vmx_skip_emulated_instruction+0x250/0x250
[   59.394501][ T6845]  handle_exception_nmi+0xaf7/0x1270
[   59.399782][ T6845]  ? vmx_skip_emulated_instruction+0x250/0x250
[   59.405916][ T6845]  vmx_handle_exit+0x293/0x14c0
[   59.410755][ T6845]  vcpu_enter_guest+0x14d6/0x3b60
[   59.415761][ T6845]  ? kvm_vcpu_reload_apic_access_page+0x80/0x80
[   59.421974][ T6845]  ? lock_release+0x8e0/0x8e0
[   59.426629][ T6845]  ? mark_held_locks+0x9f/0xe0
[   59.431374][ T6845]  ? __local_bh_enable_ip+0xd1/0x190
[   59.436634][ T6845]  ? lock_is_held_type+0xbb/0xf0
[   59.441549][ T6845]  ? kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   59.447238][ T6845]  kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   59.453106][ T6845]  kvm_vcpu_ioctl+0x467/0xdf0
[   59.457757][ T6845]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   59.463552][ T6845]  ? generic_block_fiemap+0x60/0x60
[   59.468724][ T6845]  ? __up_read+0x1a1/0x7b0
[   59.473132][ T6845]  ? _down_write_nest_lock+0x150/0x150
[   59.478562][ T6845]  ? vmacache_update+0xce/0x140
[   59.483476][ T6845]  ? bpf_lsm_file_ioctl+0x5/0x10
[   59.489448][ T6845]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   59.496188][ T6845]  __x64_sys_ioctl+0x193/0x200
[   59.500999][ T6845]  do_syscall_64+0x2d/0x70
[   59.505391][ T6845]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   59.511280][ T6845] RIP: 0033:0x443639
[   59.515171][ T6845] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0b fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   59.534790][ T6845] RSP: 002b:00007ffeb5160548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   59.543193][ T6845] RAX: ffffffffffffffda RBX: 00007ffeb5160550 RCX: 0000000000443639
[   59.551164][ T6845] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   59.559149][ T6845] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000004011b0
[   59.567613][ T6845] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000404660
[   59.575583][ T6845] R13: 00000000004046f0 R14: 0000000000000000 R15: 0000000000000000
[   59.584875][ T6845] Kernel Offset: disabled
[   59.589216][ T6845] Rebooting in 86400 seconds..