Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.544733][ T7039] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 53.881359][ T7039] ================================================================== [ 53.889529][ T7039] BUG: KASAN: slab-out-of-bounds in kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 53.897829][ T7039] Read of size 8 at addr ffff8880a66f5468 by task syz-executor801/7039 [ 53.906731][ T7039] [ 53.909041][ T7039] CPU: 0 PID: 7039 Comm: syz-executor801 Not tainted 5.6.0-syzkaller #0 [ 53.917336][ T7039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.927369][ T7039] Call Trace: [ 53.930650][ T7039] dump_stack+0x188/0x20d [ 53.934979][ T7039] print_address_description.constprop.0.cold+0xd3/0x315 [ 53.941986][ T7039] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 53.947636][ T7039] __kasan_report.cold+0x35/0x4d [ 53.952566][ T7039] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 53.958178][ T7039] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 53.963790][ T7039] kasan_report+0x33/0x50 [ 53.968112][ T7039] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 53.973554][ T7039] try_async_pf+0x12b/0xac0 [ 53.978122][ T7039] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 53.983006][ T7039] ? mark_held_locks+0x9f/0xe0 [ 53.987773][ T7039] ? mmu_topup_memory_caches+0x325/0x460 [ 53.993394][ T7039] direct_page_fault+0x27d/0x1d70 [ 53.998412][ T7039] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 54.003593][ T7039] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 54.010330][ T7039] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 54.015387][ T7039] kvm_mmu_page_fault+0x187/0x15d0 [ 54.020510][ T7039] ? find_held_lock+0x2d/0x110 [ 54.025251][ T7039] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 54.031297][ T7039] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.036819][ T7039] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.042776][ T7039] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.048299][ T7039] ? handle_ept_violation+0x206/0x550 [ 54.053657][ T7039] ? vmx_inject_irq+0x5b0/0x5b0 [ 54.058482][ T7039] vmx_handle_exit+0x2b8/0x1700 [ 54.063314][ T7039] vcpu_enter_guest+0xfea/0x59d0 [ 54.068232][ T7039] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 54.074623][ T7039] ? kvm_vcpu_kick+0x162/0x2a0 [ 54.079364][ T7039] ? __apic_accept_irq+0x423/0xb80 [ 54.084458][ T7039] ? kvm_lapic_enable_pv_eoi+0x160/0x160 [ 54.090067][ T7039] ? kvm_check_async_pf_completion+0x2a4/0x400 [ 54.096199][ T7039] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 54.101896][ T7039] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 54.107431][ T7039] kvm_vcpu_ioctl+0x493/0xe60 [ 54.112090][ T7039] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 54.118499][ T7039] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 54.124631][ T7039] ? do_vfs_ioctl+0x50c/0x12d0 [ 54.129373][ T7039] ? ioctl_file_clone+0x180/0x180 [ 54.134387][ T7039] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 54.139658][ T7039] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.145628][ T7039] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 54.150498][ T7039] ? do_sys_open+0xc3/0x140 [ 54.154995][ T7039] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 54.159835][ T7039] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 54.165289][ T7039] do_fast_syscall_32+0x270/0xe90 [ 54.170297][ T7039] entry_SYSENTER_compat+0x70/0x7f [ 54.175399][ T7039] [ 54.177717][ T7039] Allocated by task 7039: [ 54.182031][ T7039] save_stack+0x1b/0x40 [ 54.186174][ T7039] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 54.191783][ T7039] kvmalloc_node+0x61/0xf0 [ 54.196175][ T7039] kvm_set_memslot+0x115/0x1530 [ 54.201015][ T7039] __kvm_set_memory_region+0xcf7/0x1320 [ 54.206537][ T7039] __x86_set_memory_region+0x2a3/0x5a0 [ 54.211971][ T7039] vmx_create_vcpu+0x2107/0x2b40 [ 54.216887][ T7039] kvm_arch_vcpu_create+0x6ef/0xb80 [ 54.222068][ T7039] kvm_vm_ioctl+0x15f7/0x23e0 [ 54.226718][ T7039] kvm_vm_compat_ioctl+0x125/0x240 [ 54.231803][ T7039] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 54.237237][ T7039] do_fast_syscall_32+0x270/0xe90 [ 54.242236][ T7039] entry_SYSENTER_compat+0x70/0x7f [ 54.247314][ T7039] [ 54.249618][ T7039] Freed by task 6736: [ 54.253573][ T7039] save_stack+0x1b/0x40 [ 54.257703][ T7039] __kasan_slab_free+0xf7/0x140 [ 54.262525][ T7039] kfree+0x109/0x2b0 [ 54.266395][ T7039] device_release+0x71/0x200 [ 54.270961][ T7039] kobject_put+0x1e7/0x2e0 [ 54.275348][ T7039] device_destroy+0x9e/0xe0 [ 54.279832][ T7039] vcs_remove_sysfs+0x1d/0x50 [ 54.284485][ T7039] vc_deallocate+0x13f/0x400 [ 54.289049][ T7039] vt_ioctl+0x1c47/0x26b0 [ 54.293353][ T7039] tty_ioctl+0xedc/0x1440 [ 54.297657][ T7039] ksys_ioctl+0x11a/0x180 [ 54.301968][ T7039] __x64_sys_ioctl+0x6f/0xb0 [ 54.306542][ T7039] do_syscall_64+0xf6/0x7d0 [ 54.311024][ T7039] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 54.316893][ T7039] [ 54.319208][ T7039] The buggy address belongs to the object at ffff8880a66f5000 [ 54.319208][ T7039] which belongs to the cache kmalloc-2k of size 2048 [ 54.333246][ T7039] The buggy address is located 1128 bytes inside of [ 54.333246][ T7039] 2048-byte region [ffff8880a66f5000, ffff8880a66f5800) [ 54.347623][ T7039] The buggy address belongs to the page: [ 54.353234][ T7039] page:ffffea000299bd40 refcount:1 mapcount:0 mapping:00000000ae67ad2a index:0x0 [ 54.362319][ T7039] flags: 0xfffe0000000200(slab) [ 54.367157][ T7039] raw: 00fffe0000000200 ffffea000299b8c8 ffffea000299bd88 ffff8880aa000e00 [ 54.375722][ T7039] raw: 0000000000000000 ffff8880a66f5000 0000000100000001 0000000000000000 [ 54.384282][ T7039] page dumped because: kasan: bad access detected [ 54.390673][ T7039] [ 54.392987][ T7039] Memory state around the buggy address: [ 54.398602][ T7039] ffff8880a66f5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.406646][ T7039] ffff8880a66f5380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.414687][ T7039] >ffff8880a66f5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 54.422723][ T7039] ^ [ 54.430156][ T7039] ffff8880a66f5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.438285][ T7039] ffff8880a66f5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.446320][ T7039] ================================================================== [ 54.454359][ T7039] Disabling lock debugging due to kernel taint [ 54.460873][ T7039] Kernel panic - not syncing: panic_on_warn set ... [ 54.467501][ T7039] CPU: 0 PID: 7039 Comm: syz-executor801 Tainted: G B 5.6.0-syzkaller #0 [ 54.477202][ T7039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.487247][ T7039] Call Trace: [ 54.490535][ T7039] dump_stack+0x188/0x20d [ 54.494859][ T7039] panic+0x2e3/0x75c [ 54.498729][ T7039] ? add_taint.cold+0x16/0x16 [ 54.503383][ T7039] ? preempt_schedule_common+0x5e/0xc0 [ 54.508815][ T7039] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 54.514427][ T7039] ? preempt_schedule_thunk+0x16/0x18 [ 54.519782][ T7039] ? trace_hardirqs_on+0x55/0x220 [ 54.524808][ T7039] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 54.530424][ T7039] end_report+0x4d/0x53 [ 54.534554][ T7039] __kasan_report.cold+0xd/0x4d [ 54.539380][ T7039] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 54.544985][ T7039] ? kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 54.550588][ T7039] kasan_report+0x33/0x50 [ 54.554927][ T7039] kvm_vcpu_gfn_to_memslot+0x50e/0x540 [ 54.560369][ T7039] try_async_pf+0x12b/0xac0 [ 54.564846][ T7039] ? ept_gva_to_gpa+0x1e0/0x1e0 [ 54.569670][ T7039] ? mark_held_locks+0x9f/0xe0 [ 54.574585][ T7039] ? mmu_topup_memory_caches+0x325/0x460 [ 54.580192][ T7039] direct_page_fault+0x27d/0x1d70 [ 54.585189][ T7039] ? kvm_mmu_get_page+0x1e70/0x1e70 [ 54.590457][ T7039] ? kvm_mtrr_check_gfn_range_consistency+0x254/0x2e0 [ 54.597198][ T7039] ? kvm_vcpu_mtrr_init+0x70/0x70 [ 54.602201][ T7039] kvm_mmu_page_fault+0x187/0x15d0 [ 54.607296][ T7039] ? find_held_lock+0x2d/0x110 [ 54.612041][ T7039] ? kvm_nx_lpage_recovery_worker+0x790/0x790 [ 54.618080][ T7039] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.623599][ T7039] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.629549][ T7039] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.635067][ T7039] ? handle_ept_violation+0x206/0x550 [ 54.640412][ T7039] ? vmx_inject_irq+0x5b0/0x5b0 [ 54.645235][ T7039] vmx_handle_exit+0x2b8/0x1700 [ 54.650060][ T7039] vcpu_enter_guest+0xfea/0x59d0 [ 54.654974][ T7039] ? kvm_vcpu_reload_apic_access_page+0x300/0x300 [ 54.661361][ T7039] ? kvm_vcpu_kick+0x162/0x2a0 [ 54.666100][ T7039] ? __apic_accept_irq+0x423/0xb80 [ 54.671184][ T7039] ? kvm_lapic_enable_pv_eoi+0x160/0x160 [ 54.676787][ T7039] ? kvm_check_async_pf_completion+0x2a4/0x400 [ 54.682923][ T7039] ? kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 54.688628][ T7039] kvm_arch_vcpu_ioctl_run+0x3fb/0x16a0 [ 54.695115][ T7039] kvm_vcpu_ioctl+0x493/0xe60 [ 54.699811][ T7039] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 54.706201][ T7039] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 54.712079][ T7039] ? do_vfs_ioctl+0x50c/0x12d0 [ 54.717029][ T7039] ? ioctl_file_clone+0x180/0x180 [ 54.722037][ T7039] kvm_vcpu_compat_ioctl+0x1ab/0x350 [ 54.727307][ T7039] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.733259][ T7039] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 54.738080][ T7039] ? do_sys_open+0xc3/0x140 [ 54.742556][ T7039] ? kvm_vcpu_ioctl+0xe60/0xe60 [ 54.747380][ T7039] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 54.752813][ T7039] do_fast_syscall_32+0x270/0xe90 [ 54.757813][ T7039] entry_SYSENTER_compat+0x70/0x7f [ 54.764153][ T7039] Kernel Offset: disabled [ 54.768467][ T7039] Rebooting in 86400 seconds..