./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor945564123 <...> Warning: Permanently added '10.128.0.252' (ED25519) to the list of known hosts. execve("./syz-executor945564123", ["./syz-executor945564123"], 0x7ffd8b090380 /* 10 vars */) = 0 brk(NULL) = 0x555582f48000 brk(0x555582f48d00) = 0x555582f48d00 arch_prctl(ARCH_SET_FS, 0x555582f48380) = 0 set_tid_address(0x555582f48650) = 359 set_robust_list(0x555582f48660, 24) = 0 rseq(0x555582f48ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor945564123", 4096) = 27 getrandom("\x2a\x5e\x40\x78\x90\x71\x8c\x16", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555582f48d00 brk(0x555582f69d00) = 0x555582f69d00 brk(0x555582f6a000) = 0x555582f6a000 mprotect(0x7ff2996d0000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555582f48650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555582f48660, 24) = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] write(1, "executing program\n", 18executing program ) = 18 [pid 360] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [ 26.715860][ T23] audit: type=1400 audit(1741234195.640:66): avc: denied { execmem } for pid=359 comm="syz-executor945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.740832][ T23] audit: type=1400 audit(1741234195.670:67): avc: denied { read } for pid=360 comm="syz-executor945" name="kvm" dev="devtmpfs" ino=1120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.764063][ T23] audit: type=1400 audit(1741234195.670:68): avc: denied { open } for pid=360 comm="syz-executor945" path="/dev/kvm" dev="devtmpfs" ino=1120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.783553][ T360] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [pid 360] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 360] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 360] ioctl(4, KVM_CREATE_VCPU, 0) = 5 [ 26.787567][ T23] audit: type=1400 audit(1741234195.710:69): avc: denied { ioctl } for pid=360 comm="syz-executor945" path="/dev/kvm" dev="devtmpfs" ino=1120 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.851172][ T360] BUG: kernel NULL pointer dereference, address: 0000000000000086 [ 26.858787][ T360] #PF: supervisor instruction fetch in kernel mode [ 26.865123][ T360] #PF: error_code(0x0010) - not-present page [ 26.870938][ T360] PGD 0 P4D 0 [ 26.874148][ T360] Oops: 0010 [#1] PREEMPT SMP KASAN [ 26.879186][ T360] CPU: 1 PID: 360 Comm: syz-executor945 Not tainted 5.4.290-syzkaller-00017-g6b07fcd94a6a #0 [ 26.889258][ T360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 26.899150][ T360] RIP: 0010:0x86 [ 26.902534][ T360] Code: Bad RIP value. [ 26.906438][ T360] RSP: 0018:ffff8881eeba7308 EFLAGS: 00010086 [ 26.912385][ T360] RAX: ffff8881eeba7338 RBX: dffffc0000000000 RCX: ffff8881f41e2f40 [ 26.920150][ T360] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 26.927962][ T360] RBP: 0000000000000270 R08: ffffffff8231cd01 R09: ffffffff811c8f95 [ 26.935952][ T360] R10: ffff8881f41e2f40 R11: 0000000000000002 R12: ffffffff84600228 [ 26.943761][ T360] R13: fffffe0000000278 R14: ffff8881eee80000 R15: fffffe000000027b [ 26.951574][ T360] FS: 0000555582f48380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.960338][ T360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.966763][ T360] CR2: 000000000000005c CR3: 00000001de955000 CR4: 00000000003426a0 [ 26.974634][ T360] Call Trace: [ 26.977795][ T360] ? __die+0xb4/0x100 [ 26.981613][ T360] ? no_context+0xac7/0xd20 [ 26.985993][ T360] ? is_prefetch+0x4b0/0x4b0 [ 26.990379][ T360] ? rcu_preempt_deferred_qs+0xa4/0x2b0 [ 26.995760][ T360] ? __do_page_fault+0xa72/0xbb0 [ 27.000529][ T360] ? vmx_spec_ctrl_restore_host+0x83/0xfd [ 27.006087][ T360] ? __bad_area_nosemaphore+0xc0/0x470 [ 27.011380][ T360] ? page_fault+0x2f/0x40 [ 27.015547][ T360] ? irq_entries_start+0x38/0x660 [ 27.020409][ T360] ? vmx_handle_exit_irqoff+0x45/0x220 [ 27.025704][ T360] ? check_preemption_disabled+0x91/0x320 [ 27.031260][ T360] ? handle_external_interrupt_irqoff+0x148/0x2f0 [ 27.037507][ T360] ? handle_external_interrupt_irqoff+0x12a/0x2f0 [ 27.043754][ T360] ? irq_entries_start+0x38/0x660 [ 27.048703][ T360] ? vcpu_enter_guest+0x2d06/0x9f70 [ 27.053742][ T360] ? find_next_and_bit+0x156/0x190 [ 27.058684][ T360] ? load_balance+0x43e1/0x7a40 [ 27.063372][ T360] ? local_bh_enable+0x20/0x20 [ 27.067995][ T360] ? check_preemption_disabled+0x9f/0x320 [ 27.073711][ T360] ? update_blocked_averages+0xd50/0xd50 [ 27.079172][ T360] ? vmx_vcpu_load_vmcs+0x655/0x8b0 [ 27.084209][ T360] ? read_msr+0x40/0x40 [ 27.088201][ T360] ? check_preemption_disabled+0x9f/0x320 [ 27.093755][ T360] ? kvm_sched_clock_read+0x14/0x40 [ 27.098795][ T360] ? check_preemption_disabled+0x9f/0x320 [ 27.104346][ T360] ? debug_smp_processor_id+0x20/0x20 [ 27.109551][ T360] ? kvm_arch_vcpu_ioctl_run+0x748/0x18d0 [ 27.115198][ T360] ? kvm_vcpu_ioctl+0x7f9/0xd10 [ 27.119882][ T360] ? create_vcpu_fd+0x120/0x120 [ 27.124659][ T360] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 27.129606][ T360] ? _raw_spin_lock_irqsave+0x210/0x210 [ 27.134986][ T360] ? cgroup_update_frozen+0x157/0xab0 [ 27.140190][ T360] ? cgroup_update_frozen+0x157/0xab0 [ 27.145399][ T360] ? cgroup_leave_frozen+0x13c/0x290 [ 27.150527][ T360] ? ptrace_stop+0x6ee/0xa30 [ 27.154964][ T360] ? create_vcpu_fd+0x120/0x120 [ 27.159633][ T360] ? do_vfs_ioctl+0x742/0x1720 [ 27.164235][ T360] ? ioctl_preallocate+0x250/0x250 [ 27.169185][ T360] ? check_preemption_disabled+0x153/0x320 [ 27.174824][ T360] ? syscall_trace_enter+0x650/0x940 [ 27.179949][ T360] ? do_syscall_64+0x1c0/0x1c0 [ 27.184562][ T360] ? switch_fpu_return+0x1d4/0x410 [ 27.189503][ T360] ? security_file_ioctl+0x7d/0xa0 [ 27.194449][ T360] ? __x64_sys_ioctl+0xd4/0x110 [ 27.199216][ T360] ? do_syscall_64+0xca/0x1c0 [ 27.203735][ T360] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.209629][ T360] Modules linked in: [ 27.213363][ T360] CR2: 0000000000000086 [ 27.217355][ T360] ---[ end trace 308034eb734372c8 ]--- [ 27.222663][ T360] RIP: 0010:0x86 [ 27.226047][ T360] Code: Bad RIP value. [ 27.229940][ T360] RSP: 0018:ffff8881eeba7308 EFLAGS: 00010086 [ 27.235844][ T360] RAX: ffff8881eeba7338 RBX: dffffc0000000000 RCX: ffff8881f41e2f40 [ 27.243740][ T360] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 27.251550][ T360] RBP: 0000000000000270 R08: ffffffff8231cd01 R09: ffffffff811c8f95 [ 27.259362][ T360] R10: ffff8881f41e2f40 R11: 0000000000000002 R12: ffffffff84600228 [ 27.267176][ T360] R13: fffffe0000000278 R14: ffff8881eee80000 R15: fffffe000000027b [ 27.275087][ T360] FS: 0000555582f48380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 27.283976][ T360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.290367][ T360] CR2: 000000000000005c CR3: 00000001de955000 CR4: 00000000003426a0 [ 27.298177][ T360] Kernel panic - not syncing: Fatal exception [ 27.304278][ T360] Kernel Offset: disabled [ 27.308403][ T360] Rebooting in 86400 seconds..