./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2645242769 <...> Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. execve("./syz-executor2645242769", ["./syz-executor2645242769"], 0x7ffed41216a0 /* 10 vars */) = 0 brk(NULL) = 0x555555dc0000 brk(0x555555dc0d00) = 0x555555dc0d00 arch_prctl(ARCH_SET_FS, 0x555555dc0380) = 0 set_tid_address(0x555555dc0650) = 359 set_robust_list(0x555555dc0660, 24) = 0 rseq(0x555555dc0ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2645242769", 4096) = 28 getrandom("\xa5\xd4\x76\x62\x73\x9a\x8c\x45", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555dc0d00 brk(0x555555de1d00) = 0x555555de1d00 brk(0x555555de2000) = 0x555555de2000 mprotect(0x7f9cfa476000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc0650) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x555555dc0660, 24) = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [ 27.605284][ T23] audit: type=1400 audit(1712311097.040:66): avc: denied { execmem } for pid=359 comm="syz-executor264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.627185][ T361] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 27.627319][ T23] audit: type=1400 audit(1712311097.060:67): avc: denied { read } for pid=361 comm="syz-executor264" name="kvm" dev="devtmpfs" ino=1106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 27.666145][ T23] audit: type=1400 audit(1712311097.060:68): avc: denied { open } for pid=361 comm="syz-executor264" path="/dev/kvm" dev="devtmpfs" ino=1106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 361] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 361] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 361] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 361] ioctl(5, KVM_RUN, 0) = 0 [pid 361] exit_group(0) = ? [pid 361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 364 attached , child_tidptr=0x555555dc0650) = 364 [pid 364] set_robust_list(0x555555dc0660, 24) = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 364] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 364] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 364] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 364] ioctl(5, KVM_RUN, 0) = 0 [pid 364] exit_group(0) = ? [pid 364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 27.690296][ T23] audit: type=1400 audit(1712311097.060:69): avc: denied { ioctl } for pid=361 comm="syz-executor264" path="/dev/kvm" dev="devtmpfs" ino=1106 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 366 attached , child_tidptr=0x555555dc0650) = 366 [pid 366] set_robust_list(0x555555dc0660, 24) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 366] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 366] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 366] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 366] ioctl(5, KVM_RUN, 0) = 0 [pid 366] exit_group(0) = ? [pid 366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x555555dc0660, 24) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] <... clone resumed>, child_tidptr=0x555555dc0650) = 368 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 368] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 368] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 368] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 368] ioctl(5, KVM_RUN, 0) = 0 [pid 368] exit_group(0) = ? [pid 368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc0650) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555555dc0660, 24) = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 370] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 370] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 370] ioctl(5, KVM_RUN, 0) = 0 [pid 370] exit_group(0) = ? [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 372 attached , child_tidptr=0x555555dc0650) = 372 [pid 372] set_robust_list(0x555555dc0660, 24) = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 372] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 372] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 372] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 372] ioctl(5, KVM_RUN, 0) = 0 [pid 372] exit_group(0) = ? [pid 372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc0650) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x555555dc0660, 24) = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 374] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 374] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 374] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 374] ioctl(5, KVM_RUN, 0) = 0 [pid 374] exit_group(0) = ? [pid 374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x555555dc0660, 24 [pid 359] <... clone resumed>, child_tidptr=0x555555dc0650) = 376 [pid 376] <... set_robust_list resumed>) = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 376] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 376] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 376] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 376] ioctl(5, KVM_RUN, 0) = 0 [pid 376] exit_group(0) = ? [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 378 attached , child_tidptr=0x555555dc0650) = 378 [pid 378] set_robust_list(0x555555dc0660, 24) = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 378] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 378] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 378] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 378] ioctl(5, KVM_RUN, 0) = 0 [pid 378] exit_group(0) = ? [pid 378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555555dc0660, 24 [pid 359] <... clone resumed>, child_tidptr=0x555555dc0650) = 380 [pid 380] <... set_robust_list resumed>) = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 380] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 380] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 380] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 380] ioctl(5, KVM_RUN, 0) = 0 [pid 380] exit_group(0) = ? [pid 380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc0650) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x555555dc0660, 24) = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 382] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 382] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 382] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [pid 382] ioctl(5, KVM_RUN, 0) = 0 [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc0650) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x555555dc0660, 24) = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 384] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 384] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 384] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0 [ 28.090197][ T384] BUG: kernel NULL pointer dereference, address: 0000000000000086 [ 28.097825][ T384] #PF: supervisor instruction fetch in kernel mode [ 28.104157][ T384] #PF: error_code(0x0010) - not-present page [ 28.110108][ T384] PGD 1dc2f5067 P4D 1dc2f5067 PUD 1dc310067 PMD 0 [ 28.116452][ T384] Oops: 0010 [#1] PREEMPT SMP KASAN [ 28.121478][ T384] CPU: 1 PID: 384 Comm: syz-executor264 Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0 [ 28.131454][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.141535][ T384] RIP: 0010:0x86 [ 28.144918][ T384] Code: Bad RIP value. [ 28.148906][ T384] RSP: 0018:ffff8881dbe7f308 EFLAGS: 00010086 [ 28.154808][ T384] RAX: ffff8881dbe7f338 RBX: dffffc0000000000 RCX: ffff8881df0eaf40 [ 28.162613][ T384] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 28.170424][ T384] RBP: 0000000000000ec0 R08: ffffffff82315341 R09: ffffffff811c9085 [ 28.178232][ T384] R10: ffff8881df0eaf40 R11: 0000000000000002 R12: ffffffff84601550 [ 28.186152][ T384] R13: fffffe0000000ec8 R14: ffff8881db9d8000 R15: fffffe0000000ecb [ 28.193957][ T384] FS: 0000555555dc0380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 28.202718][ T384] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.209135][ T384] CR2: 000000000000005c CR3: 00000001dc309000 CR4: 00000000003426a0 [ 28.216949][ T384] Call Trace: [ 28.220077][ T384] ? __die+0xb4/0x100 [ 28.223895][ T384] ? no_context+0xbda/0xe50 [ 28.228230][ T384] ? is_prefetch+0x4b0/0x4b0 [ 28.232818][ T384] ? rcu_preempt_deferred_qs+0xa4/0x2b0 [ 28.238283][ T384] ? __do_page_fault+0xa7d/0xbb0 [ 28.243060][ T384] ? vmx_spec_ctrl_restore_host+0x83/0xfd [ 28.248723][ T384] ? __bad_area_nosemaphore+0xc0/0x460 [ 28.254016][ T384] ? page_fault+0x2f/0x40 [ 28.258179][ T384] ? __entry_text_end+0x4/0x4 [ 28.262735][ T384] ? vmx_handle_exit_irqoff+0x45/0x220 [ 28.267993][ T384] ? check_preemption_disabled+0x91/0x320 [ 28.273549][ T384] ? handle_external_interrupt_irqoff+0x148/0x2f0 [ 28.279790][ T384] ? handle_external_interrupt_irqoff+0x12a/0x2f0 [ 28.286063][ T384] ? __entry_text_end+0x4/0x4 [ 28.290568][ T384] ? vcpu_enter_guest+0x2d06/0x9f70 [ 28.295587][ T384] ? check_preemption_disabled+0x9f/0x320 [ 28.301140][ T384] ? debug_smp_processor_id+0x20/0x20 [ 28.306348][ T384] ? __free_pages_ok+0x847/0x950 [ 28.311207][ T384] ? __kvm_set_memory_region+0xda6/0xf60 [ 28.316703][ T384] ? kvm_vm_ioctl_set_memory_region+0x67/0x90 [ 28.322694][ T384] ? do_vfs_ioctl+0x742/0x1720 [ 28.327626][ T384] ? __x64_sys_ioctl+0xd4/0x110 [ 28.332301][ T384] ? do_syscall_64+0xca/0x1c0 [ 28.336815][ T384] ? local_bh_enable+0x20/0x20 [ 28.341605][ T384] ? __free_one_page+0x7f3/0xa60 [ 28.346360][ T384] ? _raw_spin_unlock+0x49/0x60 [ 28.351053][ T384] ? set_pageblock_migratetype+0x150/0x150 [ 28.356699][ T384] ? kvm_mmu_change_mmu_pages+0x2dc/0x320 [ 28.362245][ T384] ? synchronize_srcu_expedited+0x20/0x20 [ 28.367800][ T384] ? check_preemption_disabled+0x9f/0x320 [ 28.373385][ T384] ? update_load_avg+0x40f/0x1210 [ 28.378222][ T384] ? cpuacct_charge+0xe2/0x170 [ 28.382815][ T384] ? enqueue_task_fair+0xaac/0x1e40 [ 28.387877][ T384] ? check_preempt_wakeup+0x41a/0x9f0 [ 28.393068][ T384] ? vmx_vcpu_load_vmcs+0x655/0x8b0 [ 28.398093][ T384] ? try_to_wake_up+0x7c5/0x14f0 [ 28.402949][ T384] ? read_msr+0x40/0x40 [ 28.406945][ T384] ? check_preemption_disabled+0x9f/0x320 [ 28.412543][ T384] ? check_preemption_disabled+0x9f/0x320 [ 28.418049][ T384] ? debug_smp_processor_id+0x20/0x20 [ 28.423257][ T384] ? kvm_arch_vcpu_ioctl_run+0x748/0x18d0 [ 28.428820][ T384] ? kvm_vcpu_ioctl+0x7f9/0xd10 [ 28.433505][ T384] ? create_vcpu_fd+0x120/0x120 [ 28.438199][ T384] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 28.443138][ T384] ? _raw_spin_lock_irqsave+0x210/0x210 [ 28.448526][ T384] ? cgroup_update_frozen+0x157/0xab0 [ 28.454157][ T384] ? cgroup_update_frozen+0x157/0xab0 [ 28.459379][ T384] ? cgroup_leave_frozen+0x13c/0x290 [ 28.464486][ T384] ? ptrace_stop+0x6ee/0xa30 [ 28.469051][ T384] ? create_vcpu_fd+0x120/0x120 [ 28.473738][ T384] ? do_vfs_ioctl+0x742/0x1720 [ 28.478328][ T384] ? ioctl_preallocate+0x250/0x250 [ 28.483285][ T384] ? check_preemption_disabled+0x153/0x320 [ 28.488924][ T384] ? syscall_trace_enter+0x650/0x940 [ 28.494037][ T384] ? do_syscall_64+0x1c0/0x1c0 [ 28.498667][ T384] ? switch_fpu_return+0x1d4/0x410 [ 28.503583][ T384] ? security_file_ioctl+0x7d/0xa0 [ 28.508534][ T384] ? __x64_sys_ioctl+0xd4/0x110 [ 28.513220][ T384] ? do_syscall_64+0xca/0x1c0 [ 28.517732][ T384] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 28.523666][ T384] Modules linked in: [ 28.527356][ T384] CR2: 0000000000000086 [ 28.531357][ T384] ---[ end trace 1213d66438a68ec9 ]--- [ 28.536680][ T384] RIP: 0010:0x86 [ 28.540041][ T384] Code: Bad RIP value. [ 28.543936][ T384] RSP: 0018:ffff8881dbe7f308 EFLAGS: 00010086 [ 28.549931][ T384] RAX: ffff8881dbe7f338 RBX: dffffc0000000000 RCX: ffff8881df0eaf40 [ 28.557740][ T384] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 28.565548][ T384] RBP: 0000000000000ec0 R08: ffffffff82315341 R09: ffffffff811c9085 [ 28.573362][ T384] R10: ffff8881df0eaf40 R11: 0000000000000002 R12: ffffffff84601550 [ 28.581173][ T384] R13: fffffe0000000ec8 R14: ffff8881db9d8000 R15: fffffe0000000ecb [ 28.588986][ T384] FS: 0000555555dc0380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 28.597747][ T384] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.604169][ T384] CR2: 000000000000005c CR3: 00000001dc309000 CR4: 00000000003426a0 [ 28.612000][ T384] Kernel panic - not syncing: Fatal exception [ 28.618104][ T384] Kernel Offset: disabled [ 28.622242][ T384] Rebooting in 86400 seconds..