Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 61.376809][ T7197] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. executing program [ 61.727361][ T7203] ================================================================== [ 61.735737][ T7203] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 61.744109][ T7203] Read of size 8 at addr ffff8880a60a4468 by task syz-executor507/7203 [ 61.752332][ T7203] [ 61.754667][ T7203] CPU: 0 PID: 7203 Comm: syz-executor507 Not tainted 5.7.0-rc2-syzkaller #0 [ 61.763337][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.773390][ T7203] Call Trace: [ 61.776673][ T7203] dump_stack+0x188/0x20d [ 61.781005][ T7203] print_address_description.constprop.0.cold+0xd3/0x315 [ 61.788026][ T7203] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 61.793640][ T7203] __kasan_report.cold+0x35/0x4d [ 61.798562][ T7203] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 61.804193][ T7203] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 61.809803][ T7203] kasan_report+0x33/0x50 [ 61.814116][ T7203] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 61.819559][ T7203] try_async_pf+0x12b/0xac0 [ 61.824047][ T7203] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 61.828886][ T7203] ? mark_held_locks+0x9f/0xe0 [ 61.833630][ T7203] ? mmu_topup_memory_caches+0x325/0x460 [ 61.839244][ T7203] direct_page_fault+0x27d/0x1d70 [ 61.844257][ T7203] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 61.849436][ T7203] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 61.856180][ T7203] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 61.861212][ T7203] kvm_mmu_page_fault+0x187/0x15d0 [ 61.866309][ T7203] ? find_held_lock+0x2d/0x110 [ 61.871054][ T7203] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 61.877120][ T7203] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.882646][ T7203] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.888608][ T7203] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.894150][ T7203] ? handle_ept_violation+0x206/0x550 [ 61.899506][ T7203] ? vmx_inject_irq+0x5b0/0x5b0 [ 61.904337][ T7203] vmx_handle_exit+0x2b8/0x1700 [ 61.909176][ T7203] vcpu_enter_guest+0xfea/0x59d0 [ 61.914104][ T7203] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 61.920502][ T7203] ? kvm_vcpu_kick+0x162/0x2a0 [ 61.925254][ T7203] ? __apic_accept_irq+0x423/0xb80 [ 61.930358][ T7203] ? kvm_lapic_enable_pv_eoi+0x160/0x160 [ 61.935973][ T7203] ? kvm_check_async_pf_completion+0x2a4/0x400 [ 61.942137][ T7203] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0 [ 61.947863][ T7203] kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0 [ 61.953406][ T7203] kvm_vcpu_ioctl+0x493/0xe60 [ 61.958070][ T7203] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 61.964464][ T7203] ? ioctl_file_clone+0x180/0x180 [ 61.969472][ T7203] ? __fget_files+0x32f/0x500 [ 61.974134][ T7203] ? ksys_dup3+0x3c0/0x3c0 [ 61.978532][ T7203] ? __x64_sys_futex+0x376/0x4f0 [ 61.983448][ T7203] ? __x64_sys_futex+0x380/0x4f0 [ 61.988388][ T7203] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 61.994783][ T7203] ksys_ioctl+0x11a/0x180 [ 61.999111][ T7203] __x64_sys_ioctl+0x6f/0xb0 [ 62.003708][ T7203] ? lockdep_hardirqs_on+0x463/0x620 [ 62.008991][ T7203] do_syscall_64+0xf6/0x7d0 [ 62.013494][ T7203] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.019383][ T7203] RIP: 0033:0x4468b9 [ 62.023261][ T7203] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.042848][ T7203] RSP: 002b:00007fde41684da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.051257][ T7203] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 00000000004468b9 [ 62.059210][ T7203] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 62.067176][ T7203] RBP: 00000000006dbc40 R08: 0000000000000000 R09: 0000000000000000 [ 62.075128][ T7203] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 62.083079][ T7203] R13: 0000000020001a40 R14: 00000000004ae768 R15: 0000000000000000 [ 62.091041][ T7203] [ 62.093352][ T7203] Allocated by task 7203: [ 62.097665][ T7203] save_stack+0x1b/0x40 [ 62.101798][ T7203] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.107407][ T7203] kvmalloc_node+0x61/0xf0 [ 62.111803][ T7203] kvm_set_memslot+0x115/0x1530 [ 62.116636][ T7203] __kvm_set_memory_region+0xcf7/0x1320 [ 62.122159][ T7203] __x86_set_memory_region+0x2a3/0x5a0 [ 62.127595][ T7203] vmx_create_vcpu+0x2107/0x2b40 [ 62.132511][ T7203] kvm_arch_vcpu_create+0x6ef/0xb80 [ 62.137687][ T7203] kvm_vm_ioctl+0x15f7/0x23e0 [ 62.142347][ T7203] ksys_ioctl+0x11a/0x180 [ 62.146657][ T7203] __x64_sys_ioctl+0x6f/0xb0 [ 62.151252][ T7203] do_syscall_64+0xf6/0x7d0 [ 62.155757][ T7203] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.161619][ T7203] [ 62.163926][ T7203] Freed by task 0: [ 62.167618][ T7203] (stack is not available) [ 62.172006][ T7203] [ 62.174317][ T7203] The buggy address belongs to the object at ffff8880a60a4000 [ 62.174317][ T7203] which belongs to the cache kmalloc-2k of size 2048 [ 62.188349][ T7203] The buggy address is located 1128 bytes inside of [ 62.188349][ T7203] 2048-byte region [ffff8880a60a4000, ffff8880a60a4800) [ 62.201767][ T7203] The buggy address belongs to the page: [ 62.207384][ T7203] page:ffffea0002982900 refcount:1 mapcount:0 mapping:00000000ae817ae2 index:0x0 [ 62.216466][ T7203] flags: 0xfffe0000000200(slab) [ 62.221306][ T7203] raw: 00fffe0000000200 ffffea00027ddf08 ffffea000298c488 ffff8880aa000e00 [ 62.229875][ T7203] raw: 0000000000000000 ffff8880a60a4000 0000000100000001 0000000000000000 [ 62.238434][ T7203] page dumped because: kasan: bad access detected [ 62.245341][ T7203] [ 62.247647][ T7203] Memory state around the buggy address: [ 62.253272][ T7203] ffff8880a60a4300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.261485][ T7203] ffff8880a60a4380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.269546][ T7203] >ffff8880a60a4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 62.277600][ T7203] ^ [ 62.285054][ T7203] ffff8880a60a4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.293094][ T7203] ffff8880a60a4500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.301130][ T7203] ================================================================== [ 62.309183][ T7203] Disabling lock debugging due to kernel taint [ 62.361268][ T7203] Kernel panic - not syncing: panic_on_warn set ... [ 62.367893][ T7203] CPU: 0 PID: 7203 Comm: syz-executor507 Tainted: G B 5.7.0-rc2-syzkaller #0 [ 62.377942][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.387976][ T7203] Call Trace: [ 62.391266][ T7203] dump_stack+0x188/0x20d [ 62.395577][ T7203] panic+0x2e3/0x75c [ 62.399465][ T7203] ? add_taint.cold+0x16/0x16 [ 62.404121][ T7203] ? preempt_schedule_common+0x5e/0xc0 [ 62.409560][ T7203] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.415174][ T7203] ? preempt_schedule_thunk+0x16/0x18 [ 62.420523][ T7203] ? trace_hardirqs_on+0x55/0x220 [ 62.425525][ T7203] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.431134][ T7203] end_report+0x4d/0x53 [ 62.435265][ T7203] __kasan_report.cold+0xd/0x4d [ 62.440107][ T7203] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.445713][ T7203] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.451318][ T7203] kasan_report+0x33/0x50 [ 62.455625][ T7203] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 62.461061][ T7203] try_async_pf+0x12b/0xac0 [ 62.465545][ T7203] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 62.470375][ T7203] ? mark_held_locks+0x9f/0xe0 [ 62.475131][ T7203] ? mmu_topup_memory_caches+0x325/0x460 [ 62.480761][ T7203] direct_page_fault+0x27d/0x1d70 [ 62.485781][ T7203] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 62.490957][ T7203] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 62.497709][ T7203] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 62.502715][ T7203] kvm_mmu_page_fault+0x187/0x15d0 [ 62.507807][ T7203] ? find_held_lock+0x2d/0x110 [ 62.512549][ T7203] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 62.518602][ T7203] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.524124][ T7203] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.530080][ T7203] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.535602][ T7203] ? handle_ept_violation+0x206/0x550 [ 62.540973][ T7203] ? vmx_inject_irq+0x5b0/0x5b0 [ 62.545816][ T7203] vmx_handle_exit+0x2b8/0x1700 [ 62.550673][ T7203] vcpu_enter_guest+0xfea/0x59d0 [ 62.555595][ T7203] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 62.561987][ T7203] ? kvm_vcpu_kick+0x162/0x2a0 [ 62.566727][ T7203] ? __apic_accept_irq+0x423/0xb80 [ 62.571817][ T7203] ? kvm_lapic_enable_pv_eoi+0x160/0x160 [ 62.577433][ T7203] ? kvm_check_async_pf_completion+0x2a4/0x400 [ 62.583586][ T7203] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0 [ 62.589284][ T7203] kvm_arch_vcpu_ioctl_run+0x3fb/0x16e0 [ 62.594809][ T7203] kvm_vcpu_ioctl+0x493/0xe60 [ 62.599479][ T7203] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.605874][ T7203] ? ioctl_file_clone+0x180/0x180 [ 62.610877][ T7203] ? __fget_files+0x32f/0x500 [ 62.615531][ T7203] ? ksys_dup3+0x3c0/0x3c0 [ 62.620098][ T7203] ? __x64_sys_futex+0x376/0x4f0 [ 62.625011][ T7203] ? __x64_sys_futex+0x380/0x4f0 [ 62.629929][ T7203] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 62.636320][ T7203] ksys_ioctl+0x11a/0x180 [ 62.640629][ T7203] __x64_sys_ioctl+0x6f/0xb0 [ 62.645199][ T7203] ? lockdep_hardirqs_on+0x463/0x620 [ 62.650477][ T7203] do_syscall_64+0xf6/0x7d0 [ 62.654960][ T7203] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.660828][ T7203] RIP: 0033:0x4468b9 [ 62.664709][ T7203] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.684290][ T7203] RSP: 002b:00007fde41684da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.692803][ T7203] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 00000000004468b9 [ 62.700778][ T7203] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 62.708836][ T7203] RBP: 00000000006dbc40 R08: 0000000000000000 R09: 0000000000000000 [ 62.716811][ T7203] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c [ 62.724798][ T7203] R13: 0000000020001a40 R14: 00000000004ae768 R15: 0000000000000000 [ 62.734046][ T7203] Kernel Offset: disabled [ 62.738367][ T7203] Rebooting in 86400 seconds..