./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2999912328
<...>
DUID 00:04:d9:3a:76:1c:b4:63:be:bc:0b:c2:08:9c:83:36:98:31
forked to background, child pid 3212
[ 30.736007][ T3213] 8021q: adding VLAN 0 to HW filter on device bond0
[ 30.749231][ T3213] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
execve("./syz-executor2999912328", ["./syz-executor2999912328"], 0x7ffc2c02ebc0 /* 10 vars */) = 0
brk(NULL) = 0x5555574c3000
brk(0x5555574c3c40) = 0x5555574c3c40
arch_prctl(ARCH_SET_FS, 0x5555574c3300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2999912328", 4096) = 28
brk(0x5555574e4c40) = 0x5555574e4c40
brk(0x5555574e5000) = 0x5555574e5000
mprotect(0x7f65188fb000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
io_submit(NULL, 9, [{aio_data=0, aio_lio_opcode=IOCB_CMD_PREAD, aio_reqprio=-5, aio_fildes=-1, aio_buf=0x20000380, aio_nbytes=199, aio_offset=8, aio_resfd=0xffffffff}, {aio_data=0, aio_lio_opcode=IOCB_CMD_FSYNC, aio_reqprio=IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, 8), aio_fildes=-1}, NULL, NULL, NULL, NULL, NULL, NULL, NULL]) = -1 EINVAL (Invalid argument)
openat(-1, "cpuacct.stat", O_RDONLY) = -1 EBADF (Bad file descriptor)
openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3
ioctl(3, KVM_CREATE_VM, 0) = 4
ioctl(4, KVM_CREATE_VCPU, 0) = 5
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000}) = 0
ioctl(5, KVM_SET_REGS, {rax=0, ..., rsp=0xfb, rbp=0, ..., rip=0, rflags=0}) = 0
socketpair(AF_UNIX, SOCK_SEQPACKET, 0, [6, 7]) = 0
sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="", iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor)
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
ioctl(5, KVM_RUN, 0) = 0
syzkaller login: [ 50.782825][ T3634] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
ioctl(5, KVM_RUN, 0) = 0
[ 50.834256][ T3634] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 50.842506][ T3634] ------------[ cut here ]------------
[ 50.848014][ T3634] WARNING: CPU: 1 PID: 3634 at arch/x86/kvm/x86.c:11171 kvm_arch_vcpu_ioctl_run+0xd39/0x12b0
[ 50.858380][ T3634] Modules linked in:
[ 50.862613][ T3634] CPU: 0 PID: 3634 Comm: syz-executor299 Not tainted 6.1.0-rc5-syzkaller-00307-gfe24a97cf254 #0
[ 50.873426][ T3634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 50.883668][ T3634] RIP: 0010:kvm_arch_vcpu_ioctl_run+0xd39/0x12b0
[ 50.890028][ T3634] Code: 7c 00 89 5c 24 10 85 db 7e 43 e8 82 28 7c 00 4c 8b 7c 24 38 e9 ae fa ff ff e8 73 28 7c 00 0f 0b e9 70 fa ff ff e8 67 28 7c 00 <0f> 0b e9 96 fa ff ff e8 5b 28 7c 00 e9 f8 fa ff ff e8 51 28 7c 00
[ 50.909772][ T3634] RSP: 0018:ffffc90003c4fc98 EFLAGS: 00010293
[ 50.915908][ T3634] RAX: ffffffff81106bb9 RBX: 0000000000000001 RCX: ffff888025ecba80
[ 50.923937][ T3634] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 50.931947][ T3634] RBP: 0000000000000000 R08: ffffffff81106649 R09: fffffbfff20e8642
[ 50.939917][ T3634] R10: fffffbfff20e8642 R11: 1ffffffff20e8641 R12: dffffc0000000000
[ 50.947975][ T3634] R13: ffff888017e96000 R14: ffff888076a60000 R15: ffff888076a600d8
[ 50.955991][ T3634] FS: 00005555574c3300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 50.965005][ T3634] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 50.971631][ T3634] CR2: 0000000000000000 CR3: 0000000073877000 CR4: 00000000003526e0
[ 50.979596][ T3634] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 50.987646][ T3634] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 50.995673][ T3634] Call Trace:
[ 50.998962][ T3634]
[ 51.001966][ T3634] kvm_vcpu_ioctl+0x7ef/0xcf0
[ 51.006653][ T3634] ? print_irqtrace_events+0x220/0x220
[ 51.012155][ T3634] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 51.017804][ T3634] ? memset+0x1f/0x40
[ 51.021895][ T3634] ? smack_file_ioctl+0x34c/0x3a0
[ 51.026985][ T3634] ? smack_file_alloc_security+0xd0/0xd0
[ 51.032728][ T3634] ? print_irqtrace_events+0x220/0x220
[ 51.038195][ T3634] ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[ 51.044334][ T3634] ? bpf_lsm_file_ioctl+0x5/0x10
[ 51.049305][ T3634] ? security_file_ioctl+0x9d/0xb0
[ 51.054481][ T3634] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 51.060127][ T3634] __se_sys_ioctl+0xfb/0x170
[ 51.064792][ T3634] do_syscall_64+0x2b/0x70
[ 51.069231][ T3634] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.075184][ T3634] RIP: 0033:0x7f651888e079
[ 51.079612][ T3634] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.099486][ T3634] RSP: 002b:00007ffd15b60748 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 51.107946][ T3634] RAX: ffffffffffffffda RBX: 000000000000002e RCX: 00007f651888e079
[ 51.116001][ T3634] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 51.124117][ T3634] RBP: 00007f6518852220 R08: 0000000000000000 R09: 0000000000000000
[ 51.132171][ T3634] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65188522b0
[ 51.140145][ T3634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.148180][ T3634]
[ 51.151269][ T3634] Kernel panic - not syncing: panic_on_warn set ...
[ 51.157871][ T3634] CPU: 1 PID: 3634 Comm: syz-executor299 Not tainted 6.1.0-rc5-syzkaller-00307-gfe24a97cf254 #0
[ 51.168288][ T3634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 51.178354][ T3634] Call Trace:
[ 51.181648][ T3634]
[ 51.184584][ T3634] dump_stack_lvl+0x1e3/0x2cb
[ 51.189266][ T3634] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 51.194729][ T3634] ? panic+0x766/0x766
[ 51.198802][ T3634] ? vscnprintf+0x59/0x80
[ 51.203126][ T3634] ? kvm_arch_vcpu_ioctl_run+0xc80/0x12b0
[ 51.208831][ T3634] panic+0x316/0x766
[ 51.212724][ T3634] ? __warn+0x131/0x220
[ 51.216864][ T3634] ? memcpy_page_flushcache+0xfc/0xfc
[ 51.222241][ T3634] ? kvm_arch_vcpu_ioctl_run+0xd39/0x12b0
[ 51.227943][ T3634] __warn+0x1fa/0x220
[ 51.231940][ T3634] ? kvm_arch_vcpu_ioctl_run+0xd39/0x12b0
[ 51.237827][ T3634] report_bug+0x1b3/0x2d0
[ 51.242158][ T3634] handle_bug+0x3d/0x70
[ 51.246314][ T3634] exc_invalid_op+0x16/0x40
[ 51.250982][ T3634] asm_exc_invalid_op+0x16/0x20
[ 51.256019][ T3634] RIP: 0010:kvm_arch_vcpu_ioctl_run+0xd39/0x12b0
[ 51.262369][ T3634] Code: 7c 00 89 5c 24 10 85 db 7e 43 e8 82 28 7c 00 4c 8b 7c 24 38 e9 ae fa ff ff e8 73 28 7c 00 0f 0b e9 70 fa ff ff e8 67 28 7c 00 <0f> 0b e9 96 fa ff ff e8 5b 28 7c 00 e9 f8 fa ff ff e8 51 28 7c 00
[ 51.281976][ T3634] RSP: 0018:ffffc90003c4fc98 EFLAGS: 00010293
[ 51.288037][ T3634] RAX: ffffffff81106bb9 RBX: 0000000000000001 RCX: ffff888025ecba80
[ 51.296000][ T3634] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 51.303969][ T3634] RBP: 0000000000000000 R08: ffffffff81106649 R09: fffffbfff20e8642
[ 51.312015][ T3634] R10: fffffbfff20e8642 R11: 1ffffffff20e8641 R12: dffffc0000000000
[ 51.319976][ T3634] R13: ffff888017e96000 R14: ffff888076a60000 R15: ffff888076a600d8
[ 51.327950][ T3634] ? kvm_arch_vcpu_ioctl_run+0x7c9/0x12b0
[ 51.333673][ T3634] ? kvm_arch_vcpu_ioctl_run+0xd39/0x12b0
[ 51.339388][ T3634] ? kvm_arch_vcpu_ioctl_run+0xd39/0x12b0
[ 51.345110][ T3634] kvm_vcpu_ioctl+0x7ef/0xcf0
[ 51.349778][ T3634] ? print_irqtrace_events+0x220/0x220
[ 51.355233][ T3634] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 51.361113][ T3634] ? memset+0x1f/0x40
[ 51.365086][ T3634] ? smack_file_ioctl+0x34c/0x3a0
[ 51.370104][ T3634] ? smack_file_alloc_security+0xd0/0xd0
[ 51.375731][ T3634] ? print_irqtrace_events+0x220/0x220
[ 51.381265][ T3634] ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[ 51.387241][ T3634] ? bpf_lsm_file_ioctl+0x5/0x10
[ 51.392180][ T3634] ? security_file_ioctl+0x9d/0xb0
[ 51.397284][ T3634] ? kvm_create_vcpu_debugfs+0x1a0/0x1a0
[ 51.402907][ T3634] __se_sys_ioctl+0xfb/0x170
[ 51.407505][ T3634] do_syscall_64+0x2b/0x70
[ 51.411917][ T3634] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.417806][ T3634] RIP: 0033:0x7f651888e079
[ 51.422213][ T3634] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.441810][ T3634] RSP: 002b:00007ffd15b60748 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 51.450217][ T3634] RAX: ffffffffffffffda RBX: 000000000000002e RCX: 00007f651888e079
[ 51.458265][ T3634] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 51.466310][ T3634] RBP: 00007f6518852220 R08: 0000000000000000 R09: 0000000000000000
[ 51.474380][ T3634] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65188522b0
[ 51.482353][ T3634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.491112][ T3634]
[ 51.494203][ T3634] Kernel Offset: disabled
[ 51.498645][ T3634] Rebooting in 86400 seconds..