./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3864200990

<...>
Warning: Permanently added '10.128.1.159' (ED25519) to the list of known hosts.
execve("./syz-executor3864200990", ["./syz-executor3864200990"], 0x7fffecbbdc80 /* 10 vars */) = 0
brk(NULL)                               = 0x555573de8000
brk(0x555573de8d00)                     = 0x555573de8d00
arch_prctl(ARCH_SET_FS, 0x555573de8380) = 0
set_tid_address(0x555573de8650)         = 359
set_robust_list(0x555573de8660, 24)     = 0
rseq(0x555573de8ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3864200990", 4096) = 28
getrandom("\x96\x75\xf3\xed\xd9\xf2\xe9\x53", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555573de8d00
brk(0x555573e09d00)                     = 0x555573e09d00
brk(0x555573e0a000)                     = 0x555573e0a000
mprotect(0x7f79b943a000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555573de8650) = 360
./strace-static-x86_64: Process 360 attached
[pid   360] set_robust_list(0x555573de8660, 24) = 0
[pid   359] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "10000000000", 11) = 11
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   359] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "1", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "0", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "0", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "1", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "100", 3)          = 3
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "0", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "0", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "7 4 1 3", 7)      = 7
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "1", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "1", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "0", 1)            = 1
[pid   359] close(3)                    = 0
[pid   359] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
[pid   359] write(3, "360", 3)          = 3
[pid   359] close(3)                    = 0
[pid   359] kill(360, SIGKILL)          = 0
[pid   360] +++ killed by SIGKILL +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=360, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} ---
executing program
write(1, "executing program\n", 18)     = 18
[   26.485288][   T23] audit: type=1400 audit(1741192614.140:66): avc:  denied  { execmem } for  pid=359 comm="syz-executor386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
openat(AT_FDCWD, "/dev/kvm", O_RDONLY)  = 3
[   26.528578][   T23] audit: type=1400 audit(1741192614.180:67): avc:  denied  { read } for  pid=359 comm="syz-executor386" name="kvm" dev="devtmpfs" ino=1134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   26.541778][  T359] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
ioctl(3, KVM_CREATE_VM, 0)              = 4
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=536879104, userspace_addr=0x400000000000}) = 0
ioctl(4, KVM_CREATE_VCPU, 3)            = 5
[   26.551530][   T23] audit: type=1400 audit(1741192614.180:68): avc:  denied  { open } for  pid=359 comm="syz-executor386" path="/dev/kvm" dev="devtmpfs" ino=1134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   26.590832][   T23] audit: type=1400 audit(1741192614.200:69): avc:  denied  { ioctl } for  pid=359 comm="syz-executor386" path="/dev/kvm" dev="devtmpfs" ino=1134 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   26.624525][  T359] BUG: kernel NULL pointer dereference, address: 0000000000000086
[   26.632372][  T359] #PF: supervisor instruction fetch in kernel mode
[   26.638704][  T359] #PF: error_code(0x0010) - not-present page
[   26.644521][  T359] PGD 0 P4D 0 
[   26.647744][  T359] Oops: 0010 [#1] PREEMPT SMP KASAN
[   26.652773][  T359] CPU: 0 PID: 359 Comm: syz-executor386 Not tainted 5.4.290-syzkaller-00017-g6b07fcd94a6a #0
[   26.662749][  T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   26.672769][  T359] RIP: 0010:0x86
[   26.676143][  T359] Code: Bad RIP value.
[   26.680130][  T359] RSP: 0018:ffff8881eea67308 EFLAGS: 00010086
[   26.686057][  T359] RAX: ffff8881eea67338 RBX: dffffc0000000000 RCX: ffff8881f32ecec0
[   26.693863][  T359] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   26.701658][  T359] RBP: 0000000000000ec0 R08: ffffffff8231cd01 R09: ffffffff811c8f95
[   26.709485][  T359] R10: ffff8881f32ecec0 R11: 0000000000000002 R12: ffffffff84601550
[   26.717391][  T359] R13: fffffe0000000ec8 R14: ffff8881e05d8000 R15: fffffe0000000ecb
[   26.725287][  T359] FS:  0000555573de8380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   26.734051][  T359] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.740489][  T359] CR2: 000000000000005c CR3: 00000001ef4ba000 CR4: 00000000003426b0
[   26.748462][  T359] Call Trace:
[   26.751591][  T359]  ? __die+0xb4/0x100
[   26.755391][  T359]  ? no_context+0xac7/0xd20
[   26.759734][  T359]  ? is_prefetch+0x4b0/0x4b0
[   26.764170][  T359]  ? rcu_preempt_deferred_qs+0xa4/0x2b0
[   26.769537][  T359]  ? __do_page_fault+0xa72/0xbb0
[   26.774324][  T359]  ? vmx_spec_ctrl_restore_host+0x83/0xfd
[   26.779876][  T359]  ? __bad_area_nosemaphore+0xc0/0x470
[   26.785167][  T359]  ? page_fault+0x2f/0x40
[   26.789329][  T359]  ? __entry_text_end+0x4/0x4
[   26.793849][  T359]  ? vmx_handle_exit_irqoff+0x45/0x220
[   26.799138][  T359]  ? check_preemption_disabled+0x91/0x320
[   26.804700][  T359]  ? handle_external_interrupt_irqoff+0x148/0x2f0
[   26.810944][  T359]  ? handle_external_interrupt_irqoff+0x12a/0x2f0
[   26.817193][  T359]  ? __entry_text_end+0x4/0x4
[   26.821716][  T359]  ? vcpu_enter_guest+0x2d06/0x9f70
[   26.826743][  T359]  ? check_preemption_disabled+0x9f/0x320
[   26.832299][  T359]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   26.837712][  T359]  ? check_preemption_disabled+0x9f/0x320
[   26.843245][  T359]  ? _raw_spin_lock+0x1b0/0x1b0
[   26.847922][  T359]  ? debug_smp_processor_id+0x20/0x20
[   26.853215][  T359]  ? local_bh_enable+0x20/0x20
[   26.857836][  T359]  ? internal_add_timer+0x34b/0x430
[   26.862861][  T359]  ? _raw_spin_unlock_irqrestore+0x57/0x80
[   26.868491][  T359]  ? __mod_timer+0x72b/0x13e0
[   26.873007][  T359]  ? mod_timer_pending+0x20/0x20
[   26.877779][  T359]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   26.883161][  T359]  ? read_msr+0x40/0x40
[   26.887157][  T359]  ? check_preemption_disabled+0x9f/0x320
[   26.892793][  T359]  ? __fd_install+0x119/0x230
[   26.897310][  T359]  ? update_load_avg+0x40f/0x1210
[   26.902169][  T359]  ? check_preemption_disabled+0x9f/0x320
[   26.907746][  T359]  ? debug_smp_processor_id+0x20/0x20
[   26.912935][  T359]  ? resched_curr+0x9b/0x200
[   26.917359][  T359]  ? check_preempt_wakeup+0x4f6/0x9f0
[   26.922573][  T359]  ? vmx_vcpu_load_vmcs+0x655/0x8b0
[   26.927602][  T359]  ? try_to_wake_up+0x7c5/0x14f0
[   26.932372][  T359]  ? read_msr+0x40/0x40
[   26.936368][  T359]  ? check_preemption_disabled+0x9f/0x320
[   26.941922][  T359]  ? check_preemption_disabled+0x9f/0x320
[   26.947476][  T359]  ? debug_smp_processor_id+0x20/0x20
[   26.952686][  T359]  ? kvm_arch_vcpu_ioctl_run+0x748/0x18d0
[   26.958243][  T359]  ? kvm_vcpu_ioctl+0x7f9/0xd10
[   26.962939][  T359]  ? create_vcpu_fd+0x120/0x120
[   26.967618][  T359]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   26.972564][  T359]  ? _raw_spin_lock_irqsave+0x210/0x210
[   26.977943][  T359]  ? cgroup_update_frozen+0x157/0xab0
[   26.983157][  T359]  ? cgroup_update_frozen+0x157/0xab0
[   26.988358][  T359]  ? common_interrupt+0xa/0xf
[   26.992882][  T359]  ? create_vcpu_fd+0x120/0x120
[   26.997563][  T359]  ? do_vfs_ioctl+0xde/0x1720
[   27.002082][  T359]  ? create_vcpu_fd+0x120/0x120
[   27.006763][  T359]  ? do_vfs_ioctl+0x742/0x1720
[   27.011365][  T359]  ? ioctl_preallocate+0x250/0x250
[   27.016322][  T359]  ? check_preemption_disabled+0x153/0x320
[   27.021957][  T359]  ? syscall_trace_enter+0x650/0x940
[   27.027073][  T359]  ? do_syscall_64+0x1c0/0x1c0
[   27.031673][  T359]  ? switch_fpu_return+0x1d4/0x410
[   27.036621][  T359]  ? security_file_ioctl+0x7d/0xa0
[   27.041573][  T359]  ? __x64_sys_ioctl+0xd4/0x110
[   27.046257][  T359]  ? do_syscall_64+0xca/0x1c0
[   27.050769][  T359]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   27.056668][  T359] Modules linked in:
[   27.060400][  T359] CR2: 0000000000000086
[   27.064395][  T359] ---[ end trace 77a5f2014e17d297 ]---
[   27.069694][  T359] RIP: 0010:0x86
[   27.073080][  T359] Code: Bad RIP value.
[   27.076979][  T359] RSP: 0018:ffff8881eea67308 EFLAGS: 00010086
[   27.083008][  T359] RAX: ffff8881eea67338 RBX: dffffc0000000000 RCX: ffff8881f32ecec0
[   27.090816][  T359] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   27.098637][  T359] RBP: 0000000000000ec0 R08: ffffffff8231cd01 R09: ffffffff811c8f95
[   27.106437][  T359] R10: ffff8881f32ecec0 R11: 0000000000000002 R12: ffffffff84601550
[   27.114334][  T359] R13: fffffe0000000ec8 R14: ffff8881e05d8000 R15: fffffe0000000ecb
[   27.122146][  T359] FS:  0000555573de8380(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   27.130996][  T359] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.137592][  T359] CR2: 000000000000005c CR3: 00000001ef4ba000 CR4: 00000000003426b0
[   27.145411][  T359] Kernel panic - not syncing: Fatal exception
[   27.151561][  T359] Kernel Offset: disabled
[   27.155683][  T359] Rebooting in 86400 seconds..