./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2600877349
<...>
Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts.
execve("./syz-executor2600877349", ["./syz-executor2600877349"], 0x7ffdd3ae4dd0 /* 10 vars */) = 0
brk(NULL) = 0x555557364000
brk(0x555557364c40) = 0x555557364c40
arch_prctl(ARCH_SET_FS, 0x555557364300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2600877349", 4096) = 28
brk(0x555557385c40) = 0x555557385c40
brk(0x555557386000) = 0x555557386000
mprotect(0x7fd7dbe32000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3614 attached
, child_tidptr=0x5555573645d0) = 3614
[pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3614] setpgid(0, 0) = 0
[pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3614] write(3, "1000", 4) = 4
[pid 3614] close(3) = 0
[pid 3614] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3
[pid 3614] ioctl(3, KVM_CREATE_VM, 0) = 4
[pid 3614] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 5
[pid 3614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 3614] write(6, "37", 2) = 2
syzkaller login: [ 49.221264][ T3614] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[pid 3614] ioctl(5, KVM_CREATE_VM, 0) = -1 ENOMEM (Cannot allocate memory)
[pid 3614] exit_group(0) = ?
[ 49.311062][ T3614] ==================================================================
[ 49.319134][ T3614] BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid+0xf2/0x110
[ 49.327566][ T3614] Read of size 8 at addr ffffc900039da340 by task syz-executor260/3614
[ 49.335859][ T3614]
[ 49.338181][ T3614] CPU: 0 PID: 3614 Comm: syz-executor260 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
[ 49.348320][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 49.358365][ T3614] Call Trace:
[ 49.361634][ T3614]
[ 49.364563][ T3614] dump_stack_lvl+0xcd/0x134
[ 49.369177][ T3614] ? __list_del_entry_valid+0xf2/0x110
[ 49.374649][ T3614] print_report.cold+0x59/0x719
[ 49.379593][ T3614] ? __list_del_entry_valid+0xf2/0x110
[ 49.385066][ T3614] kasan_report+0xb1/0x1e0
[ 49.389482][ T3614] ? __list_del_entry_valid+0xf2/0x110
[ 49.394954][ T3614] __list_del_entry_valid+0xf2/0x110
[ 49.400232][ T3614] kvm_put_kvm+0x130/0xb70
[ 49.404640][ T3614] ? lockdep_hardirqs_on+0x79/0x100
[ 49.409835][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40
[ 49.415044][ T3614] kvm_vm_release+0x3f/0x50
[ 49.419556][ T3614] __fput+0x277/0x9d0
[ 49.423552][ T3614] ? kvm_put_kvm+0xb70/0xb70
[ 49.428150][ T3614] task_work_run+0xdd/0x1a0
[ 49.432658][ T3614] do_exit+0xad5/0x29b0
[ 49.436818][ T3614] ? mm_update_next_owner+0x7a0/0x7a0
[ 49.442194][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40
[ 49.447424][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40
[ 49.452629][ T3614] do_group_exit+0xd2/0x2f0
[ 49.457138][ T3614] __x64_sys_exit_group+0x3a/0x50
[ 49.462166][ T3614] do_syscall_64+0x35/0xb0
[ 49.466585][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.472484][ T3614] RIP: 0033:0x7fd7dbdc3d39
[ 49.476900][ T3614] Code: Unable to access opcode bytes at RIP 0x7fd7dbdc3d0f.
[ 49.484257][ T3614] RSP: 002b:00007ffce9fd1d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 49.492684][ T3614] RAX: ffffffffffffffda RBX: 00007fd7dbe383f0 RCX: 00007fd7dbdc3d39
[ 49.500655][ T3614] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 49.508621][ T3614] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001
[ 49.516676][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7dbe383f0
[ 49.524641][ T3614] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 49.532614][ T3614]
[ 49.535635][ T3614]
[ 49.537956][ T3614] Memory state around the buggy address:
[ 49.543575][ T3614] ffffc900039da200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 49.551644][ T3614] ffffc900039da280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 49.559710][ T3614] >ffffc900039da300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 49.567775][ T3614] ^
[ 49.573950][ T3614] ffffc900039da380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 49.582194][ T3614] ffffc900039da400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 49.590253][ T3614] ==================================================================
[ 49.601044][ T3614] Kernel panic - not syncing: panic_on_warn set ...
[ 49.607646][ T3614] CPU: 0 PID: 3614 Comm: syz-executor260 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
[ 49.617805][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 49.627873][ T3614] Call Trace:
[ 49.631161][ T3614]
[ 49.634093][ T3614] dump_stack_lvl+0xcd/0x134
[ 49.638698][ T3614] panic+0x2c8/0x627
[ 49.642620][ T3614] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 49.648615][ T3614] ? preempt_schedule_common+0x59/0xc0
[ 49.654078][ T3614] ? preempt_schedule_thunk+0x16/0x18
[ 49.659642][ T3614] ? __list_del_entry_valid+0xf2/0x110
[ 49.665105][ T3614] end_report.part.0+0x3f/0x7c
[ 49.669875][ T3614] kasan_report.cold+0xa/0xf
[ 49.674489][ T3614] ? __list_del_entry_valid+0xf2/0x110
[ 49.679963][ T3614] __list_del_entry_valid+0xf2/0x110
[ 49.685260][ T3614] kvm_put_kvm+0x130/0xb70
[ 49.689690][ T3614] ? lockdep_hardirqs_on+0x79/0x100
[ 49.694928][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40
[ 49.700147][ T3614] kvm_vm_release+0x3f/0x50
[ 49.704662][ T3614] __fput+0x277/0x9d0
[ 49.708647][ T3614] ? kvm_put_kvm+0xb70/0xb70
[ 49.713260][ T3614] task_work_run+0xdd/0x1a0
[ 49.717772][ T3614] do_exit+0xad5/0x29b0
[ 49.721940][ T3614] ? mm_update_next_owner+0x7a0/0x7a0
[ 49.727319][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40
[ 49.732530][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40
[ 49.737736][ T3614] do_group_exit+0xd2/0x2f0
[ 49.742288][ T3614] __x64_sys_exit_group+0x3a/0x50
[ 49.747330][ T3614] do_syscall_64+0x35/0xb0
[ 49.751757][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.757668][ T3614] RIP: 0033:0x7fd7dbdc3d39
[ 49.762084][ T3614] Code: Unable to access opcode bytes at RIP 0x7fd7dbdc3d0f.
[ 49.769444][ T3614] RSP: 002b:00007ffce9fd1d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 49.777864][ T3614] RAX: ffffffffffffffda RBX: 00007fd7dbe383f0 RCX: 00007fd7dbdc3d39
[ 49.785854][ T3614] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 49.793825][ T3614] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001
[ 49.801791][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7dbe383f0
[ 49.809760][ T3614] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 49.817736][ T3614]
[ 49.820963][ T3614] Kernel Offset: disabled
[ 49.825299][ T3614] Rebooting in 86400 seconds..