Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   64.638008][ T7097] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   64.676317][ T7097] ==================================================================
[   64.684566][ T7097] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   64.692949][ T7097] Read of size 8 at addr ffff8880a613b468 by task syz-executor137/7097
[   64.701158][ T7097] 
[   64.703498][ T7097] CPU: 1 PID: 7097 Comm: syz-executor137 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0
[   64.713359][ T7097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.723401][ T7097] Call Trace:
[   64.726669][ T7097]  dump_stack+0x188/0x20d
[   64.731029][ T7097]  print_address_description.constprop.0.cold+0xd3/0x315
[   64.738026][ T7097]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   64.743635][ T7097]  __kasan_report.cold+0x35/0x4d
[   64.748565][ T7097]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   64.754269][ T7097]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   64.759879][ T7097]  kasan_report+0x33/0x50
[   64.764186][ T7097]  kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   64.769623][ T7097]  try_async_pf+0x12b/0xac0
[   64.774104][ T7097]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   64.778939][ T7097]  ? mark_held_locks+0x9f/0xe0
[   64.783677][ T7097]  ? mmu_topup_memory_caches+0x325/0x460
[   64.789292][ T7097]  direct_page_fault+0x27d/0x1d70
[   64.794299][ T7097]  ? kvm_mmu_get_page+0x1e70/0x1e70
[   64.799512][ T7097]  ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0
[   64.806272][ T7097]  ? kvm_vcpu_mtrr_init+0x70/0x70
[   64.811359][ T7097]  kvm_mmu_page_fault+0x187/0x15d0
[   64.816456][ T7097]  ? find_held_lock+0x2d/0x110
[   64.821241][ T7097]  ? kvm_nx_lpage_recovery_worker+0x790/0x790
[   64.827292][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   64.832817][ T7097]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   64.838775][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   64.844299][ T7097]  ? handle_ept_violation+0x206/0x550
[   64.849694][ T7097]  ? vmx_inject_irq+0x5b0/0x5b0
[   64.854520][ T7097]  vmx_handle_exit+0x2b8/0x1700
[   64.859355][ T7097]  vcpu_enter_guest+0xfea/0x59d0
[   64.864319][ T7097]  ? vmx_vcpu_load_vmcs+0x960/0x960
[   64.869536][ T7097]  ? kvm_vcpu_reload_apic_access_page+0x300/0x300
[   64.875928][ T7097]  ? kvm_arch_vcpu_ioctl_run+0x23a/0x16e0
[   64.881628][ T7097]  ? lock_release+0x800/0x800
[   64.886296][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   64.891819][ T7097]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   64.897790][ T7097]  ? kvm_check_async_pf_completion+0x2a4/0x400
[   64.904024][ T7097]  ? lockdep_hardirqs_on+0x463/0x620
[   64.909292][ T7097]  ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   64.914986][ T7097]  kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   64.920526][ T7097]  kvm_vcpu_ioctl+0x493/0xe60
[   64.925181][ T7097]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   64.931583][ T7097]  ? ioctl_file_clone+0x180/0x180
[   64.936590][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   64.942111][ T7097]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   64.948104][ T7097]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   64.954495][ T7097]  ksys_ioctl+0x11a/0x180
[   64.958803][ T7097]  __x64_sys_ioctl+0x6f/0xb0
[   64.963368][ T7097]  ? lockdep_hardirqs_on+0x463/0x620
[   64.968747][ T7097]  do_syscall_64+0xf6/0x7d0
[   64.973248][ T7097]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   64.979142][ T7097] RIP: 0033:0x4403b9
[   64.983014][ T7097] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.002595][ T7097] RSP: 002b:00007ffc8e0ee858 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.010991][ T7097] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403b9
[   65.018948][ T7097] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   65.026937][ T7097] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   65.034885][ T7097] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401c40
[   65.042831][ T7097] R13: 0000000000401cd0 R14: 0000000000000000 R15: 0000000000000000
[   65.050823][ T7097] 
[   65.053162][ T7097] Allocated by task 7097:
[   65.057470][ T7097]  save_stack+0x1b/0x40
[   65.061600][ T7097]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.067206][ T7097]  kvmalloc_node+0x61/0xf0
[   65.071598][ T7097]  kvm_set_memslot+0x115/0x1530
[   65.076426][ T7097]  __kvm_set_memory_region+0xcf7/0x1320
[   65.081945][ T7097]  __x86_set_memory_region+0x2a3/0x5a0
[   65.087409][ T7097]  vmx_create_vcpu+0x2107/0x2b40
[   65.092324][ T7097]  kvm_arch_vcpu_create+0x6ef/0xb80
[   65.097503][ T7097]  kvm_vm_ioctl+0x1614/0x2400
[   65.102156][ T7097]  ksys_ioctl+0x11a/0x180
[   65.106468][ T7097]  __x64_sys_ioctl+0x6f/0xb0
[   65.111087][ T7097]  do_syscall_64+0xf6/0x7d0
[   65.115571][ T7097]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.121464][ T7097] 
[   65.123768][ T7097] Freed by task 7020:
[   65.127726][ T7097]  save_stack+0x1b/0x40
[   65.131892][ T7097]  __kasan_slab_free+0xf7/0x140
[   65.136716][ T7097]  kfree+0x109/0x2b0
[   65.140599][ T7097]  device_release+0x71/0x200
[   65.145162][ T7097]  kobject_put+0x1e7/0x2e0
[   65.150076][ T7097]  device_destroy+0x9e/0xe0
[   65.154553][ T7097]  vcs_remove_sysfs+0x32/0x50
[   65.159206][ T7097]  vc_deallocate+0x13f/0x400
[   65.163773][ T7097]  vt_ioctl+0x1c47/0x26b0
[   65.168076][ T7097]  tty_ioctl+0xedc/0x1440
[   65.172382][ T7097]  ksys_ioctl+0x11a/0x180
[   65.176711][ T7097]  __x64_sys_ioctl+0x6f/0xb0
[   65.181276][ T7097]  do_syscall_64+0xf6/0x7d0
[   65.185767][ T7097]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.191629][ T7097] 
[   65.193932][ T7097] The buggy address belongs to the object at ffff8880a613b000
[   65.193932][ T7097]  which belongs to the cache kmalloc-2k of size 2048
[   65.208316][ T7097] The buggy address is located 1128 bytes inside of
[   65.208316][ T7097]  2048-byte region [ffff8880a613b000, ffff8880a613b800)
[   65.221731][ T7097] The buggy address belongs to the page:
[   65.227354][ T7097] page:ffffea0002984ec0 refcount:1 mapcount:0 mapping:0000000003ad3f27 index:0x0
[   65.236447][ T7097] flags: 0xfffe0000000200(slab)
[   65.241274][ T7097] raw: 00fffe0000000200 ffffea0002984e48 ffffea0002984f48 ffff8880aa000e00
[   65.249835][ T7097] raw: 0000000000000000 ffff8880a613b000 0000000100000001 0000000000000000
[   65.258388][ T7097] page dumped because: kasan: bad access detected
[   65.264770][ T7097] 
[   65.267084][ T7097] Memory state around the buggy address:
[   65.272693][ T7097]  ffff8880a613b300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.280727][ T7097]  ffff8880a613b380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.288762][ T7097] >ffff8880a613b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   65.296796][ T7097]                                                           ^
[   65.304224][ T7097]  ffff8880a613b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.312264][ T7097]  ffff8880a613b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.320293][ T7097] ==================================================================
[   65.328326][ T7097] Disabling lock debugging due to kernel taint
[   65.334630][ T7097] Kernel panic - not syncing: panic_on_warn set ...
[   65.341232][ T7097] CPU: 1 PID: 7097 Comm: syz-executor137 Tainted: G    B             5.7.0-rc1-next-20200415-syzkaller #0
[   65.352499][ T7097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.362547][ T7097] Call Trace:
[   65.365831][ T7097]  dump_stack+0x188/0x20d
[   65.370160][ T7097]  panic+0x2e3/0x75c
[   65.374147][ T7097]  ? add_taint.cold+0x16/0x16
[   65.378829][ T7097]  ? preempt_schedule_common+0x5e/0xc0
[   65.384285][ T7097]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.389927][ T7097]  ? preempt_schedule_thunk+0x16/0x18
[   65.395272][ T7097]  ? trace_hardirqs_on+0x55/0x220
[   65.400270][ T7097]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.405874][ T7097]  end_report+0x4d/0x53
[   65.410016][ T7097]  __kasan_report.cold+0xd/0x4d
[   65.414841][ T7097]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.420455][ T7097]  ? kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.426058][ T7097]  kasan_report+0x33/0x50
[   65.430374][ T7097]  kvm_vcpu_gfn_to_memslot+0x50e/0x540
[   65.435815][ T7097]  try_async_pf+0x12b/0xac0
[   65.440299][ T7097]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   65.445186][ T7097]  ? mark_held_locks+0x9f/0xe0
[   65.449923][ T7097]  ? mmu_topup_memory_caches+0x325/0x460
[   65.455525][ T7097]  direct_page_fault+0x27d/0x1d70
[   65.460566][ T7097]  ? kvm_mmu_get_page+0x1e70/0x1e70
[   65.465735][ T7097]  ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0
[   65.472467][ T7097]  ? kvm_vcpu_mtrr_init+0x70/0x70
[   65.477469][ T7097]  kvm_mmu_page_fault+0x187/0x15d0
[   65.482589][ T7097]  ? find_held_lock+0x2d/0x110
[   65.487326][ T7097]  ? kvm_nx_lpage_recovery_worker+0x790/0x790
[   65.493371][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.498889][ T7097]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.504885][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.510417][ T7097]  ? handle_ept_violation+0x206/0x550
[   65.515760][ T7097]  ? vmx_inject_irq+0x5b0/0x5b0
[   65.520592][ T7097]  vmx_handle_exit+0x2b8/0x1700
[   65.525419][ T7097]  vcpu_enter_guest+0xfea/0x59d0
[   65.530397][ T7097]  ? vmx_vcpu_load_vmcs+0x960/0x960
[   65.535570][ T7097]  ? kvm_vcpu_reload_apic_access_page+0x300/0x300
[   65.541956][ T7097]  ? kvm_arch_vcpu_ioctl_run+0x23a/0x16e0
[   65.547650][ T7097]  ? lock_release+0x800/0x800
[   65.552304][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.557824][ T7097]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.563796][ T7097]  ? kvm_check_async_pf_completion+0x2a4/0x400
[   65.569924][ T7097]  ? lockdep_hardirqs_on+0x463/0x620
[   65.575183][ T7097]  ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   65.580896][ T7097]  kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0
[   65.586417][ T7097]  kvm_vcpu_ioctl+0x493/0xe60
[   65.591068][ T7097]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.597455][ T7097]  ? ioctl_file_clone+0x180/0x180
[   65.602456][ T7097]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.607987][ T7097]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.613942][ T7097]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.620333][ T7097]  ksys_ioctl+0x11a/0x180
[   65.624637][ T7097]  __x64_sys_ioctl+0x6f/0xb0
[   65.629200][ T7097]  ? lockdep_hardirqs_on+0x463/0x620
[   65.634472][ T7097]  do_syscall_64+0xf6/0x7d0
[   65.638950][ T7097]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.644812][ T7097] RIP: 0033:0x4403b9
[   65.649113][ T7097] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.668689][ T7097] RSP: 002b:00007ffc8e0ee858 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.677073][ T7097] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403b9
[   65.685019][ T7097] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   65.692961][ T7097] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   65.700918][ T7097] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401c40
[   65.708861][ T7097] R13: 0000000000401cd0 R14: 0000000000000000 R15: 0000000000000000
[   65.718049][ T7097] Kernel Offset: disabled
[   65.722375][ T7097] Rebooting in 86400 seconds..