./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4060438127 <...> DUID 00:04:fd:16:44:bd:b2:3e:7c:46:a5:c8:6e:c7:3d:9a:a2:cd forked to background, child pid 3186 [ 25.459308][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.470166][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. execve("./syz-executor4060438127", ["./syz-executor4060438127"], 0x7ffc509b5150 /* 10 vars */) = 0 brk(NULL) = 0x5555561e6000 brk(0x5555561e6c40) = 0x5555561e6c40 arch_prctl(ARCH_SET_FS, 0x5555561e6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4060438127", 4096) = 28 brk(0x555556207c40) = 0x555556207c40 brk(0x555556208000) = 0x555556208000 mprotect(0x7fe0c9fa9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 syzkaller login: [ 41.081899][ T3608] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 41.093628][ T3608] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 41.102037][ T3608] CPU: 0 PID: 3608 Comm: syz-executor406 Not tainted 5.19.0-rc5-syzkaller-01117-g96a233e600df #0 [ 41.112542][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 41.122602][ T3608] RIP: 0010:check_helper_call+0x4af3/0x8f40 [ 41.128505][ T3608] Code: 48 c1 ea 03 80 3c 02 00 0f 85 b9 38 00 00 48 8b 9b 00 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 14 [ 41.148113][ T3608] RSP: 0018:ffffc9000306f410 EFLAGS: 00010202 [ 41.154177][ T3608] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.162145][ T3608] RDX: 0000000000000001 RSI: ffffffff818d35a2 RDI: 0000000000000008 [ 41.170113][ T3608] RBP: ffffc9000306f610 R08: 0000000000000005 R09: 000000000000002b [ 41.178078][ T3608] R10: 000000000000002b R11: 0000000000000001 R12: 000000000000002b [ 41.186044][ T3608] R13: ffffc90000ade070 R14: ffff88801759a000 R15: 0000000000000070 [ 41.194015][ T3608] FS: 00005555561e6300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 41.202947][ T3608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.209530][ T3608] CR2: 00007f3cce4f8a70 CR3: 00000000736bc000 CR4: 00000000003506f0 [ 41.217518][ T3608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.225506][ T3608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.233497][ T3608] Call Trace: [ 41.236784][ T3608] [ 41.239714][ T3608] ? do_syscall_64+0x35/0xb0 [ 41.244330][ T3608] ? entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 41.250399][ T3608] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 41.256213][ T3608] ? check_func_arg_reg_off+0x210/0x210 [ 41.261768][ T3608] ? mark_reg_unknown+0x3e/0xc0 [ 41.266620][ T3608] do_check_common+0x612a/0xd2c0 [ 41.271562][ T3608] ? lockdep_hardirqs_on+0x79/0x100 [ 41.276762][ T3608] ? kasan_quarantine_put+0xf5/0x210 [ 41.282048][ T3608] ? lockdep_hardirqs_on+0x79/0x100 [ 41.287247][ T3608] ? check_helper_call+0x8f40/0x8f40 [ 41.292531][ T3608] ? push_insn+0x220/0x530 [ 41.296949][ T3608] ? kvfree+0x42/0x50 [ 41.300932][ T3608] ? check_cfg+0x670/0xb40 [ 41.305353][ T3608] bpf_check+0x73ce/0xb050 [ 41.309769][ T3608] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 41.315781][ T3608] ? bpf_get_btf_vmlinux+0x10/0x10 [ 41.320896][ T3608] ? lock_downgrade+0x6e0/0x6e0 [ 41.325748][ T3608] ? __might_fault+0xd1/0x170 [ 41.330425][ T3608] ? lock_downgrade+0x6e0/0x6e0 [ 41.335277][ T3608] ? ktime_get_with_offset+0x3f2/0x500 [ 41.340741][ T3608] ? memset+0x20/0x40 [ 41.344731][ T3608] ? bpf_obj_name_cpy+0x144/0x1a0 [ 41.349764][ T3608] bpf_prog_load+0xfb2/0x2250 [ 41.354449][ T3608] ? __bpf_prog_put.constprop.0+0x220/0x220 [ 41.360356][ T3608] ? find_held_lock+0x2d/0x110 [ 41.365127][ T3608] ? __might_fault+0xd1/0x170 [ 41.369805][ T3608] ? lock_downgrade+0x6e0/0x6e0 [ 41.374657][ T3608] ? bpf_lsm_bpf+0x5/0x10 [ 41.379000][ T3608] __sys_bpf+0x133f/0x5750 [ 41.383419][ T3608] ? lock_release+0x780/0x780 [ 41.388092][ T3608] ? ptrace_stop.part.0+0x580/0xa80 [ 41.393288][ T3608] ? bpf_perf_link_attach+0x520/0x520 [ 41.398662][ T3608] ? do_raw_spin_lock+0x120/0x2a0 [ 41.403686][ T3608] ? rwlock_bug.part.0+0x90/0x90 [ 41.408624][ T3608] ? _raw_spin_lock_irq+0x41/0x50 [ 41.413653][ T3608] ? find_held_lock+0x2d/0x110 [ 41.418424][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 41.423635][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 41.428835][ T3608] ? lockdep_hardirqs_on+0x79/0x100 [ 41.434039][ T3608] __x64_sys_bpf+0x75/0xb0 [ 41.438476][ T3608] do_syscall_64+0x35/0xb0 [ 41.442895][ T3608] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 41.448812][ T3608] RIP: 0033:0x7fe0c9f3cc59 [ 41.453223][ T3608] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.472830][ T3608] RSP: 002b:00007ffd8f8a49a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 41.481243][ T3608] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe0c9f3cc59 [ 41.489212][ T3608] RDX: 0000000000000080 RSI: 0000000020000a00 RDI: 0000000000000005 [ 41.497180][ T3608] RBP: 00007fe0c9f00e00 R08: 0000000000000000 R09: 0000000000000000 [ 41.505146][ T3608] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fe0c9f00e90 [ 41.513114][ T3608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.521088][ T3608] [ 41.524103][ T3608] Modules linked in: [ 41.528221][ T3608] ---[ end trace 0000000000000000 ]--- [ 41.533686][ T3608] RIP: 0010:check_helper_call+0x4af3/0x8f40 [ 41.539718][ T3608] Code: 48 c1 ea 03 80 3c 02 00 0f 85 b9 38 00 00 48 8b 9b 00 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 14 [ 41.559414][ T3608] RSP: 0018:ffffc9000306f410 EFLAGS: 00010202 [ 41.565485][ T3608] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.573517][ T3608] RDX: 0000000000000001 RSI: ffffffff818d35a2 RDI: 0000000000000008 [ 41.581519][ T3608] RBP: ffffc9000306f610 R08: 0000000000000005 R09: 000000000000002b [ 41.589508][ T3608] R10: 000000000000002b R11: 0000000000000001 R12: 000000000000002b [ 41.597497][ T3608] R13: ffffc90000ade070 R14: ffff88801759a000 R15: 0000000000000070 [ 41.605501][ T3608] FS: 00005555561e6300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 41.614563][ T3608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.621193][ T3608] CR2: 000000000061ba0c CR3: 00000000736bc000 CR4: 00000000003506e0 [ 41.629221][ T3608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.637279][ T3608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.645545][ T3608] Kernel panic - not syncing: Fatal exception [ 41.651821][ T3608] Kernel Offset: disabled [ 41.656229][ T3608] Rebooting in 86400 seconds..