DUID 00:04:10:0c:0b:6c:cf:01:97:71:63:d9:08:fa:b1:5a:68:3c forked to background, child pid 3186 [ 26.791261][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.803357][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.247683][ T3602] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. executing program executing program [ 49.403007][ C0] ================================================================== [ 49.403016][ T3609] BUG: unable to handle page fault for address: ffffc9000392a330 [ 49.403030][ T3609] #PF: supervisor read access in kernel mode [ 49.411080][ C0] BUG: KASAN: vmalloc-out-of-bounds in kvm_arch_hardware_enable+0x281/0x840 [ 49.418784][ T3609] #PF: error_code(0x0000) - not-present page [ 49.424733][ C0] Read of size 4 at addr ffffc9000392a330 by task syz-executor392/3601 [ 49.433376][ T3609] PGD 11800067 [ 49.439322][ C0] [ 49.439328][ C0] CPU: 0 PID: 3601 Comm: syz-executor392 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 [ 49.447547][ T3609] P4D 11800067 [ 49.450977][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 49.453283][ T3609] PUD 119c9067 [ 49.463401][ C0] Call Trace: [ 49.463411][ C0] [ 49.466833][ T3609] PMD 1d318067 [ 49.476884][ C0] dump_stack_lvl+0xcd/0x134 [ 49.480314][ T3609] PTE 0 [ 49.483574][ C0] ? kvm_arch_hardware_enable+0x281/0x840 [ 49.486397][ T3609] Oops: 0000 [#1] PREEMPT SMP KASAN [ 49.489829][ C0] print_report.cold+0x59/0x719 [ 49.494389][ T3609] CPU: 1 PID: 3609 Comm: syz-executor392 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 [ 49.497132][ C0] ? kvm_arch_hardware_enable+0x281/0x840 [ 49.502818][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 49.507985][ C0] kasan_report+0xb1/0x1e0 [ 49.512804][ T3609] RIP: 0010:kvm_arch_hardware_enable+0x2ab/0x840 [ 49.522920][ C0] ? kvm_arch_hardware_enable+0x281/0x840 [ 49.528613][ T3609] Code: 48 89 e8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 0f b6 14 08 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed 04 00 00 <41> 8b 95 30 13 00 00 4d 8d b5 40 12 00 00 b9 08 00 00 00 4c 89 fe [ 49.538643][ C0] kasan_check_range+0x13d/0x180 [ 49.543028][ T3609] RSP: 0018:ffffc900038afb28 EFLAGS: 00010086 [ 49.549326][ C0] kvm_arch_hardware_enable+0x281/0x840 [ 49.555024][ T3609] [ 49.555029][ T3609] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81120fe0 [ 49.574602][ C0] ? kvm_arch_vcpu_destroy+0x330/0x330 [ 49.579510][ T3609] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc9000392a330 [ 49.585546][ C0] ? sched_clock_cpu+0x69/0x2b0 [ 49.591058][ T3609] RBP: ffffc9000392a330 R08: 0000000000000000 R09: 0000000000000003 [ 49.593370][ C0] ? cpuacct_all_seq_show+0x520/0x520 [ 49.601317][ T3609] R10: fffff52000725466 R11: 0000000000000000 R12: 0000000000000000 [ 49.606746][ C0] ? hrtimer_interrupt+0x5c3/0x790 [ 49.614701][ T3609] R13: ffffc90003929000 R14: 0023001000000000 R15: ffffc900038afb80 [ 49.619540][ C0] hardware_enable_nolock+0xa7/0x140 [ 49.627483][ T3609] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0063) knlGS:0000000056e4e2c0 [ 49.632826][ C0] __flush_smp_call_function_queue+0x205/0x9a0 [ 49.640779][ T3609] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 49.645865][ C0] ? vm_stat_fops_open+0x40/0x40 [ 49.653810][ T3609] CR2: ffffc9000392a330 CR3: 000000007296d000 CR4: 00000000003526e0 [ 49.659063][ C0] __sysvec_call_function_single+0x95/0x3d0 [ 49.667968][ T3609] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.674105][ C0] sysvec_call_function_single+0x8e/0xc0 [ 49.680661][ T3609] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.685569][ C0] [ 49.693528][ T3609] Call Trace: [ 49.693535][ T3609] [ 49.699389][ C0] [ 49.699398][ C0] asm_sysvec_call_function_single+0x16/0x20 [ 49.707340][ T3609] ? _flat_send_IPI_mask+0x53/0x60 [ 49.712948][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 [ 49.720895][ T3609] ? kvm_arch_vcpu_destroy+0x330/0x330 [ 49.723808][ C0] Code: 74 24 10 e8 8a 76 dd f7 48 89 ef e8 12 f8 dd f7 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 13 b9 d0 f7 65 8b 05 3c 72 80 76 85 c0 74 0a 5b 5d c3 e8 30 81 [ 49.727066][ T3609] ? send_call_function_single_ipi+0x1b5/0x320 [ 49.729975][ C0] RSP: 0018:ffffc900038cfc58 EFLAGS: 00000206 [ 49.732900][ T3609] ? sched_ttwu_pending+0x550/0x550 [ 49.738847][ C0] [ 49.738853][ C0] RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff1bbcaf1 [ 49.743926][ T3609] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 49.750308][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 49.755770][ T3609] hardware_enable_nolock+0xa7/0x140 [ 49.775342][ C0] RBP: ffff8880b9a2a540 R08: 0000000000000001 R09: 0000000000000001 [ 49.781468][ T3609] smp_call_function_many_cond+0x10e2/0x1430 [ 49.787518][ C0] R10: ffffed10173454a8 R11: 0000000000000000 R12: dffffc0000000000 [ 49.792708][ T3609] ? vm_stat_fops_open+0x40/0x40 [ 49.795013][ C0] R13: 0000000000000001 R14: ffffc900038cfdb8 R15: ffff88801b8a5880 [ 49.802970][ T3609] ? smp_call_on_cpu+0x270/0x270 [ 49.808757][ C0] do_nanosleep+0x131/0x690 [ 49.816693][ T3609] ? lockdep_init_map_type+0x21a/0x7f0 [ 49.821963][ C0] ? schedule_hrtimeout+0x30/0x30 [ 49.829922][ T3609] ? do_raw_spin_lock+0x120/0x2a0 [ 49.835876][ C0] ? memset+0x20/0x40 [ 49.843824][ T3609] ? rwlock_bug.part.0+0x90/0x90 [ 49.848732][ C0] ? __hrtimer_init+0x136/0x280 [ 49.856689][ T3609] ? vm_stat_fops_open+0x40/0x40 [ 49.861613][ C0] hrtimer_nanosleep+0x1f9/0x4a0 [ 49.866095][ T3609] on_each_cpu_cond_mask+0x56/0xa0 [ 49.871529][ C0] ? nanosleep_copyout+0x100/0x100 [ 49.876524][ T3609] kvm_dev_ioctl+0x131b/0x1ce0 [ 49.881531][ C0] ? hrtimer_init_sleeper_on_stack+0x90/0x90 [ 49.885504][ T3609] ? kvm_stat_data_open+0x380/0x380 [ 49.890416][ C0] ? get_timespec64+0x191/0x220 [ 49.895244][ T3609] ? bpf_lsm_file_ioctl+0x5/0x10 [ 49.900146][ C0] ? put_timespec64+0x120/0x120 [ 49.905054][ T3609] ? kvm_stat_data_open+0x380/0x380 [ 49.910139][ C0] common_nsleep+0xa2/0xc0 [ 49.915221][ T3609] __do_compat_sys_ioctl+0x1c7/0x290 [ 49.919956][ C0] __ia32_sys_clock_nanosleep+0x2f4/0x430 [ 49.925905][ T3609] __do_fast_syscall_32+0x65/0xf0 [ 49.931071][ C0] ? __x64_sys_clock_nanosleep+0x430/0x430 [ 49.935893][ T3609] do_fast_syscall_32+0x2f/0x70 [ 49.940799][ C0] ? syscall_enter_from_user_mode_prepare+0x19/0x80 [ 49.945623][ T3609] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 49.950805][ C0] ? syscall_enter_from_user_mode_prepare+0x19/0x80 [ 49.955210][ T3609] RIP: 0023:0xf7f50549 [ 49.960468][ C0] __do_fast_syscall_32+0x65/0xf0 [ 49.966159][ T3609] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 49.971155][ C0] do_fast_syscall_32+0x2f/0x70 [ 49.976942][ T3609] RSP: 002b:00000000ff8969fc EFLAGS: 00000246 [ 49.981766][ C0] entry_SYSENTER_compat_after_hwframe+0x70/0x82 [ 49.988334][ T3609] ORIG_RAX: 0000000000000036 [ 49.988344][ T3609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ae01 [ 49.994634][ C0] RIP: 0023:0xf7f50549 [ 50.001190][ T3609] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000040000 [ 50.005255][ C0] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 50.010245][ T3609] RBP: 000000000000c0a7 R08: 0000000000000000 R09: 0000000000000000 [ 50.029820][ C0] RSP: 002b:00000000ff896920 EFLAGS: 00000246 [ 50.034642][ T3609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.040678][ C0] ORIG_RAX: 0000000000000197 [ 50.046984][ T3609] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 50.051629][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 50.059764][ T3609] [ 50.063802][ C0] RDX: 00000000ff89699c RSI: 00000000ff8969ac RDI: 00000000ff89699c [ 50.071763][ T3609] Modules linked in: [ 50.091344][ C0] RBP: 00000000ff8969ac R08: 0000000000000000 R09: 0000000000000000 [ 50.099297][ T3609] CR2: ffffc9000392a330 [ 50.105343][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.113305][ T3609] ---[ end trace 0000000000000000 ]--- [ 50.117964][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 50.125910][ T3609] RIP: 0010:kvm_arch_hardware_enable+0x2ab/0x840 [ 50.133867][ C0] [ 50.136855][ T3609] Code: 48 89 e8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 0f b6 14 08 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed 04 00 00 <41> 8b 95 30 13 00 00 4d 8d b5 40 12 00 00 b9 08 00 00 00 4c 89 fe [ 50.144802][ C0] [ 50.144811][ C0] Memory state around the buggy address: [ 50.148672][ T3609] RSP: 0018:ffffc900038afb28 EFLAGS: 00010086 [ 50.156622][ C0] ffffc9000392a200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 50.160742][ T3609] [ 50.160748][ T3609] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81120fe0 [ 50.168708][ C0] ffffc9000392a280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 50.174131][ T3609] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc9000392a330 [ 50.182082][ C0] >ffffc9000392a300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 50.188374][ T3609] RBP: ffffc9000392a330 R08: 0000000000000000 R09: 0000000000000003 [ 50.191372][ C0] ^ [ 50.191384][ C0] ffffc9000392a380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 50.210949][ T3609] R10: fffff52000725466 R11: 0000000000000000 R12: 0000000000000000 [ 50.213258][ C0] ffffc9000392a400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 50.218853][ T3609] R13: ffffc90003929000 R14: 0023001000000000 R15: ffffc900038afb80 [ 50.224912][ C0] ================================================================== [ 50.224922][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 50.232961][ T3609] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0063) knlGS:0000000056e4e2c0 [ 50.235285][ T3609] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 50.243253][ T3609] CR2: ffffc9000392a330 CR3: 000000007296d000 CR4: 00000000003526e0 [ 50.251310][ T3609] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.259267][ T3609] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.304386][ C0] Shutting down cpus with NMI [ 51.409551][ C0] Kernel Offset: disabled [ 51.413881][ C0] Rebooting in 86400 seconds..