./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3050513130 <...> Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts. execve("./syz-executor3050513130", ["./syz-executor3050513130"], 0x7ffc57d3c6b0 /* 10 vars */) = 0 brk(NULL) = 0x55555680a000 brk(0x55555680ad00) = 0x55555680ad00 arch_prctl(ARCH_SET_FS, 0x55555680a380) = 0 set_tid_address(0x55555680a650) = 294 set_robust_list(0x55555680a660, 24) = 0 rseq(0x55555680aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3050513130", 4096) = 28 getrandom("\xe4\xde\x23\x4c\x3d\xd6\x92\x88", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555680ad00 brk(0x55555682bd00) = 0x55555682bd00 brk(0x55555682c000) = 0x55555682c000 mprotect(0x7f46f465b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555680a650) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x55555680a660, 24) = 0 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x55555680a660, 24) = 0 [pid 296] mkdir("./syzkaller.KEwZoF", 0700 [pid 295] mkdir("./syzkaller.TysuwZ", 0700 [pid 296] <... mkdir resumed>) = 0 [pid 296] chmod("./syzkaller.KEwZoF", 0777) = 0 [pid 296] chdir("./syzkaller.KEwZoF") = 0 [pid 295] <... mkdir resumed>) = 0 [pid 296] mkdir("./0", 0777 [pid 295] chmod("./syzkaller.TysuwZ", 0777 [pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 296 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... mkdir resumed>) = 0 [pid 295] <... chmod resumed>) = 0 [pid 295] chdir("./syzkaller.TysuwZ") = 0 [pid 295] mkdir("./0", 0777) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 298 [pid 295] <... clone resumed>, child_tidptr=0x55555680a650) = 297 ./strace-static-x86_64: Process 298 attached [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x55555680a650) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x55555680a660, 24 [pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 300 ./strace-static-x86_64: Process 297 attached [pid 299] <... set_robust_list resumed>) = 0 [pid 299] chdir("./0") = 0 ./strace-static-x86_64: Process 300 attached [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] set_robust_list(0x55555680a660, 24 [pid 297] set_robust_list(0x55555680a660, 24 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 294] <... clone resumed>, child_tidptr=0x55555680a650) = 301 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 297] chdir("./0" [pid 298] getrandom( [pid 297] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 301 attached [pid 300] set_robust_list(0x55555680a660, 24 [pid 298] <... getrandom resumed>"\x19\x65\xaf\x78\x37\xc8\x2f\x81", 8, GRND_NONBLOCK) = 8 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... openat resumed>) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 301] set_robust_list(0x55555680a660, 24 [pid 300] <... set_robust_list resumed>) = 0 [pid 298] mkdir("./syzkaller.dTYx6S", 0700 [pid 297] <... prctl resumed>) = 0 [pid 297] setpgid(0, 0 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs" [pid 297] <... setpgid resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 299] <... symlink resumed>) = 0 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 301] <... set_robust_list resumed>) = 0 [pid 300] mkdir("./syzkaller.XTb1PF", 0700 [pid 298] chmod("./syzkaller.dTYx6S", 0777 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] <... chmod resumed>) = 0 [pid 298] chdir("./syzkaller.dTYx6S" [pid 297] write(3, "1000", 4 [pid 301] mkdir("./syzkaller.V3v3eI", 0700 [pid 300] <... mkdir resumed>) = 0 [pid 299] <... bpf resumed>) = 3 [pid 298] <... chdir resumed>) = 0 [pid 297] <... write resumed>) = 4 [pid 298] mkdir("./0", 0777 [pid 297] close(3 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 298] <... clone resumed>, child_tidptr=0x55555680a650) = 302 [pid 297] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [ 23.165357][ T28] audit: type=1400 audit(1712069369.009:66): avc: denied { execmem } for pid=294 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 297] <... bpf resumed>) = 5 [pid 300] chmod("./syzkaller.XTb1PF", 0777) = 0 [pid 300] chdir("./syzkaller.XTb1PF") = 0 [pid 300] mkdir("./0", 0777) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555680a650) = 303 [pid 301] <... mkdir resumed>) = 0 [pid 301] chmod("./syzkaller.V3v3eI", 0777) = 0 [pid 301] chdir("./syzkaller.V3v3eI") = 0 [pid 301] mkdir("./0", 0777./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55555680a660, 24 [pid 301] <... mkdir resumed>) = 0 [pid 302] <... set_robust_list resumed>) = 0 [pid 302] chdir("./0") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... openat resumed>) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 301] <... clone resumed>, child_tidptr=0x55555680a650) = 304 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address) [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16./strace-static-x86_64: Process 303 attached [pid 299] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 297] exit_group(0 [pid 303] set_robust_list(0x55555680a660, 24 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] <... exit_group resumed>) = ? [pid 303] <... set_robust_list resumed>) = 0 [pid 303] chdir("./0") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 304 attached ) = 3 [pid 304] set_robust_list(0x55555680a660, 24) = 0 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 304] chdir("./0" [pid 303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] <... chdir resumed>) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 303] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] <... bpf resumed>) = 3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144 [pid 304] write(3, "1000", 4) = 4 [pid 303] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 304] close(3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] <... close resumed>) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_BLOOM_FILTER, key_size=0, value_size=4294966784, max_entries=4, map_flags=0, inner_map_fd=1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=12, insns=0x20000440, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = -1 EFAULT (Bad address) [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000440, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 303] <... bpf resumed>) = 4 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [pid 299] <... bpf resumed>) = 4 [pid 304] <... bpf resumed>) = 5 [pid 303] <... bpf resumed>) = 5 [pid 304] exit_group(0 [pid 303] exit_group(0 [pid 304] <... exit_group resumed>) = ? [pid 303] <... exit_group resumed>) = ? [ 23.197939][ T28] audit: type=1400 audit(1712069369.039:67): avc: denied { bpf } for pid=299 comm="syz-executor305" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 23.218761][ T28] audit: type=1400 audit(1712069369.049:68): avc: denied { map_create } for pid=299 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.238735][ T28] audit: type=1400 audit(1712069369.049:69): avc: denied { map_read map_write } for pid=299 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 304] +++ exited with 0 +++ [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_drop_inode", prog_fd=4}}, 16 [pid 297] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x55555680b6f0 /* 3 entries */, 32768) = 80 [pid 301] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 23.260354][ T28] audit: type=1400 audit(1712069369.049:70): avc: denied { prog_load } for pid=297 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.262970][ T301] ================================================================== [ 23.280006][ T28] audit: type=1400 audit(1712069369.049:71): avc: denied { perfmon } for pid=297 comm="syz-executor305" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 23.287253][ T301] BUG: KASAN: stack-out-of-bounds in hash+0x227/0xc20 [pid 301] unlink("./0/binderfs" [pid 302] <... bpf resumed>) = 5 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x55555680b6f0 /* 3 entries */, 32768) = 80 [ 23.308512][ T28] audit: type=1400 audit(1712069369.049:72): avc: denied { prog_run } for pid=297 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 23.314859][ T301] Read of size 4 at addr ffffc90000ee7bc0 by task syz-executor305/301 [ 23.337972][ T295] BUG: unable to handle page fault for address: ffffc90000ea8000 [ 23.341758][ T301] [ 23.341765][ T301] CPU: 1 PID: 301 Comm: syz-executor305 Not tainted 6.1.68-syzkaller-00105-gf085398f0e8f #0 [ 23.349311][ T295] #PF: supervisor read access in kernel mode [ 23.351483][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.361377][ T295] #PF: error_code(0x0000) - not-present page [ 23.367188][ T301] Call Trace: [ 23.377093][ T295] PGD 100000067 [ 23.382903][ T301] [ 23.386024][ T295] P4D 100000067 [ 23.389413][ T301] dump_stack_lvl+0x151/0x1b7 [ 23.392187][ T295] PUD 100154067 [ 23.395657][ T301] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.400168][ T295] PMD 11df02067 [ 23.403553][ T301] ? _printk+0xd1/0x111 [ 23.408852][ T295] PTE 0 [ 23.412235][ T301] ? __virt_addr_valid+0xc3/0x2f0 [ 23.416227][ T295] Oops: 0000 [#1] PREEMPT SMP KASAN [ 23.418832][ T301] print_report+0x158/0x4e0 [ 23.423690][ T295] CPU: 0 PID: 295 Comm: syz-executor305 Not tainted 6.1.68-syzkaller-00105-gf085398f0e8f #0 [ 23.428723][ T301] ? __virt_addr_valid+0xc3/0x2f0 [ 23.433063][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.442962][ T301] ? kasan_addr_to_slab+0xd/0x80 [ 23.447822][ T295] RIP: 0010:hash+0xfe/0xc20 [ 23.457721][ T301] ? hash+0x227/0xc20 [ 23.462490][ T295] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 23.466829][ T301] kasan_report+0x13c/0x170 [ 23.470643][ T295] RSP: 0018:ffffc90000ea7ac8 EFLAGS: 00010282 [ 23.490089][ T301] ? hash+0x227/0xc20 [ 23.494426][ T295] [ 23.494433][ T295] RAX: 0000000000000000 RBX: 000000007f86ddb9 RCX: ffffffff8191d465 [ 23.500330][ T301] __asan_report_load4_noabort+0x14/0x20 [ 23.504148][ T295] RDX: dffffc0000000000 RSI: ffffc90000ea7ffc RDI: ffffc90000ea8000 [ 23.506318][ T301] hash+0x227/0xc20 [ 23.514127][ T295] RBP: ffffc90000ea7b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6 [ 23.519624][ T301] bloom_map_peek_elem+0xac/0x1a0 [ 23.527407][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000a6797140 [ 23.531055][ T301] bpf_prog_00798911c748094f+0x3a/0x3e [ 23.538866][ T295] R13: 00000000459fe696 R14: ffffc90000ea8008 R15: ffffc90000ea7ffc [ 23.543727][ T301] bpf_trace_run2+0x133/0x290 [ 23.551709][ T295] FS: 000055555680a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.557003][ T301] ? bpf_trace_run1+0x240/0x240 [ 23.564821][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.569335][ T301] ? __kasan_check_write+0x14/0x20 [ 23.578123][ T295] CR2: ffffc90000ea8000 CR3: 0000000121867000 CR4: 00000000003506b0 [ 23.582785][ T301] __bpf_trace_ext4_drop_inode+0x23/0x30 [ 23.589205][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.594151][ T301] ? __bpf_trace_ext4_evict_inode+0x30/0x30 [ 23.601960][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.607517][ T301] __traceiter_ext4_drop_inode+0x75/0xc0 [ 23.615336][ T295] Call Trace: [ 23.615349][ T295] [ 23.621062][ T301] ext4_drop_inode+0x145/0x1a0 [ 23.628877][ T295] ? __die_body+0x62/0xb0 [ 23.634335][ T301] ? ext4_free_in_core_inode+0xb0/0xb0 [ 23.637462][ T295] ? __die+0x7e/0x90 [ 23.640244][ T301] iput+0x393/0x870 [ 23.644850][ T295] ? page_fault_oops+0x7f9/0xa90 [ 23.649006][ T301] do_unlinkat+0x4db/0x910 [ 23.654299][ T295] ? kasan_set_track+0x60/0x70 [ 23.658033][ T301] ? fsnotify_link_count+0x100/0x100 [ 23.661679][ T295] ? kasan_set_track+0x4b/0x70 [ 23.666454][ T301] ? getname_flags+0x1fd/0x520 [ 23.670703][ T295] ? kernelmode_fixup_or_oops+0x270/0x270 [ 23.675305][ T301] __x64_sys_unlink+0x49/0x50 [ 23.680509][ T295] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.685108][ T301] do_syscall_64+0x3d/0xb0 [ 23.689707][ T295] ? is_prefetch+0x47a/0x6d0 [ 23.695265][ T301] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.699785][ T295] ? kernelmode_fixup_or_oops+0x21b/0x270 [ 23.705679][ T301] RIP: 0033:0x7f46f45e7f87 [ 23.709935][ T295] ? __bad_area_nosemaphore+0xcf/0x620 [ 23.714379][ T301] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.720090][ T295] ? bad_area_nosemaphore+0x2d/0x40 [ 23.725642][ T301] RSP: 002b:00007ffd62b61488 EFLAGS: 00000206 [ 23.729891][ T295] ? do_kern_addr_fault+0x69/0x80 [ 23.735186][ T301] ORIG_RAX: 0000000000000057 [ 23.754642][ T295] ? exc_page_fault+0x513/0x700 [ 23.759666][ T301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46f45e7f87 [ 23.765568][ T295] ? asm_exc_page_fault+0x27/0x30 [ 23.770428][ T301] RDX: 00007ffd62b614b0 RSI: 00007ffd62b61540 RDI: 00007ffd62b61540 [ 23.774944][ T295] ? hash+0x1f5/0xc20 [ 23.779636][ T301] RBP: 00007ffd62b61540 R08: 0000000000000000 R09: 0000000000000000 [ 23.787437][ T295] ? hash+0xfe/0xc20 [ 23.792294][ T301] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd62b625b0 [ 23.800107][ T295] ? hash+0x1f5/0xc20 [ 23.803933][ T301] R13: 000055555680b6c0 R14: 00007ffd62b625b0 R15: 0000000000000001 [ 23.811740][ T295] bloom_map_peek_elem+0xac/0x1a0 [ 23.815476][ T301] [ 23.823285][ T295] bpf_prog_00798911c748094f+0x3a/0x3e [ 23.827099][ T301] [ 23.827104][ T301] The buggy address belongs to stack of task syz-executor305/301 [ 23.834910][ T295] bpf_trace_run2+0x133/0x290 [ 23.839771][ T301] and is located at offset 0 in frame: [ 23.839780][ T301] bpf_trace_run2+0x0/0x290 [ 23.842644][ T295] ? bpf_trace_run1+0x240/0x240 [ 23.847946][ T301] [ 23.850102][ T295] ? __kasan_check_write+0x14/0x20 [ 23.857651][ T301] This frame has 1 object: [ 23.862163][ T295] __bpf_trace_ext4_drop_inode+0x23/0x30 [ 23.867577][ T301] [32, 48) 'args' [ 23.871884][ T295] ? __bpf_trace_ext4_evict_inode+0x30/0x30 [ 23.876585][ T301] [ 23.876594][ T301] The buggy address belongs to the virtual mapping at [ 23.876594][ T301] [ffffc90000ee0000, ffffc90000ee9000) created by: [ 23.876594][ T301] copy_process+0x5c3/0x3530 [ 23.878739][ T295] __traceiter_ext4_drop_inode+0x75/0xc0 [ 23.883685][ T301] [ 23.883692][ T301] The buggy address belongs to the physical page: [ 23.887942][ T295] ext4_drop_inode+0x145/0x1a0 [ 23.893410][ T301] page:ffffea0004866e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1219b9 [ 23.896967][ T295] ? ext4_free_in_core_inode+0xb0/0xb0 [ 23.902694][ T301] flags: 0x4000000000000000(zone=1) [ 23.904866][ T295] iput+0x393/0x870 [ 23.922405][ T301] raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.927872][ T295] do_unlinkat+0x4db/0x910 [ 23.930046][ T301] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.936290][ T295] ? fsnotify_link_count+0x100/0x100 [ 23.940880][ T301] page dumped because: kasan: bad access detected [ 23.940891][ T301] page_owner tracks the page as allocated [ 23.950955][ T295] ? getname_flags+0x1fd/0x520 [ 23.956246][ T301] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 294, tgid 294 (syz-executor305), ts 23192241114, free_ts 0 [ 23.961281][ T295] __x64_sys_unlink+0x49/0x50 [ 23.964923][ T301] post_alloc_hook+0x213/0x220 [ 23.973693][ T295] do_syscall_64+0x3d/0xb0 [ 23.977941][ T301] prep_new_page+0x1b/0x110 [ 23.986363][ T295] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 23.991482][ T301] get_page_from_freelist+0x27ea/0x2870 [ 23.997760][ T295] RIP: 0033:0x7f46f45e7f87 [ 24.003285][ T301] __alloc_pages+0x3a1/0x780 [ 24.007889][ T295] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.026201][ T301] __vmalloc_node_range+0x89b/0x1540 [ 24.030714][ T295] RSP: 002b:00007ffd62b61488 EFLAGS: 00000206 [ 24.035314][ T301] dup_task_struct+0x3d6/0x7d0 [ 24.039568][ T295] ORIG_RAX: 0000000000000057 [ 24.043915][ T301] copy_process+0x5c3/0x3530 [ 24.049631][ T295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46f45e7f87 [ 24.055024][ T301] kernel_clone+0x229/0x890 [ 24.059291][ T295] RDX: 00007ffd62b614b0 RSI: 00007ffd62b61540 RDI: 00007ffd62b61540 [ 24.063695][ T301] __x64_sys_clone+0x231/0x280 [ 24.083141][ T295] RBP: 00007ffd62b61540 R08: 0000000000000000 R09: 0000000000000000 [ 24.088276][ T301] do_syscall_64+0x3d/0xb0 [ 24.094170][ T295] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd62b625b0 [ 24.098761][ T301] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.103280][ T295] R13: 000055555680b6c0 R14: 00007ffd62b625b0 R15: 0000000000000001 [ 24.107699][ T301] page_owner free stack trace missing [ 24.115524][ T295] [ 24.119849][ T301] [ 24.119855][ T301] Memory state around the buggy address: [ 24.127663][ T295] Modules linked in: [ 24.132264][ T301] ffffc90000ee7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.140092][ T295] CR2: ffffc90000ea8000 [ 24.144333][ T301] ffffc90000ee7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.152141][ T295] ---[ end trace 0000000000000000 ]--- [ 24.157868][ T301] >ffffc90000ee7b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 [ 24.165675][ T295] RIP: 0010:hash+0xfe/0xc20 [ 24.170883][ T301] ^ [ 24.173748][ T295] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 24.175922][ T301] ffffc90000ee7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.181474][ T295] RSP: 0018:ffffc90000ea7ac8 EFLAGS: 00010282 [ 24.185215][ T301] ffffc90000ee7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.193105][ T295] [ 24.193113][ T295] RAX: 0000000000000000 RBX: 000000007f86ddb9 RCX: ffffffff8191d465 [ 24.197121][ T301] ================================================================== [ 24.197351][ T301] BUG: unable to handle page fault for address: ffffc90000ee8000 [ 24.204993][ T295] RDX: dffffc0000000000 RSI: ffffc90000ea7ffc RDI: ffffc90000ea8000 [ 24.210284][ T301] #PF: supervisor read access in kernel mode [ 24.218185][ T295] RBP: ffffc90000ea7b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6 [ 24.222522][ T301] #PF: error_code(0x0000) - not-present page [ 24.228597][ T295] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000a6797140 [ 24.248133][ T301] PGD 100000067 [ 24.256029][ T295] R13: 00000000459fe696 R14: ffffc90000ea8008 R15: ffffc90000ea7ffc [ 24.261925][ T301] P4D 100000067 [ 24.269825][ T295] FS: 000055555680a380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.271997][ T301] PUD 100154067 [ 24.279812][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.287703][ T301] PMD 11df02067 [ 24.295276][ T295] CR2: ffffc90000ea8000 CR3: 0000000121867000 CR4: 00000000003506b0 [ 24.303069][ T301] PTE 0 [ 24.308883][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.316690][ T301] [ 24.316698][ T301] Oops: 0000 [#2] PREEMPT SMP KASAN [ 24.322510][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.330412][ T301] CPU: 1 PID: 301 Comm: syz-executor305 Tainted: G B D 6.1.68-syzkaller-00105-gf085398f0e8f #0 [ 24.333792][ T295] Kernel panic - not syncing: Fatal exception [ 24.341600][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.341612][ T301] RIP: 0010:hash+0xfe/0xc20 [ 24.341643][ T301] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 24.341657][ T301] RSP: 0018:ffffc90000ee7ac8 EFLAGS: 00010282 [ 24.341673][ T301] RAX: 0000000000000000 RBX: 00000000a08811c8 RCX: ffffffff8191d465 [ 24.341685][ T301] RDX: dffffc0000000000 RSI: ffffc90000ee7ffc RDI: ffffc90000ee8000 [ 24.341698][ T301] RBP: ffffc90000ee7b08 R08: 000000003ffffe60 R09: fffffbfff0ee5cfd [ 24.341710][ T301] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000025eb6cef [ 24.341722][ T301] R13: 000000006b0a4089 R14: ffffc90000ee8008 R15: ffffc90000ee7ffc [ 24.341734][ T301] FS: 000055555680a380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.341750][ T301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.341762][ T301] CR2: ffffc90000ee8000 CR3: 00000001219ba000 CR4: 00000000003506a0 [ 24.341777][ T301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.341787][ T301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.341798][ T301] Call Trace: [ 24.341803][ T301] [ 24.341819][ T301] ? __die_body+0x62/0xb0 [ 24.341838][ T301] ? __die+0x7e/0x90 [ 24.341854][ T301] ? page_fault_oops+0x7f9/0xa90 [ 24.341877][ T301] ? down_trylock+0x59/0xa0 [ 24.341898][ T301] ? kernelmode_fixup_or_oops+0x270/0x270 [ 24.341922][ T301] ? __kasan_check_write+0x14/0x20 [ 24.341949][ T301] ? is_prefetch+0x47a/0x6d0 [ 24.341972][ T301] ? __wake_up_klogd+0xde/0x110 [ 24.342011][ T301] ? printk_sprint+0x430/0x430 [ 24.342031][ T301] ? kernelmode_fixup_or_oops+0x21b/0x270 [ 24.342056][ T301] ? __bad_area_nosemaphore+0xcf/0x620 [ 24.342079][ T301] ? irqentry_exit+0x30/0x40 [ 24.342097][ T301] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 24.342122][ T301] ? bad_area_nosemaphore+0x2d/0x40 [ 24.342145][ T301] ? do_kern_addr_fault+0x69/0x80 [ 24.342168][ T301] ? exc_page_fault+0x513/0x700 [ 24.342185][ T301] ? __kasan_check_write+0x14/0x20 [ 24.342212][ T301] ? asm_exc_page_fault+0x27/0x30 [ 24.342238][ T301] ? hash+0x1f5/0xc20 [ 24.342263][ T301] ? hash+0xfe/0xc20 [ 24.342286][ T301] ? hash+0x1f5/0xc20 [ 24.342311][ T301] bloom_map_peek_elem+0xac/0x1a0 [ 24.342340][ T301] bpf_prog_00798911c748094f+0x3a/0x3e [ 24.342357][ T301] bpf_trace_run2+0x133/0x290 [ 24.342374][ T301] ? bpf_trace_run1+0x240/0x240 [ 24.342391][ T301] ? __kasan_check_write+0x14/0x20 [ 24.342418][ T301] __bpf_trace_ext4_drop_inode+0x23/0x30 [ 24.342441][ T301] ? __bpf_trace_ext4_evict_inode+0x30/0x30 [ 24.342464][ T301] __traceiter_ext4_drop_inode+0x75/0xc0 [ 24.342486][ T301] ext4_drop_inode+0x145/0x1a0 [ 24.342508][ T301] ? ext4_free_in_core_inode+0xb0/0xb0 [ 24.342531][ T301] iput+0x393/0x870 [ 24.342550][ T301] do_unlinkat+0x4db/0x910 [ 24.342571][ T301] ? fsnotify_link_count+0x100/0x100 [ 24.342591][ T301] ? getname_flags+0x1fd/0x520 [ 24.342622][ T301] __x64_sys_unlink+0x49/0x50 [ 24.342657][ T301] do_syscall_64+0x3d/0xb0 [ 24.342684][ T301] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 24.342709][ T301] RIP: 0033:0x7f46f45e7f87 [ 24.342723][ T301] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.342737][ T301] RSP: 002b:00007ffd62b61488 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 24.342754][ T301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f46f45e7f87 [ 24.342766][ T301] RDX: 00007ffd62b614b0 RSI: 00007ffd62b61540 RDI: 00007ffd62b61540 [ 24.342779][ T301] RBP: 00007ffd62b61540 R08: 0000000000000000 R09: 0000000000000000 [ 24.342790][ T301] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd62b625b0 [ 24.342801][ T301] R13: 000055555680b6c0 R14: 00007ffd62b625b0 R15: 0000000000000001 [ 24.342818][ T301] [ 24.342823][ T301] Modules linked in: [ 24.342833][ T301] CR2: ffffc90000ee8000 [ 24.346186][ T301] ---[ end trace 0000000000000000 ]--- [ 24.346198][ T301] RIP: 0010:hash+0xfe/0xc20 [ 24.346223][ T301] Code: fc ff df 0f b6 04 10 84 c0 0f 85 c1 00 00 00 45 03 6e f4 48 8d 7e 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 db 00 00 00 <41> 03 5e f8 48 8d 7e 08 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f [ 24.346236][ T301] RSP: 0018:ffffc90000ea7ac8 EFLAGS: 00010282 [ 24.346250][ T301] RAX: 0000000000000000 RBX: 000000007f86ddb9 RCX: ffffffff8191d465 [ 24.346262][ T301] RDX: dffffc0000000000 RSI: ffffc90000ea7ffc RDI: ffffc90000ea8000 [ 24.346275][ T301] RBP: ffffc90000ea7b08 R08: 000000003ffffe60 R09: fffffbfff0e9dfd6 [ 24.346287][ T301] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000a6797140 [ 24.346298][ T301] R13: 00000000459fe696 R14: ffffc90000ea8008 R15: ffffc90000ea7ffc [ 24.346311][ T301] FS: 000055555680a380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.346326][ T301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.346342][ T301] CR2: ffffc90000ee8000 CR3: 00000001219ba000 CR4: 00000000003506a0 [ 24.346357][ T301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.346367][ T301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.527740][ T295] Shutting down cpus with NMI [ 26.104236][ T295] Kernel Offset: disabled [ 26.108371][ T295] Rebooting in 86400 seconds..