./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2395780427

<...>
Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts.
execve("./syz-executor2395780427", ["./syz-executor2395780427"], 0x7fff124dc1e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555578307000
brk(0x555578307e00)                     = 0x555578307e00
arch_prctl(ARCH_SET_FS, 0x555578307480) = 0
set_tid_address(0x555578307750)         = 366
set_robust_list(0x555578307760, 24)     = 0
rseq(0x555578307da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2395780427", 4096) = 28
getrandom("\x03\xa1\x8d\xc9\x76\x54\x6a\xf7", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555578307e00
brk(0x555578328e00)                     = 0x555578328e00
brk(0x555578329000)                     = 0x555578329000
mprotect(0x7f1b926ca000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555578307750) = 367
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 367 attached
) = 3
[pid   367] set_robust_list(0x555578307760, 24) = 0
[pid   366] write(3, "0", 1)            = 1
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "1", 1)            = 1
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "100", 3)          = 3
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "0", 1)            = 1
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "0", 1)            = 1
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "7 4 1 3", 7)      = 7
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "1", 1)            = 1
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "1", 1)            = 1
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "0", 1)            = 1
[pid   366] close(3)                    = 0
[pid   366] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
[pid   366] write(3, "367", 3)          = 3
[pid   366] close(3)                    = 0
[pid   366] kill(367, SIGKILL)          = 0
[pid   367] +++ killed by SIGKILL +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} ---
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f1b92625e60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f1b9262d040}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f1b92625e60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f1b9262d040}, executing program
NULL, 8) = 0
write(1, "executing program\n", 18)     = 18
[   33.103081][   T23] audit: type=1400 audit(1743834022.950:66): avc:  denied  { execmem } for  pid=366 comm="syz-executor239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
openat(AT_FDCWD, "/dev/kvm", O_RDWR|O_CREAT|O_TRUNC|O_APPEND|O_SYNC|O_NOFOLLOW|O_NOATIME, 000) = 3
[   33.138790][   T23] audit: type=1400 audit(1743834022.990:67): avc:  denied  { read append } for  pid=366 comm="syz-executor239" name="kvm" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   33.158698][  T366] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   33.162318][   T23] audit: type=1400 audit(1743834022.990:68): avc:  denied  { open } for  pid=366 comm="syz-executor239" path="/dev/kvm" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
ioctl(3, KVM_CREATE_VM, 0)              = 4
ioctl(4, KVM_CREATE_VCPU, 0)            = 5
ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=8192, userspace_addr=0x200000000000}) = 0
ioctl(5, KVM_SET_REGS, NULL)            = -1 EFAULT (Bad address)
[   33.201988][   T23] audit: type=1400 audit(1743834023.010:69): avc:  denied  { ioctl } for  pid=366 comm="syz-executor239" path="/dev/kvm" dev="devtmpfs" ino=114 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   33.244986][  T366] BUG: kernel NULL pointer dereference, address: 0000000000000086
[   33.252737][  T366] #PF: supervisor instruction fetch in kernel mode
[   33.259059][  T366] #PF: error_code(0x0010) - not-present page
[   33.264978][  T366] PGD 0 P4D 0 
[   33.268196][  T366] Oops: 0010 [#1] PREEMPT SMP KASAN
[   33.273223][  T366] CPU: 0 PID: 366 Comm: syz-executor239 Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
[   33.283290][  T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   33.293175][  T366] RIP: 0010:0x86
[   33.296559][  T366] Code: Bad RIP value.
[   33.300616][  T366] RSP: 0018:ffff8881ee517308 EFLAGS: 00010086
[   33.306517][  T366] RAX: ffff8881ee517338 RBX: dffffc0000000000 RCX: ffff8881f5cdbf00
[   33.314340][  T366] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   33.322281][  T366] RBP: 0000000000000250 R08: ffffffff8231cd01 R09: ffffffff811c8f95
[   33.330090][  T366] R10: ffff8881f5cdbf00 R11: 0000000000000002 R12: ffffffff84600218
[   33.338105][  T366] R13: fffffe0000000258 R14: ffff8881eede0000 R15: fffffe000000025b
[   33.345905][  T366] FS:  0000555578307480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   33.355286][  T366] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.361789][  T366] CR2: 000000000000005c CR3: 00000001ef24b000 CR4: 00000000003426b0
[   33.370118][  T366] Call Trace:
[   33.373256][  T366]  ? __die+0xb4/0x100
[   33.377364][  T366]  ? no_context+0xac7/0xd20
[   33.381778][  T366]  ? vmx_set_cr3+0x614/0xa10
[   33.386204][  T366]  ? is_prefetch+0x4b0/0x4b0
[   33.390633][  T366]  ? rcu_preempt_deferred_qs+0xa4/0x2b0
[   33.396025][  T366]  ? __do_page_fault+0xa72/0xbb0
[   33.400789][  T366]  ? vmx_spec_ctrl_restore_host+0x83/0xfd
[   33.406362][  T366]  ? __bad_area_nosemaphore+0xc0/0x470
[   33.411635][  T366]  ? page_fault+0x2f/0x40
[   33.415815][  T366]  ? irq_entries_start+0x28/0x660
[   33.420857][  T366]  ? vmx_handle_exit_irqoff+0x45/0x220
[   33.426253][  T366]  ? check_preemption_disabled+0x91/0x320
[   33.431793][  T366]  ? handle_external_interrupt_irqoff+0x148/0x2f0
[   33.438046][  T366]  ? handle_external_interrupt_irqoff+0x12a/0x2f0
[   33.444384][  T366]  ? irq_entries_start+0x28/0x660
[   33.449234][  T366]  ? vcpu_enter_guest+0x2d06/0x9f70
[   33.454265][  T366]  ? update_rq_clock+0x67/0x350
[   33.458959][  T366]  ? local_bh_enable+0x20/0x20
[   33.463767][  T366]  ? update_blocked_averages+0xd50/0xd50
[   33.469255][  T366]  ? vmx_vcpu_load_vmcs+0x655/0x8b0
[   33.474251][  T366]  ? read_msr+0x40/0x40
[   33.478334][  T366]  ? update_rq_clock+0x67/0x350
[   33.482932][  T366]  ? check_preemption_disabled+0x9f/0x320
[   33.488925][  T366]  ? kvm_sched_clock_read+0x14/0x40
[   33.494050][  T366]  ? check_preemption_disabled+0x9f/0x320
[   33.499596][  T366]  ? debug_smp_processor_id+0x20/0x20
[   33.504807][  T366]  ? kvm_arch_vcpu_ioctl_run+0x748/0x18d0
[   33.510360][  T366]  ? kvm_vcpu_ioctl+0x7f9/0xd10
[   33.515044][  T366]  ? create_vcpu_fd+0x120/0x120
[   33.519733][  T366]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   33.524763][  T366]  ? _raw_spin_lock_irqsave+0x210/0x210
[   33.530243][  T366]  ? cgroup_update_frozen+0x157/0xab0
[   33.535552][  T366]  ? cgroup_update_frozen+0x157/0xab0
[   33.540758][  T366]  ? cgroup_leave_frozen+0x13c/0x290
[   33.546092][  T366]  ? ptrace_stop+0x6ee/0xa30
[   33.550524][  T366]  ? create_vcpu_fd+0x120/0x120
[   33.555196][  T366]  ? do_vfs_ioctl+0x742/0x1720
[   33.559831][  T366]  ? ioctl_preallocate+0x250/0x250
[   33.564740][  T366]  ? check_preemption_disabled+0x153/0x320
[   33.570566][  T366]  ? syscall_trace_enter+0x650/0x940
[   33.575767][  T366]  ? do_syscall_64+0x1c0/0x1c0
[   33.580383][  T366]  ? switch_fpu_return+0x1d4/0x410
[   33.585329][  T366]  ? security_file_ioctl+0x7d/0xa0
[   33.590290][  T366]  ? __x64_sys_ioctl+0xd4/0x110
[   33.594979][  T366]  ? do_syscall_64+0xca/0x1c0
[   33.599496][  T366]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   33.605499][  T366] Modules linked in:
[   33.609206][  T366] CR2: 0000000000000086
[   33.613226][  T366] ---[ end trace 73321d28ac20efa3 ]---
[   33.618495][  T366] RIP: 0010:0x86
[   33.621883][  T366] Code: Bad RIP value.
[   33.625810][  T366] RSP: 0018:ffff8881ee517308 EFLAGS: 00010086
[   33.631819][  T366] RAX: ffff8881ee517338 RBX: dffffc0000000000 RCX: ffff8881f5cdbf00
[   33.639697][  T366] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   33.647590][  T366] RBP: 0000000000000250 R08: ffffffff8231cd01 R09: ffffffff811c8f95
[   33.655417][  T366] R10: ffff8881f5cdbf00 R11: 0000000000000002 R12: ffffffff84600218
[   33.663315][  T366] R13: fffffe0000000258 R14: ffff8881eede0000 R15: fffffe000000025b
[   33.671132][  T366] FS:  0000555578307480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   33.679882][  T366] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.686414][  T366] CR2: 000000000000005c CR3: 00000001ef24b000 CR4: 00000000003426b0
[   33.694371][  T366] Kernel panic - not syncing: Fatal exception
[   33.700892][  T366] Kernel Offset: disabled
[   33.705118][  T366] Rebooting in 86400 seconds..