./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2435126712 <...> Warning: Permanently added '10.128.0.178' (ED25519) to the list of known hosts. execve("./syz-executor2435126712", ["./syz-executor2435126712"], 0x7ffdbce06560 /* 10 vars */) = 0 brk(NULL) = 0x5555558eb000 brk(0x5555558ebe00) = 0x5555558ebe00 arch_prctl(ARCH_SET_FS, 0x5555558eb480) = 0 set_tid_address(0x5555558eb750) = 356 set_robust_list(0x5555558eb760, 24) = 0 rseq(0x5555558ebda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2435126712", 4096) = 28 getrandom("\x8f\xd8\xb8\xc7\x41\x07\x61\x88", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555558ebe00 brk(0x55555590ce00) = 0x55555590ce00 brk(0x55555590d000) = 0x55555590d000 mprotect(0x7ff6032e6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7ff60323f9b0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff603248510}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7ff60323f9b0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff603248510}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x5555558eb760, 24) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [ 23.822388][ T23] audit: type=1400 audit(1712737174.120:66): avc: denied { execmem } for pid=356 comm="syz-executor243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.847528][ T23] audit: type=1400 audit(1712737174.140:67): avc: denied { read } for pid=357 comm="syz-executor243" name="kvm" dev="devtmpfs" ino=9234 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 23.868682][ T357] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.870756][ T23] audit: type=1400 audit(1712737174.170:68): avc: denied { open } for pid=357 comm="syz-executor243" path="/dev/kvm" dev="devtmpfs" ino=9234 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 357] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 357] dup(4) = 5 [pid 357] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 357] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 357] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 357] ioctl(6, KVM_RUN, 0) = 0 [pid 357] exit_group(0) = ? [pid 357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x5555558eb760, 24) = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 360] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 360] dup(4) = 5 [pid 360] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 360] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 360] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 360] ioctl(6, KVM_RUN, 0) = 0 [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x5555558eb760, 24) = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0 [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 362 [pid 362] <... setpgid resumed>) = 0 [ 23.909811][ T23] audit: type=1400 audit(1712737174.170:69): avc: denied { ioctl } for pid=357 comm="syz-executor243" path="/dev/kvm" dev="devtmpfs" ino=9234 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 362] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 362] dup(4) = 5 [pid 362] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 362] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 362] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 362] ioctl(6, KVM_RUN, 0) = 0 [pid 362] exit_group(0) = ? [pid 362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x5555558eb760, 24) = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 364] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 364] dup(4) = 5 [pid 364] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 364] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 364] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 364] ioctl(6, KVM_RUN, 0) = 0 [pid 364] exit_group(0) = ? [pid 364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 366 ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x5555558eb760, 24) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 366] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 366] dup(4) = 5 [pid 366] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 366] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 366] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 366] ioctl(6, KVM_RUN, 0) = 0 [pid 366] exit_group(0) = ? [pid 366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x5555558eb760, 24) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 368] ioctl(3, KVM_CREATE_VM, 0 [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 368 [pid 368] <... ioctl resumed>) = 4 [pid 368] dup(4) = 5 [pid 368] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 368] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 368] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 368] ioctl(6, KVM_RUN, 0) = 0 [pid 368] exit_group(0) = ? [pid 368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x5555558eb760, 24) = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 370] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 370] dup(4) = 5 [pid 370] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 370] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 370] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 370] ioctl(6, KVM_RUN, 0) = 0 [pid 370] exit_group(0) = ? [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x5555558eb760, 24) = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 372 [pid 372] <... openat resumed>) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 372] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 372] dup(4) = 5 [pid 372] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 372] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 372] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 372] ioctl(6, KVM_RUN, 0) = 0 [pid 372] exit_group(0) = ? [pid 372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x5555558eb760, 24) = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 374] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 374] dup(4) = 5 [pid 374] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 374] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 374] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 374] ioctl(6, KVM_RUN, 0) = 0 [pid 374] exit_group(0) = ? [pid 374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x5555558eb760, 24) = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 376 [pid 376] <... prctl resumed>) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 376] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 376] dup(4) = 5 [pid 376] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 376] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 376] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 376] ioctl(6, KVM_RUN, 0) = 0 [pid 376] exit_group(0) = ? [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 378 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x5555558eb760, 24) = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 378] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 378] dup(4) = 5 [pid 378] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 378] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 378] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 378] ioctl(6, KVM_RUN, 0) = 0 [pid 378] exit_group(0) = ? [pid 378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x5555558eb760, 24) = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 380] ioctl(3, KVM_CREATE_VM, 0 [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 380 [pid 380] <... ioctl resumed>) = 4 [pid 380] dup(4) = 5 [pid 380] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 380] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 380] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 380] ioctl(6, KVM_RUN, 0) = 0 [pid 380] exit_group(0) = ? [pid 380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x5555558eb760, 24) = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 382 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 382] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 382] dup(4) = 5 [pid 382] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 382] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 382] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 382] ioctl(6, KVM_RUN, 0) = 0 [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558eb750) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x5555558eb760, 24) = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 384] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 384] dup(4) = 5 [pid 384] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 384] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 384] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 384] ioctl(6, KVM_RUN, 0) = 0 [pid 384] exit_group(0) = ? [pid 384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x5555558eb760, 24) = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 386 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 386] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 386] dup(4) = 5 [pid 386] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 386] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 386] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 386] ioctl(6, KVM_RUN, 0) = 0 [pid 386] exit_group(0) = ? [pid 386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=386, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x5555558eb760, 24) = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 388] ioctl(3, KVM_CREATE_VM, 0 [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 388 [pid 388] <... ioctl resumed>) = 4 [pid 388] dup(4) = 5 [pid 388] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 388] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 388] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 388] ioctl(6, KVM_RUN, 0) = 0 [pid 388] exit_group(0) = ? [pid 388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x5555558eb760, 24) = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 356] <... clone resumed>, child_tidptr=0x5555558eb750) = 390 [pid 390] <... prctl resumed>) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 390] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 390] dup(4) = 5 [pid 390] ioctl(5, KVM_CREATE_VCPU, 0) = 6 [pid 390] ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x20009000}) = 0 [pid 390] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 24.327572][ T390] BUG: kernel NULL pointer dereference, address: 0000000000000086 [ 24.335318][ T390] #PF: supervisor instruction fetch in kernel mode [ 24.341646][ T390] #PF: error_code(0x0010) - not-present page [ 24.347456][ T390] PGD 1dbdc7067 P4D 1dbdc7067 PUD 1dba69067 PMD 0 [ 24.353810][ T390] Oops: 0010 [#1] PREEMPT SMP KASAN [ 24.358845][ T390] CPU: 0 PID: 390 Comm: syz-executor243 Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0 [ 24.368804][ T390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 24.378720][ T390] RIP: 0010:0x86 [ 24.382090][ T390] Code: Bad RIP value. [ 24.386002][ T390] RSP: 0018:ffff8881dbaff308 EFLAGS: 00010086 [ 24.391892][ T390] RAX: ffff8881dbaff338 RBX: dffffc0000000000 RCX: ffff8881dbaf5e80 [ 24.399707][ T390] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 24.407530][ T390] RBP: 0000000000000ec0 R08: ffffffff82315341 R09: ffffffff811c9085 [ 24.415329][ T390] R10: ffff8881dbaf5e80 R11: 0000000000000002 R12: ffffffff84601550 [ 24.423136][ T390] R13: fffffe0000000ec8 R14: ffff8881dfab8000 R15: fffffe0000000ecb [ 24.430951][ T390] FS: 00005555558eb480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.439715][ T390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.446135][ T390] CR2: 000000000000005c CR3: 00000001dbad2000 CR4: 00000000003426b0 [ 24.453950][ T390] Call Trace: [ 24.457144][ T390] ? __die+0xb4/0x100 [ 24.460905][ T390] ? no_context+0xbda/0xe50 [ 24.465412][ T390] ? is_prefetch+0x4b0/0x4b0 [ 24.469845][ T390] ? rcu_preempt_deferred_qs+0xa4/0x2b0 [ 24.475215][ T390] ? __do_page_fault+0xa7d/0xbb0 [ 24.480020][ T390] ? vmx_spec_ctrl_restore_host+0x83/0xfd [ 24.485547][ T390] ? __bad_area_nosemaphore+0xc0/0x460 [ 24.490847][ T390] ? page_fault+0x2f/0x40 [ 24.495030][ T390] ? __entry_text_end+0x4/0x4 [ 24.499536][ T390] ? vmx_handle_exit_irqoff+0x45/0x220 [ 24.504859][ T390] ? check_preemption_disabled+0x91/0x320 [ 24.510373][ T390] ? handle_external_interrupt_irqoff+0x148/0x2f0 [ 24.516616][ T390] ? handle_external_interrupt_irqoff+0x12a/0x2f0 [ 24.522867][ T390] ? __entry_text_end+0x4/0x4 [ 24.527379][ T390] ? vcpu_enter_guest+0x2d06/0x9f70 [ 24.532413][ T390] ? deref_stack_reg+0x15c/0x1f0 [ 24.537271][ T390] ? unwind_next_frame+0x1ea0/0x1ea0 [ 24.542412][ T390] ? __alloc_pages_nodemask+0x840/0x840 [ 24.547788][ T390] ? local_bh_enable+0x20/0x20 [ 24.552398][ T390] ? __memcg_kmem_charge_memcg+0x140/0x140 [ 24.558027][ T390] ? check_preemption_disabled+0x9f/0x320 [ 24.563729][ T390] ? __alloc_pages_nodemask+0x393/0x840 [ 24.569100][ T390] ? debug_smp_processor_id+0x20/0x20 [ 24.574387][ T390] ? check_preemption_disabled+0x9f/0x320 [ 24.579946][ T390] ? check_preemption_disabled+0x9f/0x320 [ 24.585500][ T390] ? debug_smp_processor_id+0x20/0x20 [ 24.590974][ T390] ? debug_smp_processor_id+0x20/0x20 [ 24.596177][ T390] ? __count_memcg_events+0x97/0x210 [ 24.601297][ T390] ? __lru_cache_add+0x206/0x2b0 [ 24.606099][ T390] ? update_load_avg+0x40f/0x1210 [ 24.610929][ T390] ? sched_clock_cpu+0x18/0x3a0 [ 24.615612][ T390] ? check_preemption_disabled+0x9f/0x320 [ 24.621165][ T390] ? debug_smp_processor_id+0x20/0x20 [ 24.626376][ T390] ? vmx_vcpu_load_vmcs+0x655/0x8b0 [ 24.631440][ T390] ? try_to_wake_up+0x7c5/0x14f0 [ 24.636357][ T390] ? read_msr+0x40/0x40 [ 24.640348][ T390] ? check_preemption_disabled+0x9f/0x320 [ 24.645901][ T390] ? check_preemption_disabled+0x9f/0x320 [ 24.651519][ T390] ? debug_smp_processor_id+0x20/0x20 [ 24.656674][ T390] ? kvm_arch_vcpu_ioctl_run+0x748/0x18d0 [ 24.662266][ T390] ? kvm_vcpu_ioctl+0x7f9/0xd10 [ 24.667026][ T390] ? create_vcpu_fd+0x120/0x120 [ 24.671709][ T390] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.676648][ T390] ? _raw_spin_lock_irqsave+0x210/0x210 [ 24.682043][ T390] ? cgroup_update_frozen+0x157/0xab0 [ 24.687241][ T390] ? cgroup_update_frozen+0x157/0xab0 [ 24.692445][ T390] ? signal_setup_done+0x368/0x460 [ 24.697393][ T390] ? cgroup_leave_frozen+0x13c/0x290 [ 24.702700][ T390] ? ptrace_stop+0x6ee/0xa30 [ 24.707112][ T390] ? create_vcpu_fd+0x120/0x120 [ 24.711814][ T390] ? do_vfs_ioctl+0x742/0x1720 [ 24.716397][ T390] ? ioctl_preallocate+0x250/0x250 [ 24.721365][ T390] ? blkcg_maybe_throttle_current+0x181/0xa90 [ 24.727258][ T390] ? syscall_trace_enter+0x650/0x940 [ 24.732373][ T390] ? do_syscall_64+0x1c0/0x1c0 [ 24.737081][ T390] ? force_sig_fault+0x125/0x1c0 [ 24.741871][ T390] ? security_file_ioctl+0x7d/0xa0 [ 24.746801][ T390] ? __x64_sys_ioctl+0xd4/0x110 [ 24.751487][ T390] ? do_syscall_64+0xca/0x1c0 [ 24.756001][ T390] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 24.761900][ T390] Modules linked in: [ 24.765646][ T390] CR2: 0000000000000086 [ 24.769627][ T390] ---[ end trace 6989127502e881b2 ]--- [ 24.774921][ T390] RIP: 0010:0x86 [ 24.778308][ T390] Code: Bad RIP value. [ 24.782209][ T390] RSP: 0018:ffff8881dbaff308 EFLAGS: 00010086 [ 24.788125][ T390] RAX: ffff8881dbaff338 RBX: dffffc0000000000 RCX: ffff8881dbaf5e80 [ 24.795922][ T390] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 24.803734][ T390] RBP: 0000000000000ec0 R08: ffffffff82315341 R09: ffffffff811c9085 [ 24.811546][ T390] R10: ffff8881dbaf5e80 R11: 0000000000000002 R12: ffffffff84601550 [ 24.819357][ T390] R13: fffffe0000000ec8 R14: ffff8881dfab8000 R15: fffffe0000000ecb [ 24.827169][ T390] FS: 00005555558eb480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.835934][ T390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.842357][ T390] CR2: 000000000000005c CR3: 00000001dbad2000 CR4: 00000000003426b0 [ 24.850170][ T390] Kernel panic - not syncing: Fatal exception [ 24.856351][ T390] Kernel Offset: disabled [ 24.860472][ T390] Rebooting in 86400 seconds..