./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2683517708
<...>
DUID 00:04:7a:dc:29:a2:f4:b1:6d:28:30:de:a7:64:4f:eb:cd:90
forked to background, child pid 4634
[ 31.641075][ T4635] 8021q: adding VLAN 0 to HW filter on device bond0
[ 31.650931][ T4635] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts.
execve("./syz-executor2683517708", ["./syz-executor2683517708"], 0x7ffe5737b870 /* 10 vars */) = 0
brk(NULL) = 0x555555f5f000
brk(0x555555f5fc40) = 0x555555f5fc40
arch_prctl(ARCH_SET_FS, 0x555555f5f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2683517708", 4096) = 28
brk(0x555555f80c40) = 0x555555f80c40
brk(0x555555f81000) = 0x555555f81000
mprotect(0x7fb3205bd000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3
ioctl(3, KVM_CREATE_VM, 0) = 4
ioctl(4, KVM_CREATE_VCPU, 0) = 5
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x2003d000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x2003e000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x2003f000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20040000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20041000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20042000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20043000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20044000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20045000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20046000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x20047000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x20048000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x20049000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2004a000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2004b000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2004c000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x2004d000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x2004e000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x2004f000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20050000}) = 0
syzkaller login: [ 57.845414][ T5055] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20051000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20052000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20053000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20054000}) = 0
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x2003d000}) = 0
ioctl(5, KVM_GET_SREGS, {cs={base=0xffff0000, limit=65535, selector=61440, type=11, present=1, dpl=0, db=0, s=1, l=0, g=0, avl=0}, ...}) = 0
openat(AT_FDCWD, "/dev/kvm", O_RDWR) = 6
ioctl(6, KVM_GET_SUPPORTED_CPUID, {nent=31, entries=[...]}) = 0
ioctl(5, KVM_SET_CPUID2, {nent=31, entries=[...]}) = 0
close(6) = 0
ioctl(5, KVM_SET_MSRS, 0x7fff49a81f50) = 5
ioctl(5, KVM_SET_SREGS, {cs={base=0, limit=1048575, selector=48, type=11, present=1, dpl=0, db=1, s=1, l=0, g=0, avl=0}, ...}) = 0
ioctl(5, KVM_SET_REGS, {rax=0, ..., rsp=0xf80, rbp=0, ..., rip=0, rflags=0x2}) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_SET_SREGS, {cs={base=0, limit=0, selector=0, type=0, present=0, dpl=0, db=0, s=0, l=0, g=0, avl=0}, ...}) = 0
ioctl(5, KVM_RUN, 0) = 0
[ 57.924559][ T5055] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
[ 57.934948][ T5055] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 57.943584][ T5055] ------------[ cut here ]------------
[ 57.949091][ T5055] WARNING: CPU: 0 PID: 5055 at arch/x86/kvm/x86.c:10896 kvm_arch_vcpu_ioctl_run+0xd53/0x12c0
[ 57.959348][ T5055] Modules linked in:
[ 57.963264][ T5055] CPU: 0 PID: 5055 Comm: syz-executor268 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0
[ 57.973731][ T5055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 57.983833][ T5055] RIP: 0010:kvm_arch_vcpu_ioctl_run+0xd53/0x12c0
[ 57.990159][ T5055] Code: 7d 00 89 5c 24 10 85 db 7e 43 e8 48 46 7d 00 4c 8b 7c 24 38 e9 a3 fa ff ff e8 39 46 7d 00 0f 0b e9 65 fa ff ff e8 2d 46 7d 00 <0f> 0b e9 8b fa ff ff e8 21 46 7d 00 e9 ed fa ff ff e8 17 46 7d 00
[ 58.009848][ T5055] RSP: 0018:ffffc90003bbfc98 EFLAGS: 00010293
[ 58.016028][ T5055] RAX: ffffffff8110a2c3 RBX: 0000000000000001 RCX: ffff88802ac11d40
[ 58.024734][ T5055] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 58.032706][ T5055] RBP: 0000000000000000 R08: ffffffff81109d48 R09: fffffbfff212e64a
[ 58.040813][ T5055] R10: fffffbfff212e64a R11: 1ffffffff212e649 R12: dffffc0000000000
[ 58.048960][ T5055] R13: ffff88807a791000 R14: ffff888027a18000 R15: ffff888027a180d8
[ 58.056986][ T5055] FS: 0000555555f5f300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 58.066009][ T5055] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.072589][ T5055] CR2: 0000000000000000 CR3: 0000000075f9a000 CR4: 00000000003526f0
[ 58.080607][ T5055] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.088646][ T5055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.096660][ T5055] Call Trace:
[ 58.099944][ T5055]
[ 58.102893][ T5055] kvm_vcpu_ioctl+0x771/0xc70
[ 58.107654][ T5055] ? print_irqtrace_events+0x220/0x220
[ 58.113125][ T5055] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 58.118815][ T5055] ? memset+0x1f/0x40
[ 58.122822][ T5055] ? smack_file_ioctl+0x34c/0x3a0
[ 58.127914][ T5055] ? smack_file_alloc_security+0xd0/0xd0
[ 58.133596][ T5055] ? print_irqtrace_events+0x220/0x220
[ 58.139049][ T5055] ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[ 58.145094][ T5055] ? bpf_lsm_file_ioctl+0x5/0x10
[ 58.150048][ T5055] ? security_file_ioctl+0x9d/0xb0
[ 58.155197][ T5055] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 58.160832][ T5055] __se_sys_ioctl+0xfb/0x170
[ 58.165700][ T5055] do_syscall_64+0x2b/0x70
[ 58.170149][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.176112][ T5055] RIP: 0033:0x7fb320551279
[ 58.180531][ T5055] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.200219][ T5055] RSP: 002b:00007fff49a83aa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.208720][ T5055] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb320551279
[ 58.216760][ T5055] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 58.224844][ T5055] RBP: 00007fb320514cd0 R08: 0000000000000000 R09: 0000000000000000
[ 58.232806][ T5055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb320514d60
[ 58.240861][ T5055] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.248895][ T5055]
[ 58.251911][ T5055] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 58.259179][ T5055] CPU: 0 PID: 5055 Comm: syz-executor268 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0
[ 58.269570][ T5055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 58.279612][ T5055] Call Trace:
[ 58.282885][ T5055]
[ 58.285820][ T5055] dump_stack_lvl+0x1e3/0x2d0
[ 58.290513][ T5055] ? nf_tcp_handle_invalid+0x630/0x630
[ 58.295976][ T5055] ? panic+0x770/0x770
[ 58.300065][ T5055] ? vscnprintf+0x59/0x80
[ 58.304402][ T5055] ? kvm_arch_vcpu_ioctl_run+0xc90/0x12c0
[ 58.310125][ T5055] panic+0x316/0x770
[ 58.314023][ T5055] ? __warn+0x16d/0x2d0
[ 58.318177][ T5055] ? memcpy_page_flushcache+0x100/0x100
[ 58.323731][ T5055] ? kvm_arch_vcpu_ioctl_run+0xd53/0x12c0
[ 58.329514][ T5055] __warn+0x284/0x2d0
[ 58.333509][ T5055] ? kvm_arch_vcpu_ioctl_run+0xd53/0x12c0
[ 58.339239][ T5055] report_bug+0x1b3/0x2d0
[ 58.343575][ T5055] handle_bug+0x3d/0x70
[ 58.347729][ T5055] exc_invalid_op+0x16/0x40
[ 58.352233][ T5055] asm_exc_invalid_op+0x16/0x20
[ 58.357176][ T5055] RIP: 0010:kvm_arch_vcpu_ioctl_run+0xd53/0x12c0
[ 58.363506][ T5055] Code: 7d 00 89 5c 24 10 85 db 7e 43 e8 48 46 7d 00 4c 8b 7c 24 38 e9 a3 fa ff ff e8 39 46 7d 00 0f 0b e9 65 fa ff ff e8 2d 46 7d 00 <0f> 0b e9 8b fa ff ff e8 21 46 7d 00 e9 ed fa ff ff e8 17 46 7d 00
[ 58.383117][ T5055] RSP: 0018:ffffc90003bbfc98 EFLAGS: 00010293
[ 58.389182][ T5055] RAX: ffffffff8110a2c3 RBX: 0000000000000001 RCX: ffff88802ac11d40
[ 58.397152][ T5055] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 58.405217][ T5055] RBP: 0000000000000000 R08: ffffffff81109d48 R09: fffffbfff212e64a
[ 58.413190][ T5055] R10: fffffbfff212e64a R11: 1ffffffff212e649 R12: dffffc0000000000
[ 58.421156][ T5055] R13: ffff88807a791000 R14: ffff888027a18000 R15: ffff888027a180d8
[ 58.429219][ T5055] ? kvm_arch_vcpu_ioctl_run+0x7d8/0x12c0
[ 58.434944][ T5055] ? kvm_arch_vcpu_ioctl_run+0xd53/0x12c0
[ 58.440672][ T5055] ? kvm_arch_vcpu_ioctl_run+0xd53/0x12c0
[ 58.446400][ T5055] kvm_vcpu_ioctl+0x771/0xc70
[ 58.451076][ T5055] ? print_irqtrace_events+0x220/0x220
[ 58.456533][ T5055] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 58.462163][ T5055] ? memset+0x1f/0x40
[ 58.466154][ T5055] ? smack_file_ioctl+0x34c/0x3a0
[ 58.471189][ T5055] ? smack_file_alloc_security+0xd0/0xd0
[ 58.476833][ T5055] ? print_irqtrace_events+0x220/0x220
[ 58.482294][ T5055] ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[ 58.488273][ T5055] ? bpf_lsm_file_ioctl+0x5/0x10
[ 58.493217][ T5055] ? security_file_ioctl+0x9d/0xb0
[ 58.498329][ T5055] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 58.503958][ T5055] __se_sys_ioctl+0xfb/0x170
[ 58.508548][ T5055] do_syscall_64+0x2b/0x70
[ 58.512964][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.518857][ T5055] RIP: 0033:0x7fb320551279
[ 58.523292][ T5055] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.542895][ T5055] RSP: 002b:00007fff49a83aa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.551305][ T5055] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb320551279
[ 58.559269][ T5055] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 58.567249][ T5055] RBP: 00007fb320514cd0 R08: 0000000000000000 R09: 0000000000000000
[ 58.575213][ T5055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb320514d60
[ 58.583175][ T5055] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.591153][ T5055]
[ 58.594326][ T5055] Kernel Offset: disabled
[ 58.598717][ T5055] Rebooting in 86400 seconds..