./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3660427874 <...> Warning: Permanently added '10.128.1.88' (ECDSA) to the list of known hosts. execve("./syz-executor3660427874", ["./syz-executor3660427874"], 0x7fff79c6bfd0 /* 10 vars */) = 0 brk(NULL) = 0x5555564eb000 brk(0x5555564ebd00) = 0x5555564ebd00 arch_prctl(ARCH_SET_FS, 0x5555564eb3c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3660427874", 4096) = 28 brk(0x55555650cd00) = 0x55555650cd00 brk(0x55555650d000) = 0x55555650d000 mprotect(0x7f5973054000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f5972fa9190, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5972fa9af0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f5972fa9190, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5972fa9af0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3615 attached , child_tidptr=0x5555564eb690) = 3615 [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setpgid(0, 0) = 0 [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1000", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3615] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3615] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3615] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3615] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3615] write(5, "39", 2) = 2 [ 46.683061][ T27] audit: type=1400 audit(1660682523.350:75): avc: denied { execmem } for pid=3614 comm="syz-executor366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 46.708248][ T27] audit: type=1400 audit(1660682523.370:76): avc: denied { create } for pid=3615 comm="syz-executor366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.715694][ T3615] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 46.729504][ T27] audit: type=1400 audit(1660682523.370:77): avc: denied { write } for pid=3615 comm="syz-executor366" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 3615] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3615] exit_group(0) = ? [ 46.768846][ T27] audit: type=1400 audit(1660682523.370:78): avc: denied { open } for pid=3615 comm="syz-executor366" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 46.792288][ T27] audit: type=1400 audit(1660682523.370:79): avc: denied { ioctl } for pid=3615 comm="syz-executor366" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 3615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3615, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3619 ./strace-static-x86_64: Process 3619 attached [pid 3619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3619] setpgid(0, 0) = 0 [pid 3619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1000", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3619] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3619] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3619] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3619] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3619] write(5, "39", 2) = 2 [pid 3619] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3619] exit_group(0) = ? [pid 3619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3619, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3622 attached , child_tidptr=0x5555564eb690) = 3622 [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3622] setpgid(0, 0) = 0 [ 46.897418][ T3619] debugfs: out of free dentries, can not create directory '3619-6' [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3622] write(3, "1000", 4) = 4 [pid 3622] close(3) = 0 [pid 3622] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3622] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3622] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3622] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3622] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3622] write(5, "39", 2) = 2 [pid 3622] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3622] exit_group(0) = ? [ 46.964132][ T3622] debugfs: out of free dentries, can not create directory '3622-6' [pid 3622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3622, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3625 attached , child_tidptr=0x5555564eb690) = 3625 [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3625] setpgid(0, 0) = 0 [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3625] write(3, "1000", 4) = 4 [pid 3625] close(3) = 0 [pid 3625] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3625] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3625] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3625] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3625] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3625] write(5, "39", 2) = 2 [pid 3625] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3625] exit_group(0) = ? [ 47.069936][ T3625] debugfs: out of free dentries, can not create directory '3625-6' [pid 3625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3625, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3628 ./strace-static-x86_64: Process 3628 attached [pid 3628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3628] setpgid(0, 0) = 0 [pid 3628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3628] write(3, "1000", 4) = 4 [pid 3628] close(3) = 0 [pid 3628] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3628] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3628] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3628] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3628] write(5, "39", 2) = 2 [pid 3628] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3628] exit_group(0) = ? [pid 3628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3628, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3631 ./strace-static-x86_64: Process 3631 attached [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3631] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3631] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3631] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3631] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3631] write(5, "39", 2) = 2 [pid 3631] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3631] exit_group(0) = ? [pid 3631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3634 ./strace-static-x86_64: Process 3634 attached [pid 3634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3634] setpgid(0, 0) = 0 [pid 3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3634] write(3, "1000", 4) = 4 [pid 3634] close(3) = 0 [pid 3634] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3634] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3634] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3634] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3634] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3634] write(5, "39", 2) = 2 [pid 3634] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3634] exit_group(0) = ? [ 47.356178][ T3634] debugfs: out of free dentries, can not create directory '3634-6' [pid 3634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3634, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3637 attached , child_tidptr=0x5555564eb690) = 3637 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3637] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3637] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3637] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3637] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3637] write(5, "39", 2) = 2 [pid 3637] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3637] exit_group(0) = ? [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3640 ./strace-static-x86_64: Process 3640 attached [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3640] setpgid(0, 0) = 0 [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3640] write(3, "1000", 4) = 4 [pid 3640] close(3) = 0 [pid 3640] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3640] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3640] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3640] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3640] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3640] write(5, "39", 2) = 2 [ 47.444169][ T3637] debugfs: out of free dentries, can not create directory '3637-6' [pid 3640] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3640] exit_group(0) = ? [pid 3640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3643] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3643] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3643] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3643] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3643] write(5, "39", 2) = 2 [pid 3643] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3643] exit_group(0) = ? [pid 3643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3646 attached , child_tidptr=0x5555564eb690) = 3646 [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3646] setpgid(0, 0) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3646] write(3, "1000", 4) = 4 [pid 3646] close(3) = 0 [pid 3646] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3646] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3646] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3646] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3646] write(5, "39", 2) = 2 [pid 3646] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3646] exit_group(0) = ? [ 47.725359][ T3646] debugfs: out of free dentries, can not create directory '3646-6' [pid 3646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3649] setpgid(0, 0) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3649] write(3, "1000", 4) = 4 [pid 3649] close(3) = 0 [pid 3649] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3649] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3649] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3649] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3649] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3649] write(5, "39", 2) = 2 [pid 3649] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3649] exit_group(0) = ? [pid 3649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3652 ./strace-static-x86_64: Process 3652 attached [pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3652] setpgid(0, 0) = 0 [pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3652] write(3, "1000", 4) = 4 [pid 3652] close(3) = 0 [pid 3652] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3652] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3652] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3652] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3652] write(5, "39", 2) = 2 [pid 3652] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3652] exit_group(0) = ? [ 47.893599][ T3652] debugfs: out of free dentries, can not create directory '3652-6' [pid 3652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3655 ./strace-static-x86_64: Process 3655 attached [pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3655] setpgid(0, 0) = 0 [pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3655] write(3, "1000", 4) = 4 [pid 3655] close(3) = 0 [pid 3655] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3655] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3655] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3655] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3655] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3655] write(5, "39", 2) = 2 [pid 3655] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3655] exit_group(0) = ? [ 47.973591][ T3655] debugfs: out of free dentries, can not create directory '3655-6' [pid 3655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3658 ./strace-static-x86_64: Process 3658 attached [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3658] setpgid(0, 0) = 0 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3658] write(3, "1000", 4) = 4 [pid 3658] close(3) = 0 [pid 3658] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3658] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3658] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3658] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3658] write(5, "39", 2) = 2 [pid 3658] ioctl(4, KVM_CREATE_VM, 0) = 6 [pid 3658] exit_group(0) = ? [ 48.064479][ T3658] debugfs: out of free dentries, can not create directory '3658-6' [pid 3658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3661 attached , child_tidptr=0x5555564eb690) = 3661 [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3661] write(3, "1000", 4) = 4 [pid 3661] close(3) = 0 [pid 3661] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3661] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3661] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3661] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3661] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3661] write(5, "39", 2) = 2 [pid 3661] ioctl(4, KVM_CREATE_VM, 0) = -1 ENOMEM (Cannot allocate memory) [pid 3661] exit_group(0) = ? [pid 3661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564eb690) = 3664 ./strace-static-x86_64: Process 3664 attached [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] ioctl(-1, KVM_GET_VCPU_MMAP_SIZE, 0) = -1 EBADF (Bad file descriptor) [pid 3664] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3664] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3664] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_NOCTTY|O_DSYNC) = 4 [pid 3664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3664] write(5, "39", 2) = 2 [ 48.228123][ T3664] ================================================================== [ 48.228131][ C1] BUG: unable to handle page fault for address: ffffc90003182330 [ 48.228146][ C1] #PF: supervisor read access in kernel mode [ 48.236197][ T3664] BUG: KASAN: vmalloc-out-of-bounds in kvm_arch_hardware_enable+0x281/0x840 [ 48.243916][ C1] #PF: error_code(0x0000) - not-present page [ 48.249875][ T3664] Read of size 4 at addr ffffc90003182330 by task syz-executor366/3664 [ 48.258530][ C1] PGD 11800067 [ 48.264493][ T3664] [ 48.264503][ T3664] CPU: 0 PID: 3664 Comm: syz-executor366 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 [ 48.272714][ C1] P4D 11800067 [ 48.276150][ T3664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 48.278460][ C1] PUD 119fb067 [ 48.288578][ T3664] Call Trace: [ 48.288590][ T3664] [ 48.292022][ C1] PMD 1c609067 [ 48.302054][ T3664] dump_stack_lvl+0xcd/0x134 [ 48.305486][ C1] PTE 0 [ 48.308745][ T3664] ? kvm_arch_hardware_enable+0x281/0x840 [ 48.311675][ C1] [ 48.311683][ C1] Oops: 0000 [#1] PREEMPT SMP KASAN [ 48.315114][ T3664] print_report.cold+0x59/0x6e9 [ 48.319681][ C1] CPU: 1 PID: 3665 Comm: kvm Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 [ 48.322426][ T3664] ? kvm_arch_hardware_enable+0x281/0x840 [ 48.328114][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 48.330421][ T3664] kasan_report+0xb1/0x1e0 [ 48.335594][ C1] RIP: 0010:kvm_arch_hardware_enable+0x2ab/0x840 [ 48.340429][ T3664] ? kvm_arch_hardware_enable+0x281/0x840 [ 48.349525][ C1] Code: 48 89 e8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 0f b6 14 08 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed 04 00 00 <41> 8b 95 30 13 00 00 4d 8d b5 40 12 00 00 b9 08 00 00 00 4c 89 fe [ 48.355217][ T3664] kasan_check_range+0x13d/0x180 [ 48.365258][ C1] RSP: 0018:ffffc900003f8ea0 EFLAGS: 00010082 [ 48.369648][ T3664] kvm_arch_hardware_enable+0x281/0x840 [ 48.375945][ C1] [ 48.381638][ T3664] ? _flat_send_IPI_mask+0x53/0x60 [ 48.401223][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81121000 [ 48.406155][ T3664] ? kvm_arch_vcpu_destroy+0x330/0x330 [ 48.412195][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc90003182330 [ 48.417714][ T3664] ? send_call_function_single_ipi+0x1b5/0x320 [ 48.420019][ C1] RBP: ffffc90003182330 R08: 0000000000000000 R09: 0000000000000003 [ 48.425198][ T3664] ? sched_ttwu_pending+0x550/0x550 [ 48.433145][ C1] R10: fffff52000630466 R11: 0000000000000001 R12: 0000000000000000 [ 48.438575][ T3664] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 48.446520][ C1] R13: ffffc90003181000 R14: 0023001000000000 R15: ffffc900003f8ef8 [ 48.452662][ T3664] hardware_enable_nolock+0xa7/0x140 [ 48.460611][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 48.465784][ T3664] smp_call_function_many_cond+0x10e2/0x1430 [ 48.473748][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.479523][ T3664] ? vm_stat_fops_open+0x40/0x40 [ 48.487473][ C1] CR2: ffffc90003182330 CR3: 0000000022660000 CR4: 00000000003526e0 [ 48.492730][ T3664] ? smp_call_on_cpu+0x270/0x270 [ 48.501631][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.507578][ T3664] ? lockdep_init_map_type+0x21a/0x7f0 [ 48.514134][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.519044][ T3664] ? do_raw_spin_lock+0x120/0x2a0 [ 48.526990][ C1] Call Trace: [ 48.526998][ C1] [ 48.531901][ T3664] ? rwlock_bug.part.0+0x90/0x90 [ 48.539857][ C1] ? kvm_arch_vcpu_destroy+0x330/0x330 [ 48.545289][ T3664] ? vm_stat_fops_open+0x40/0x40 [ 48.553238][ C1] ? sched_clock_cpu+0x69/0x2b0 [ 48.558414][ T3664] on_each_cpu_cond_mask+0x56/0xa0 [ 48.561761][ C1] ? cpuacct_all_seq_show+0x520/0x520 [ 48.564586][ T3664] kvm_dev_ioctl+0x131b/0x1ce0 [ 48.569498][ C1] hardware_enable_nolock+0xa7/0x140 [ 48.574961][ T3664] ? kvm_stat_data_open+0x380/0x380 [ 48.579871][ C1] __flush_smp_call_function_queue+0x205/0x9a0 [ 48.584693][ T3664] ? selinux_file_ioctl+0xb1/0x270 [ 48.589778][ C1] ? vm_stat_fops_open+0x40/0x40 [ 48.595121][ T3664] ? kvm_stat_data_open+0x380/0x380 [ 48.599858][ C1] __sysvec_call_function_single+0x95/0x3d0 [ 48.605114][ T3664] __x64_sys_ioctl+0x193/0x200 [ 48.610283][ C1] sysvec_call_function_single+0x8e/0xc0 [ 48.616407][ T3664] do_syscall_64+0x35/0xb0 [ 48.621499][ C1] [ 48.626408][ T3664] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.631592][ C1] [ 48.631601][ C1] asm_sysvec_call_function_single+0x16/0x20 [ 48.637460][ T3664] RIP: 0033:0x7f5972fe7d99 [ 48.642194][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 [ 48.647801][ T3664] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 48.652202][ C1] Code: 74 24 10 e8 3a cf dc f7 48 89 ef e8 c2 50 dd f7 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 53 11 d0 f7 65 8b 05 ec a0 80 76 85 c0 74 0a 5b 5d c3 e8 c0 de [ 48.655113][ T3664] RSP: 002b:00007ffe49603ba8 EFLAGS: 00000246 [ 48.660975][ C1] RSP: 0018:ffffc900030efeb8 EFLAGS: 00000206 [ 48.663903][ T3664] ORIG_RAX: 0000000000000010 [ 48.669856][ C1] [ 48.669863][ C1] RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff1bbb6a9 [ 48.674243][ T3664] RAX: ffffffffffffffda RBX: 000000000000bbee RCX: 00007f5972fe7d99 [ 48.680624][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 48.700202][ T3664] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000004 [ 48.719781][ C1] RBP: ffff8880725f4ad8 R08: 0000000000000001 R09: 0000000000000001 [ 48.725821][ T3664] RBP: 00007ffe49603bb0 R08: 0000000000000002 R09: 0000000000003933 [ 48.731946][ C1] R10: ffffed100e4be95b R11: 0000000000000000 R12: ffff8880725f4140 [ 48.736610][ T3664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 48.738920][ C1] R13: ffffed100e4beb09 R14: 0000000000000003 R15: 0000000000000293 [ 48.746880][ T3664] R13: 431bde82d7b634db R14: 00007ffe49603c00 R15: 0000000000000000 [ 48.754841][ C1] __kthread_parkme+0xce/0x220 [ 48.762785][ T3664] [ 48.770745][ C1] ? worker_thread+0x1080/0x1080 [ 48.778692][ T3664] [ 48.778701][ T3664] Memory state around the buggy address: [ 48.786635][ C1] kthread+0x2df/0x3a0 [ 48.794601][ T3664] ffffc90003182200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.802564][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 48.810519][ T3664] ffffc90003182280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.818548][ C1] ret_from_fork+0x1f/0x30 [ 48.823287][ T3664] >ffffc90003182300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.826281][ C1] [ 48.831224][ T3664] ^ [ 48.831236][ T3664] ffffc90003182380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.833530][ C1] Modules linked in: [ 48.839154][ T3664] ffffc90003182400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 48.843203][ C1] CR2: ffffc90003182330 [ 48.851230][ T3664] ================================================================== [ 48.851240][ T3664] Kernel panic - not syncing: panic_on_warn set ... [ 48.864871][ C1] ---[ end trace 0000000000000000 ]--- [ 48.869266][ C1] RIP: 0010:kvm_arch_hardware_enable+0x2ab/0x840 [ 48.877323][ C1] Code: 48 89 e8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 0f b6 14 08 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ed 04 00 00 <41> 8b 95 30 13 00 00 4d 8d b5 40 12 00 00 b9 08 00 00 00 4c 89 fe [ 48.880352][ C1] RSP: 0018:ffffc900003f8ea0 EFLAGS: 00010082 [ 48.894003][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81121000 [ 48.897878][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc90003182330 [ 48.905924][ C1] RBP: ffffc90003182330 R08: 0000000000000000 R09: 0000000000000003 [ 48.910059][ C1] R10: fffff52000630466 R11: 0000000000000001 R12: 0000000000000000 [ 48.918101][ C1] R13: ffffc90003181000 R14: 0023001000000000 R15: ffffc900003f8ef8 [ 48.924672][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 48.930115][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.936430][ C1] CR2: ffffc90003182330 CR3: 0000000022660000 CR4: 00000000003526e0 [ 48.956022][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.962069][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.938572][ T3664] Shutting down cpus with NMI [ 50.015370][ T3664] Kernel Offset: disabled [ 50.019698][ T3664] Rebooting in 86400 seconds..