./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2526482905

<...>
[   14.492167][   T23] audit: type=1400 audit(1737880738.049:62): avc:  denied  { noatsecure } for  pid=288 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.494729][   T23] audit: type=1400 audit(1737880738.049:63): avc:  denied  { write } for  pid=288 comm="sh" path="pipe:[11341]" dev="pipefs" ino=11341 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   14.497791][   T23] audit: type=1400 audit(1737880738.049:64): avc:  denied  { rlimitinh } for  pid=288 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.500286][   T23] audit: type=1400 audit(1737880738.049:65): avc:  denied  { siginh } for  pid=288 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts.
execve("./syz-executor2526482905", ["./syz-executor2526482905"], 0x7ffd4e0a31f0 /* 10 vars */) = 0
brk(NULL)                               = 0x555583bda000
brk(0x555583bdad00)                     = 0x555583bdad00
arch_prctl(ARCH_SET_FS, 0x555583bda380) = 0
set_tid_address(0x555583bda650)         = 369
set_robust_list(0x555583bda660, 24)     = 0
rseq(0x555583bdaca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2526482905", 4096) = 28
getrandom("\x81\x33\xba\x93\x55\xda\xcb\x02", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555583bdad00
brk(0x555583bfbd00)                     = 0x555583bfbd00
brk(0x555583bfc000)                     = 0x555583bfc000
mprotect(0x7fe158ecc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583bda650) = 370
./strace-static-x86_64: Process 370 attached
[pid   370] set_robust_list(0x555583bda660, 24) = 0
[pid   370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   370] setpgid(0, 0)               = 0
[pid   370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   370] write(3, "1000", 4)         = 4
[pid   370] close(3executing program
)                    = 0
[pid   370] write(1, "executing program\n", 18) = 18
[pid   370] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3
[   35.445297][   T23] audit: type=1400 audit(1737880758.999:66): avc:  denied  { execmem } for  pid=369 comm="syz-executor252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   35.467456][   T23] audit: type=1400 audit(1737880759.029:67): avc:  denied  { read } for  pid=370 comm="syz-executor252" name="kvm" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   35.467915][  T370] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   35.490528][   T23] audit: type=1400 audit(1737880759.029:68): avc:  denied  { open } for  pid=370 comm="syz-executor252" path="/dev/kvm" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[pid   370] ioctl(3, KVM_CREATE_VM, 0)  = 4
[pid   370] ioctl(4, KVM_CREATE_VCPU, 0) = 5
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20fe6000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20fe7000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20fe8000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20fe9000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20fea000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20feb000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20fec000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20fed000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20fee000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20fef000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x20ff0000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x20ff1000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x20ff2000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x20ff3000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x20ff4000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x20ff5000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20ff6000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20ff7000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20ff8000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20ff9000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20ffa000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20ffb000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20ffc000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20ffd000}) = 0
[pid   370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20fe6000}) = 0
[pid   370] ioctl(-1, KVM_GET_SREGS, 0x7ffc380dbcd0) = -1 EBADF (Bad file descriptor)
[   35.529575][   T23] audit: type=1400 audit(1737880759.029:69): avc:  denied  { ioctl } for  pid=370 comm="syz-executor252" path="/dev/kvm" dev="devtmpfs" ino=112 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   35.591926][  T370] BUG: kernel NULL pointer dereference, address: 0000000000000086
[   35.599524][  T370] #PF: supervisor instruction fetch in kernel mode
[   35.605862][  T370] #PF: error_code(0x0010) - not-present page
[   35.611675][  T370] PGD 1dfda8067 P4D 1dfda8067 PUD 1ef7f1067 PMD 0 
[   35.618011][  T370] Oops: 0010 [#1] PREEMPT SMP KASAN
[   35.623048][  T370] CPU: 1 PID: 370 Comm: syz-executor252 Not tainted 5.4.289-syzkaller-00025-g49530c73f82d #0
[   35.633026][  T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   35.642938][  T370] RIP: 0010:0x86
[   35.646311][  T370] Code: Bad RIP value.
[   35.650212][  T370] RSP: 0018:ffff8881dd7bf308 EFLAGS: 00010086
[   35.656117][  T370] RAX: ffff8881dd7bf338 RBX: dffffc0000000000 RCX: ffff8881f45e8fc0
[   35.663924][  T370] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   35.671740][  T370] RBP: 0000000000000270 R08: ffffffff8231c921 R09: ffffffff811c8f95
[   35.679547][  T370] R10: ffff8881f45e8fc0 R11: 0000000000000002 R12: ffffffff84600228
[   35.687361][  T370] R13: fffffe0000000278 R14: ffff8881ee590000 R15: fffffe000000027b
[   35.695173][  T370] FS:  0000555583bda380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   35.703938][  T370] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.710363][  T370] CR2: 000000000000005c CR3: 00000001da335000 CR4: 00000000003426a0
[   35.718174][  T370] Call Trace:
[   35.721310][  T370]  ? __die+0xb4/0x100
[   35.725120][  T370]  ? no_context+0xac7/0xd20
[   35.729459][  T370]  ? is_prefetch+0x4b0/0x4b0
[   35.733884][  T370]  ? rcu_preempt_deferred_qs+0xa4/0x2b0
[   35.739264][  T370]  ? __do_page_fault+0xa72/0xbb0
[   35.744039][  T370]  ? vmx_spec_ctrl_restore_host+0x83/0xfd
[   35.749595][  T370]  ? __bad_area_nosemaphore+0xc0/0x470
[   35.754889][  T370]  ? page_fault+0x2f/0x40
[   35.759056][  T370]  ? irq_entries_start+0x38/0x660
[   35.763916][  T370]  ? vmx_handle_exit_irqoff+0x45/0x220
[   35.769210][  T370]  ? check_preemption_disabled+0x91/0x320
[   35.774764][  T370]  ? handle_external_interrupt_irqoff+0x148/0x2f0
[   35.781012][  T370]  ? handle_external_interrupt_irqoff+0x12a/0x2f0
[   35.787262][  T370]  ? irq_entries_start+0x38/0x660
[   35.792124][  T370]  ? vcpu_enter_guest+0x2d06/0x9f70
[   35.797158][  T370]  ? check_preemption_disabled+0x9f/0x320
[   35.802722][  T370]  ? debug_smp_processor_id+0x20/0x20
[   35.807920][  T370]  ? __free_pages_ok+0x847/0x950
[   35.812695][  T370]  ? __kvm_set_memory_region+0xda6/0xf60
[   35.818163][  T370]  ? kvm_vm_ioctl_set_memory_region+0x67/0x90
[   35.824064][  T370]  ? do_vfs_ioctl+0x742/0x1720
[   35.828667][  T370]  ? __x64_sys_ioctl+0xd4/0x110
[   35.833354][  T370]  ? do_syscall_64+0xca/0x1c0
[   35.837865][  T370]  ? local_bh_enable+0x20/0x20
[   35.842466][  T370]  ? __free_one_page+0x7f3/0xa60
[   35.847241][  T370]  ? _raw_spin_unlock+0x49/0x60
[   35.851927][  T370]  ? set_pageblock_migratetype+0x150/0x150
[   35.857566][  T370]  ? kvm_mmu_change_mmu_pages+0x2dc/0x320
[   35.863123][  T370]  ? synchronize_srcu_expedited+0x20/0x20
[   35.868678][  T370]  ? check_preemption_disabled+0x9f/0x320
[   35.874232][  T370]  ? update_load_avg+0x40f/0x1210
[   35.879093][  T370]  ? sched_clock_cpu+0x18/0x3a0
[   35.883776][  T370]  ? check_preemption_disabled+0x9f/0x320
[   35.889332][  T370]  ? debug_smp_processor_id+0x20/0x20
[   35.894540][  T370]  ? vmx_vcpu_load_vmcs+0x655/0x8b0
[   35.899576][  T370]  ? try_to_wake_up+0x7c5/0x14f0
[   35.904347][  T370]  ? read_msr+0x40/0x40
[   35.908341][  T370]  ? check_preemption_disabled+0x9f/0x320
[   35.913894][  T370]  ? check_preemption_disabled+0x9f/0x320
[   35.919449][  T370]  ? debug_smp_processor_id+0x20/0x20
[   35.924658][  T370]  ? kvm_arch_vcpu_ioctl_run+0x748/0x18d0
[   35.930216][  T370]  ? kvm_vcpu_ioctl+0x7f9/0xd10
[   35.934898][  T370]  ? create_vcpu_fd+0x120/0x120
[   35.939588][  T370]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   35.944542][  T370]  ? _raw_spin_lock_irqsave+0x210/0x210
[   35.949920][  T370]  ? cgroup_update_frozen+0x157/0xab0
[   35.955120][  T370]  ? cgroup_update_frozen+0x157/0xab0
[   35.960330][  T370]  ? cgroup_leave_frozen+0x13c/0x290
[   35.965475][  T370]  ? ptrace_stop+0x6ee/0xa30
[   35.969879][  T370]  ? create_vcpu_fd+0x120/0x120
[   35.974563][  T370]  ? do_vfs_ioctl+0x742/0x1720
[   35.979165][  T370]  ? ioctl_preallocate+0x250/0x250
[   35.984113][  T370]  ? check_preemption_disabled+0x153/0x320
[   35.989755][  T370]  ? syscall_trace_enter+0x650/0x940
[   35.994875][  T370]  ? do_syscall_64+0x1c0/0x1c0
[   35.999475][  T370]  ? switch_fpu_return+0x1d4/0x410
[   36.004422][  T370]  ? security_file_ioctl+0x7d/0xa0
[   36.009369][  T370]  ? __x64_sys_ioctl+0xd4/0x110
[   36.014054][  T370]  ? do_syscall_64+0xca/0x1c0
[   36.018569][  T370]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   36.024466][  T370] Modules linked in:
[   36.028211][  T370] CR2: 0000000000000086
[   36.032199][  T370] ---[ end trace 81df29074e7f9b26 ]---
[   36.037749][  T370] RIP: 0010:0x86
[   36.041137][  T370] Code: Bad RIP value.
[   36.045040][  T370] RSP: 0018:ffff8881dd7bf308 EFLAGS: 00010086
[   36.050942][  T370] RAX: ffff8881dd7bf338 RBX: dffffc0000000000 RCX: ffff8881f45e8fc0
[   36.058750][  T370] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   36.066562][  T370] RBP: 0000000000000270 R08: ffffffff8231c921 R09: ffffffff811c8f95
[   36.074383][  T370] R10: ffff8881f45e8fc0 R11: 0000000000000002 R12: ffffffff84600228
[   36.082187][  T370] R13: fffffe0000000278 R14: ffff8881ee590000 R15: fffffe000000027b
[   36.090001][  T370] FS:  0000555583bda380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   36.098764][  T370] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   36.105185][  T370] CR2: 000000000000005c CR3: 00000001da335000 CR4: 00000000003426a0
[   36.112999][  T370] Kernel panic - not syncing: Fatal exception
[   36.119107][  T370] Kernel Offset: disabled
[   36.123221][  T370] Rebooting in 86400 seconds..