./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2323193674 <...> Warning: Permanently added '10.128.1.82' (ECDSA) to the list of known hosts. execve("./syz-executor2323193674", ["./syz-executor2323193674"], 0x7fff3116bd70 /* 10 vars */) = 0 brk(NULL) = 0x555555de5000 brk(0x555555de5c40) = 0x555555de5c40 arch_prctl(ARCH_SET_FS, 0x555555de5300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2323193674", 4096) = 28 brk(0x555555e06c40) = 0x555555e06c40 brk(0x555555e07000) = 0x555555e07000 mprotect(0x7fe61242a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 ioctl(3, KVM_CREATE_VM, 0) = 4 syzkaller login: [ 41.087601][ T3601] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 41.108573][ T3601] BUG: unable to handle page fault for address: ffffffffffffffea [ 41.116315][ T3601] #PF: supervisor write access in kernel mode [ 41.122369][ T3601] #PF: error_code(0x0002) - not-present page [ 41.128338][ T3601] PGD ba8f067 P4D ba8f067 PUD ba91067 PMD 0 [ 41.134310][ T3601] Oops: 0002 [#1] PREEMPT SMP KASAN [ 41.139489][ T3601] CPU: 1 PID: 3601 Comm: syz-executor232 Not tainted 6.1.0-rc1-next-20221021-syzkaller #0 [ 41.149359][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 41.159397][ T3601] RIP: 0010:eventfd_ctx_put+0x1e/0x110 [ 41.164851][ T3601] Code: 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 54 55 48 89 fd 53 bb ff ff ff ff e8 cf a8 8f ff be 04 00 00 00 48 89 ef e8 f2 38 dc ff 0f c1 5d 00 bf 01 00 00 00 89 de e8 81 a5 8f ff 83 fb 01 74 35 [ 41.184470][ T3601] RSP: 0018:ffffc90003c1f748 EFLAGS: 00010246 [ 41.190535][ T3601] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff81ecec6e [ 41.198498][ T3601] RDX: fffffbfffffffffe RSI: 0000000000000004 RDI: ffffffffffffffea [ 41.206461][ T3601] RBP: ffffffffffffffea R08: 0000000000000001 R09: ffffffffffffffed [ 41.214435][ T3601] R10: fffffbfffffffffd R11: 000000000008c001 R12: 0000000000000003 [ 41.222405][ T3601] R13: ffffffffffffffea R14: ffffc90003c31000 R15: 00000000ffffffea [ 41.230372][ T3601] FS: 0000555555de5300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 41.239301][ T3601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.245880][ T3601] CR2: ffffffffffffffea CR3: 0000000075191000 CR4: 00000000003526e0 [ 41.253850][ T3601] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.261816][ T3601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.269783][ T3601] Call Trace: [ 41.273055][ T3601] [ 41.275980][ T3601] kvm_xen_hvm_set_attr+0x563/0x1630 [ 41.281277][ T3601] ? kvm_xen_hvm_set_attr+0x0/0x1630 [ 41.286571][ T3601] kvm_arch_vm_ioctl+0xe39/0x18b0 [ 41.291602][ T3601] ? kvm_arch_vm_ioctl+0x0/0x18b0 [ 41.296636][ T3601] ? __kmem_cache_free+0xab/0x3b0 [ 41.301674][ T3601] ? __stack_depot_save+0x3a/0x560 [ 41.306794][ T3601] ? __kmem_cache_free+0xab/0x3b0 [ 41.311820][ T3601] ? kasan_set_track-0xf/0x30 [ 41.316504][ T3601] ? kasan_save_stack+0x1e/0x40 [ 41.321358][ T3601] ? __kasan_unpoison_range-0xf/0x10 [ 41.326646][ T3601] ? kasan_save_free_info+0x2a/0x40 [ 41.331848][ T3601] ? ____kasan_slab_free+0x160/0x1c0 [ 41.337134][ T3601] ? slab_free_freelist_hook+0x8b/0x1c0 [ 41.342691][ T3601] ? __kmem_cache_free+0xab/0x3b0 [ 41.347727][ T3601] ? tomoyo_path_number_perm+0x434/0x570 [ 41.353365][ T3601] ? security_file_ioctl+0x50/0xb0 [ 41.358491][ T3601] ? __x64_sys_ioctl+0xb3/0x200 [ 41.363350][ T3601] ? do_syscall_64+0x35/0xb0 [ 41.367948][ T3601] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.374028][ T3601] ? kasan_quarantine_put+0xf5/0x210 [ 41.379315][ T3601] ? trace_hardirqs_on+0x2d/0x180 [ 41.384347][ T3601] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.389817][ T3601] ? lock_acquire+0x4fc/0x630 [ 41.394495][ T3601] ? lock_release+0x0/0x810 [ 41.398998][ T3601] ? do_raw_spin_lock+0x0/0x2a0 [ 41.403852][ T3601] ? tomoyo_supervisor+0x1c2/0xf10 [ 41.408989][ T3601] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 41.414797][ T3601] ? trace_hardirqs_on+0x2d/0x180 [ 41.419820][ T3601] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 41.425627][ T3601] ? debug_check_no_obj_freed+0x20c/0x420 [ 41.431351][ T3601] kvm_vm_ioctl+0x1661/0x2380 [ 41.436027][ T3601] ? lock_release+0x5cb/0x810 [ 41.440795][ T3601] ? tomoyo_path_number_perm+0x23e/0x570 [ 41.446428][ T3601] ? lock_release+0x0/0x810 [ 41.450940][ T3601] ? kvm_vm_ioctl+0x0/0x2380 [ 41.455528][ T3601] ? __kmem_cache_free+0xab/0x3b0 [ 41.460559][ T3601] ? tomoyo_path_number_perm+0x162/0x570 [ 41.466191][ T3601] ? tomoyo_path_number_perm+0x0/0x570 [ 41.471652][ T3601] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.477123][ T3601] ? __sanitizer_cov_trace_switch+0x50/0x90 [ 41.483060][ T3601] ? do_vfs_ioctl+0x132/0x15c0 [ 41.487835][ T3601] ? do_vfs_ioctl+0x0/0x15c0 [ 41.492435][ T3601] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.497903][ T3601] ? lock_release+0x5cb/0x810 [ 41.502581][ T3601] ? calibrate_delay+0x3f3/0x1120 [ 41.507614][ T3601] ? lock_release+0x0/0x810 [ 41.512123][ T3601] ? bpf_lsm_mmap_addr-0xb/0x10 [ 41.516981][ T3601] ? kvm_vm_ioctl+0x0/0x2380 [ 41.521574][ T3601] __x64_sys_ioctl+0x193/0x200 [ 41.526346][ T3601] do_syscall_64+0x35/0xb0 [ 41.530775][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.536676][ T3601] RIP: 0033:0x7fe6123bdb69 [ 41.541087][ T3601] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.560712][ T3601] RSP: 002b:00007ffc0dee52c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 41.569120][ T3601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe6123bdb69 [ 41.577087][ T3601] RDX: 0000000020000040 RSI: 000000004048aec9 RDI: 0000000000000004 [ 41.585053][ T3601] RBP: 00007fe612381d10 R08: 0000000000000000 R09: 0000000000000000 [ 41.593019][ T3601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe612381da0 [ 41.600989][ T3601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.608965][ T3601] [ 41.611977][ T3601] Modules linked in: [ 41.615873][ T3601] CR2: ffffffffffffffea [ 41.620016][ T3601] ---[ end trace 0000000000000000 ]--- [ 41.625460][ T3601] RIP: 0010:eventfd_ctx_put+0x1e/0x110 [ 41.630930][ T3601] Code: 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 54 55 48 89 fd 53 bb ff ff ff ff e8 cf a8 8f ff be 04 00 00 00 48 89 ef e8 f2 38 dc ff 0f c1 5d 00 bf 01 00 00 00 89 de e8 81 a5 8f ff 83 fb 01 74 35 [ 41.650536][ T3601] RSP: 0018:ffffc90003c1f748 EFLAGS: 00010246 [ 41.656602][ T3601] RAX: 0000000000000001 RBX: 00000000ffffffff RCX: ffffffff81ecec6e [ 41.664568][ T3601] RDX: fffffbfffffffffe RSI: 0000000000000004 RDI: ffffffffffffffea [ 41.672561][ T3601] RBP: ffffffffffffffea R08: 0000000000000001 R09: ffffffffffffffed [ 41.680526][ T3601] R10: fffffbfffffffffd R11: 000000000008c001 R12: 0000000000000003 [ 41.688491][ T3601] R13: ffffffffffffffea R14: ffffc90003c31000 R15: 00000000ffffffea [ 41.696456][ T3601] FS: 0000555555de5300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 41.705384][ T3601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.711966][ T3601] CR2: ffffffffffffffea CR3: 0000000075191000 CR4: 00000000003526e0 [ 41.719938][ T3601] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.727911][ T3601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.735889][ T3601] Kernel panic - not syncing: Fatal exception [ 41.742123][ T3601] Kernel Offset: disabled [ 41.746449][ T3601] Rebooting in 86400 seconds..