./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor447862463 <...> [ 29.139475][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.156461][ T3182] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 43.561718][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 43.561733][ T27] audit: type=1400 audit(1660042701.680:73): avc: denied { transition } for pid=3588 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.590312][ T27] audit: type=1400 audit(1660042701.690:74): avc: denied { write } for pid=3588 comm="sh" path="pipe:[27464]" dev="pipefs" ino=27464 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.173' (ECDSA) to the list of known hosts. execve("./syz-executor447862463", ["./syz-executor447862463"], 0x7ffeb5a490f0 /* 10 vars */) = 0 brk(NULL) = 0x55555632b000 brk(0x55555632bc40) = 0x55555632bc40 arch_prctl(ARCH_SET_FS, 0x55555632b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555632b5d0) = 3609 set_robust_list(0x55555632b5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7ff93fd577d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7ff93fd57ea0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7ff93fd57870, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff93fd57ea0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor447862463", 4096) = 27 brk(0x55555634cc40) = 0x55555634cc40 brk(0x55555634d000) = 0x55555634d000 mprotect(0x7ff93fe1a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555632b5d0) = 3610 ./strace-static-x86_64: Process 3610 attached [pid 3610] set_robust_list(0x55555632b5e0, 24) = 0 [pid 3610] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3610] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 3610] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 3610] dup2(4, 202) = 202 [pid 3610] close(4) = 0 [ 52.356140][ T27] audit: type=1400 audit(1660042710.480:75): avc: denied { execmem } for pid=3609 comm="syz-executor447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.376486][ T27] audit: type=1400 audit(1660042710.480:76): avc: denied { mounton } for pid=3610 comm="syz-executor447" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 52.400588][ T27] audit: type=1400 audit(1660042710.480:77): avc: denied { mount } for pid=3610 comm="syz-executor447" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 52.423156][ T27] audit: type=1400 audit(1660042710.480:78): avc: denied { create } for pid=3610 comm="syz-executor447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.443786][ T27] audit: type=1400 audit(1660042710.480:79): avc: denied { read write } for pid=3610 comm="syz-executor447" name="vhci" dev="devtmpfs" ino=1072 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.467760][ T27] audit: type=1400 audit(1660042710.480:80): avc: denied { open } for pid=3610 comm="syz-executor447" path="/dev/vhci" dev="devtmpfs" ino=1072 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 3610] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 3610] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff93f542000 [pid 3610] mprotect(0x7ff93f543000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 3610] clone(child_stack=0x7ff93fd423f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7ff93fd42700, child_tidptr=0x7ff93fd429d0) = 2 [pid 3610] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 3613 attached [pid 3613] set_robust_list(0x7ff93fd429e0, 24) = 0 [pid 3613] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3613] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3613] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3613] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 3613] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 3613] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [ 53.391645][ T27] audit: type=1400 audit(1660042711.510:81): avc: denied { ioctl } for pid=3610 comm="syz-executor447" path="socket:[28162]" dev="sockfs" ino=28162 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.403788][ T3611] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.425417][ T3611] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.433453][ T3611] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [pid 3613] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3613] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3613] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3613] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3613] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3610] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 3613] read(202, [pid 3610] ioctl(3, HCISETSCAN [pid 3613] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 3613] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 3613] madvise(0x7ff93f542000, 8372224, MADV_DONTNEED) = 0 [pid 3610] <... ioctl resumed>, 0x7ffd11f27cf0) = 0 [pid 3613] exit(0) = ? [pid 3610] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 3613] +++ exited with 0 +++ [pid 3610] <... writev resumed>) = 13 [pid 3610] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 3610] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 3610] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 3610] close(3) = 0 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setsid() = 1 [pid 3610] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3610] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3610] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3610] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3610] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3610] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3610] unshare(CLONE_NEWNS) = 0 [ 53.443429][ T3611] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.452326][ T3611] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 53.460064][ T3611] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 3610] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3610] unshare(CLONE_NEWIPC) = 0 [pid 3610] unshare(CLONE_NEWCGROUP) = 0 [pid 3610] unshare(CLONE_NEWUTS) = 0 [pid 3610] unshare(CLONE_SYSVSEM) = 0 [pid 3610] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "16777216", 8) = 8 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "536870912", 9) = 9 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1024", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "8192", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1024", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1024", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3610] close(3) = 0 [pid 3610] getpid() = 1 [pid 3610] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... set_robust_list resumed>) = 0 [pid 3610] <... futex resumed>) = 0 [pid 3628] openat(AT_FDCWD, "/dev/kvm", O_RDONLY [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... openat resumed>) = 3 [pid 3628] futex(0x7ff93fe204cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3628] futex(0x7ff93fe204c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3610] <... futex resumed>) = 0 [pid 3628] ioctl(3, KVM_CREATE_VM, 0 [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... ioctl resumed>) = 4 [pid 3628] futex(0x7ff93fe204cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [pid 3628] futex(0x7ff93fe204cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=KVM_MEM_READONLY, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20000000} [pid 3610] <... futex resumed>) = 0 [ 56.149001][ T3628] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... ioctl resumed>) = 0 [pid 3628] futex(0x7ff93fe204cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20010000}) = -1 EINVAL (Invalid argument) [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20011000}) = -1 EEXIST (File exists) [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20012000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20013000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20014000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20015000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20016000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20017000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20018000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20019000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2001a000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2001b000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2001c000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2001d000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2001e000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2001f000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20020000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20021000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20022000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20023000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20024000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20025000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20026000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20027000}) = 0 [pid 3628] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20010000}) = 0 [pid 3628] ioctl(5, KVM_GET_SREGS, {cs={base=0xffff0000, limit=65535, selector=61440, type=11, present=1, dpl=0, db=0, s=1, l=0, g=0, avl=0}, ...}) = 0 [pid 3628] openat(AT_FDCWD, "/dev/kvm", O_RDWR) = 6 [pid 3628] ioctl(6, KVM_GET_SUPPORTED_CPUID, {nent=33, entries=[...]}) = 0 [pid 3628] ioctl(5, KVM_SET_CPUID2, {nent=33, entries=[...]}) = 0 [pid 3628] close(6) = 0 [pid 3628] ioctl(5, KVM_SET_MSRS, 0x7ff93f53f780) = 5 [pid 3628] ioctl(5, KVM_SET_SREGS, {cs={base=0, limit=1048575, selector=48, type=11, present=1, dpl=0, db=1, s=1, l=0, g=0, avl=0}, ...}) = 0 [pid 3628] ioctl(5, KVM_SET_REGS, {rax=0, ..., rsp=0xf80, rbp=0, ..., rip=0, rflags=0x2}) = 0 [pid 3628] futex(0x7ff93fe204cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3610] <... futex resumed>) = 0 [pid 3628] futex(0x7ff93fe204c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3610] <... futex resumed>) = 0 [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000} [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 3628] ioctl(5, KVM_GET_SREGS, {cs={base=0, limit=1048575, selector=48, type=11, present=1, dpl=0, db=1, s=1, l=0, g=0, avl=0}, ...}) = 0 [pid 3628] openat(AT_FDCWD, "/dev/kvm", O_RDWR) = 6 [pid 3628] ioctl(6, KVM_GET_SUPPORTED_CPUID, {nent=33, entries=[...]}) = 0 [pid 3628] ioctl(5, KVM_SET_CPUID2, {nent=33, entries=[...]}) = 0 [pid 3628] close(6) = 0 [pid 3628] ioctl(5, KVM_SET_MSRS, 0x7ff93f53f780) = 5 [pid 3628] ioctl(5, KVM_SET_SREGS, {cs={base=0, limit=1048575, selector=48, type=11, present=1, dpl=0, db=1, s=1, l=0, g=0, avl=0}, ...}) = 0 [pid 3628] ioctl(5, KVM_SET_REGS, {rax=0, ..., rsp=0xf80, rbp=0, ..., rip=0, rflags=0x2}) = 0 [pid 3628] futex(0x7ff93fe204cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3628] <... futex resumed>) = 1 [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=1099511624552, cmsg_level=SOL_IP, cmsg_type=0 /* IP_??? */}], msg_controllen=104, msg_flags=0}, 0 [pid 3610] <... futex resumed>) = 0 [pid 3628] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] futex(0x7ff93fe204cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3628] <... futex resumed>) = 0 [pid 3610] futex(0x7ff93fe204c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3628] ioctl(5, KVM_RUN [pid 3610] <... futex resumed>) = 0 [ 56.256964][ T3628] kvm: emulating exchange as write [pid 3610] futex(0x7ff93fe204cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3610] futex(0x7ff93fe204dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff93f500000 [pid 3610] mprotect(0x7ff93f501000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3610] clone(child_stack=0x7ff93f5203f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3631 attached , parent_tid=[4], tls=0x7ff93f520700, child_tidptr=0x7ff93f5209d0) = 4 [pid 3631] set_robust_list(0x7ff93f5209e0, 24 [pid 3610] futex(0x7ff93fe204d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... set_robust_list resumed>) = 0 [pid 3610] <... futex resumed>) = 0 [pid 3631] ioctl(5, KVM_RUN [pid 3610] futex(0x7ff93fe204dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3610] close(3) = 0 [pid 3610] close(4) = 0 [pid 3610] close(5) = 0 [pid 3610] close(6) = -1 EBADF (Bad file descriptor) [pid 3610] close(7) = -1 EBADF (Bad file descriptor) [pid 3610] close(8) = -1 EBADF (Bad file descriptor) [pid 3610] close(9) = -1 EBADF (Bad file descriptor) [pid 3610] close(10) = -1 EBADF (Bad file descriptor) [pid 3610] close(11) = -1 EBADF (Bad file descriptor) [pid 3610] close(12) = -1 EBADF (Bad file descriptor) [pid 3610] close(13) = -1 EBADF (Bad file descriptor) [pid 3610] close(14) = -1 EBADF (Bad file descriptor) [pid 3610] close(15) = -1 EBADF (Bad file descriptor) [pid 3610] close(16) = -1 EBADF (Bad file descriptor) [pid 3610] close(17) = -1 EBADF (Bad file descriptor) [pid 3610] close(18) = -1 EBADF (Bad file descriptor) [pid 3610] close(19) = -1 EBADF (Bad file descriptor) [pid 3610] close(20) = -1 EBADF (Bad file descriptor) [pid 3610] close(21) = -1 EBADF (Bad file descriptor) [pid 3610] close(22) = -1 EBADF (Bad file descriptor) [pid 3610] close(23) = -1 EBADF (Bad file descriptor) [pid 3610] close(24) = -1 EBADF (Bad file descriptor) [pid 3610] close(25) = -1 EBADF (Bad file descriptor) [pid 3610] close(26) = -1 EBADF (Bad file descriptor) [pid 3610] close(27) = -1 EBADF (Bad file descriptor) [pid 3610] close(28) = -1 EBADF (Bad file descriptor) [pid 3610] close(29) = -1 EBADF (Bad file descriptor) [pid 3610] exit_group(1 [pid 3628] <... ioctl resumed> ) = ? [pid 3628] +++ exited with 1 +++ [pid 3610] <... exit_group resumed>) = ? [ 56.527540][ T3631] ------------[ cut here ]------------ [ 56.533915][ T3631] WARNING: CPU: 1 PID: 3631 at arch/x86/kvm/x86.c:10658 kvm_arch_vcpu_ioctl_run+0x4ca/0x66f0 [ 56.544266][ T3631] Modules linked in: [ 56.548184][ T3631] CPU: 0 PID: 3631 Comm: syz-executor447 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 56.558902][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.569135][ T3631] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x4ca/0x66f0 [ 56.575561][ T3631] Code: 03 80 3c 02 00 0f 85 29 61 00 00 49 8b 9e 38 0d 00 00 31 ff 48 89 de e8 b4 2a 68 00 48 85 db 0f 84 2a 2a 00 00 e8 46 2e 68 00 <0f> 0b e8 3f 2e 68 00 48 8b 85 08 ff ff ff 48 8d 78 01 48 b8 00 00 [ 56.596246][ T3631] RSP: 0018:ffffc90001ccfba0 EFLAGS: 00010293 [ 56.602405][ T3631] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 56.610415][ T3631] RDX: ffff88807956c1c0 RSI: ffffffff8111dcba RDI: 0000000000000005 [ 56.618561][ T3631] RBP: ffffc90001ccfd20 R08: 0000000000000005 R09: 0000000000000000 [ 56.626623][ T3631] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 56.634688][ T3631] R13: 0000000000000000 R14: ffff88807c908040 R15: ffff88807c908128 [ 56.642707][ T3631] FS: 00007ff93f520700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 56.651632][ T3631] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.658275][ T3631] CR2: 0000000000000000 CR3: 0000000021f66000 CR4: 00000000003526f0 [ 56.667823][ T3631] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.675923][ T3631] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.684013][ T3631] Call Trace: [ 56.687284][ T3631] [ 56.690206][ T3631] ? kvm_arch_vcpu_runnable+0x790/0x790 [ 56.695819][ T3631] ? lock_downgrade+0x6e0/0x6e0 [ 56.700691][ T3631] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 56.706568][ T3631] ? kvm_vcpu_ioctl+0x570/0xf30 [ 56.711455][ T3631] kvm_vcpu_ioctl+0x570/0xf30 [ 56.716198][ T3631] ? kvm_vcpu_kick+0x2f0/0x2f0 [ 56.720977][ T3631] ? ioctl_has_perm.constprop.0.isra.0+0x2a4/0x400 [ 56.727547][ T3631] ? selinux_inode_getsecctx+0x90/0x90 [ 56.733091][ T3631] ? find_held_lock+0x2d/0x110 [ 56.737868][ T3631] ? ptrace_notify+0xfa/0x140 [ 56.743345][ T3631] ? selinux_file_ioctl+0xb1/0x270 [ 56.748492][ T3631] ? kvm_vcpu_kick+0x2f0/0x2f0 [ 56.756426][ T3631] __x64_sys_ioctl+0x193/0x200 [ 56.761225][ T3631] do_syscall_64+0x35/0xb0 [ 56.765849][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.772046][ T3631] RIP: 0033:0x7ff93fd96c19 [ 56.776459][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.796157][ T3631] RSP: 002b:00007ff93f520308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.804951][ T3631] RAX: ffffffffffffffda RBX: 00007ff93fe204d8 RCX: 00007ff93fd96c19 [ 56.813037][ T3631] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 56.821018][ T3631] RBP: 00007ff93fe204d0 R08: 00007ff93f520700 R09: 0000000000000000 [ 56.830626][ T3631] R10: 00007ff93f520700 R11: 0000000000000246 R12: 00007ff93fe204dc [ 56.839843][ T3631] R13: 00007ff93fdec4d8 R14: 6d766b2f7665642f R15: 0000000000022000 [ 56.848036][ T3631] [ 56.851077][ T3631] Kernel panic - not syncing: panic_on_warn set ... [ 56.857675][ T3631] CPU: 0 PID: 3631 Comm: syz-executor447 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 56.867814][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.877861][ T3631] Call Trace: [ 56.881131][ T3631] [ 56.884072][ T3631] dump_stack_lvl+0xcd/0x134 [ 56.888659][ T3631] panic+0x2d7/0x636 [ 56.892555][ T3631] ? panic_print_sys_info.part.0+0x10b/0x10b [ 56.898561][ T3631] ? __warn.cold+0x1d1/0x2c5 [ 56.903175][ T3631] ? kvm_arch_vcpu_ioctl_run+0x4ca/0x66f0 [ 56.908904][ T3631] __warn.cold+0x1e2/0x2c5 [ 56.913325][ T3631] ? kvm_arch_vcpu_ioctl_run+0x4ca/0x66f0 [ 56.919066][ T3631] report_bug+0x1bc/0x210 [ 56.923416][ T3631] handle_bug+0x3c/0x60 [ 56.927594][ T3631] exc_invalid_op+0x14/0x40 [ 56.932107][ T3631] asm_exc_invalid_op+0x16/0x20 [ 56.936962][ T3631] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x4ca/0x66f0 [ 56.943298][ T3631] Code: 03 80 3c 02 00 0f 85 29 61 00 00 49 8b 9e 38 0d 00 00 31 ff 48 89 de e8 b4 2a 68 00 48 85 db 0f 84 2a 2a 00 00 e8 46 2e 68 00 <0f> 0b e8 3f 2e 68 00 48 8b 85 08 ff ff ff 48 8d 78 01 48 b8 00 00 [ 56.963085][ T3631] RSP: 0018:ffffc90001ccfba0 EFLAGS: 00010293 [ 56.969172][ T3631] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 56.977149][ T3631] RDX: ffff88807956c1c0 RSI: ffffffff8111dcba RDI: 0000000000000005 [ 56.985141][ T3631] RBP: ffffc90001ccfd20 R08: 0000000000000005 R09: 0000000000000000 [ 56.993115][ T3631] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 57.001105][ T3631] R13: 0000000000000000 R14: ffff88807c908040 R15: ffff88807c908128 [ 57.009167][ T3631] ? kvm_arch_vcpu_ioctl_run+0x4ca/0x66f0 [ 57.014918][ T3631] ? kvm_arch_vcpu_runnable+0x790/0x790 [ 57.020474][ T3631] ? lock_downgrade+0x6e0/0x6e0 [ 57.025338][ T3631] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 57.031154][ T3631] ? kvm_vcpu_ioctl+0x570/0xf30 [ 57.036010][ T3631] kvm_vcpu_ioctl+0x570/0xf30 [ 57.040693][ T3631] ? kvm_vcpu_kick+0x2f0/0x2f0 [ 57.045466][ T3631] ? ioctl_has_perm.constprop.0.isra.0+0x2a4/0x400 [ 57.051985][ T3631] ? selinux_inode_getsecctx+0x90/0x90 [ 57.057460][ T3631] ? find_held_lock+0x2d/0x110 [ 57.062232][ T3631] ? ptrace_notify+0xfa/0x140 [ 57.066913][ T3631] ? selinux_file_ioctl+0xb1/0x270 [ 57.072028][ T3631] ? kvm_vcpu_kick+0x2f0/0x2f0 [ 57.076977][ T3631] __x64_sys_ioctl+0x193/0x200 [ 57.081760][ T3631] do_syscall_64+0x35/0xb0 [ 57.086198][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.092104][ T3631] RIP: 0033:0x7ff93fd96c19 [ 57.096520][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.116149][ T3631] RSP: 002b:00007ff93f520308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.124566][ T3631] RAX: ffffffffffffffda RBX: 00007ff93fe204d8 RCX: 00007ff93fd96c19 [ 57.132540][ T3631] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 57.140526][ T3631] RBP: 00007ff93fe204d0 R08: 00007ff93f520700 R09: 0000000000000000 [ 57.148535][ T3631] R10: 00007ff93f520700 R11: 0000000000000246 R12: 00007ff93fe204dc [ 57.156693][ T3631] R13: 00007ff93fdec4d8 R14: 6d766b2f7665642f R15: 0000000000022000 [ 57.164673][ T3631] [ 57.167991][ T3631] Kernel Offset: disabled [ 57.172400][ T3631] Rebooting in 86400 seconds..