./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1632523339 <...> DUID 00:04:e6:bc:8e:bc:c3:7a:f3:fc:35:c5:a5:4f:9b:64:01:ce forked to background, child pid 3179 [ 28.642939][ T3180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.653150][ T3180] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts. execve("./syz-executor1632523339", ["./syz-executor1632523339"], 0x7fff436ac400 /* 10 vars */) = 0 brk(NULL) = 0x555556de0000 brk(0x555556de0c40) = 0x555556de0c40 arch_prctl(ARCH_SET_FS, 0x555556de0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1632523339", 4096) = 28 brk(0x555556e01c40) = 0x555556e01c40 brk(0x555556e02000) = 0x555556e02000 mprotect(0x7fc02f8d5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 ioctl(3, KVM_CREATE_VM, 0) = 4 ioctl(4, KVM_CREATE_VCPU, 0) = 5 syzkaller login: [ 51.662448][ T3601] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 51.689262][ T3601] general protection fault, probably for non-canonical address 0xdffffc000000001d: 0000 [#1] PREEMPT SMP KASAN [ 51.701009][ T3601] KASAN: null-ptr-deref in range [0x00000000000000e8-0x00000000000000ef] [ 51.709403][ T3601] CPU: 0 PID: 3601 Comm: syz-executor163 Not tainted 5.19.0-rc4-next-20220627-syzkaller #0 [ 51.719389][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.729428][ T3601] RIP: 0010:kvm_arch_vcpu_ioctl+0x10d1/0x3d40 [ 51.735490][ T3601] Code: 80 3c 02 00 0f 85 91 28 00 00 4d 8b ac 24 b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bd ec 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 62 [ 51.755079][ T3601] RSP: 0018:ffffc90002eaf960 EFLAGS: 00010207 [ 51.761129][ T3601] RAX: dffffc0000000000 RBX: 0000000000000006 RCX: 0000000000000000 [ 51.769085][ T3601] RDX: 000000000000001d RSI: ffffffff8110c6ee RDI: 00000000000000ec [ 51.777040][ T3601] RBP: ffffc90002eafd20 R08: 0000000000000007 R09: 0000000000000000 [ 51.784996][ T3601] R10: 0000000000000000 R11: 1ffffffff1fc765f R12: ffff888078e10000 [ 51.792953][ T3601] R13: 0000000000000000 R14: 1ffff920005d5f36 R15: dffffc0000000000 [ 51.800908][ T3601] FS: 0000555556de0300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 51.809821][ T3601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.816389][ T3601] CR2: 00007fc02f8affb8 CR3: 0000000075d2c000 CR4: 00000000003526f0 [ 51.824523][ T3601] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.832476][ T3601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.840439][ T3601] Call Trace: [ 51.843701][ T3601] [ 51.846618][ T3601] ? kvm_arch_vcpu_put+0x950/0x950 [ 51.851733][ T3601] ? find_held_lock+0x2d/0x110 [ 51.856588][ T3601] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.862552][ T3601] ? debug_check_no_obj_freed+0x20c/0x420 [ 51.868273][ T3601] ? lock_downgrade+0x6e0/0x6e0 [ 51.873110][ T3601] ? lock_release+0x780/0x780 [ 51.877775][ T3601] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.883577][ T3601] ? trace_contention_end+0xea/0x150 [ 51.888852][ T3601] ? __mutex_lock+0x231/0x1350 [ 51.893608][ T3601] ? kvm_vcpu_ioctl+0x1d1/0xf30 [ 51.898451][ T3601] ? mutex_lock_io_nested+0x1190/0x1190 [ 51.903988][ T3601] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 51.909794][ T3601] ? kvm_vcpu_ioctl+0x973/0xf30 [ 51.914721][ T3601] kvm_vcpu_ioctl+0x973/0xf30 [ 51.919391][ T3601] ? kvm_vcpu_kick+0x2f0/0x2f0 [ 51.924149][ T3601] ? find_held_lock+0x2d/0x110 [ 51.929181][ T3601] ? calibrate_delay+0xf59/0x1120 [ 51.934198][ T3601] ? lock_downgrade+0x6e0/0x6e0 [ 51.939033][ T3601] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.944325][ T3601] ? bpf_lsm_file_ioctl+0x5/0x10 [ 51.949277][ T3601] ? kvm_vcpu_kick+0x2f0/0x2f0 [ 51.954059][ T3601] __x64_sys_ioctl+0x193/0x200 [ 51.958832][ T3601] do_syscall_64+0x35/0xb0 [ 51.963262][ T3601] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.969180][ T3601] RIP: 0033:0x7fc02f868b69 [ 51.973580][ T3601] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.993189][ T3601] RSP: 002b:00007ffcc8febd88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 52.001590][ T3601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc02f868b69 [ 52.009893][ T3601] RDX: 0000000020000040 RSI: 000000004008ae9c RDI: 0000000000000005 [ 52.017848][ T3601] RBP: 00007fc02f82cd10 R08: 0000000000000000 R09: 0000000000000000 [ 52.025800][ T3601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc02f82cda0 [ 52.033933][ T3601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.041895][ T3601] [ 52.044895][ T3601] Modules linked in: [ 52.050458][ T3601] ---[ end trace 0000000000000000 ]--- [ 52.056141][ T3601] RIP: 0010:kvm_arch_vcpu_ioctl+0x10d1/0x3d40 [ 52.062206][ T3601] Code: 80 3c 02 00 0f 85 91 28 00 00 4d 8b ac 24 b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bd ec 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 62 [ 52.081847][ T3601] RSP: 0018:ffffc90002eaf960 EFLAGS: 00010207 [ 52.088011][ T3601] RAX: dffffc0000000000 RBX: 0000000000000006 RCX: 0000000000000000 [ 52.095997][ T3601] RDX: 000000000000001d RSI: ffffffff8110c6ee RDI: 00000000000000ec [ 52.103971][ T3601] RBP: ffffc90002eafd20 R08: 0000000000000007 R09: 0000000000000000 [ 52.111958][ T3601] R10: 0000000000000000 R11: 1ffffffff1fc765f R12: ffff888078e10000 [ 52.119943][ T3601] R13: 0000000000000000 R14: 1ffff920005d5f36 R15: dffffc0000000000 [ 52.127922][ T3601] FS: 0000555556de0300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 52.136873][ T3601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.143442][ T3601] CR2: 000056206923aa70 CR3: 0000000075d2c000 CR4: 00000000003526e0 [ 52.151426][ T3601] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.159437][ T3601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.167431][ T3601] Kernel panic - not syncing: Fatal exception [ 52.173660][ T3601] Kernel Offset: disabled [ 52.177974][ T3601] Rebooting in 86400 seconds..