./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2029898207

<...>
forked to background, child pid 3189
no interfaces have a carri[   23.292716][ T3190] 8021q: adding VLAN 0 to HW filter on device bond0
er
[   23.305770][ T3190] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
execve("./syz-executor2029898207", ["./syz-executor2029898207"], 0x7fffef0b13e0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555568c0000
brk(0x5555568c0c40)                     = 0x5555568c0c40
arch_prctl(ARCH_SET_FS, 0x5555568c0300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2029898207", 4096) = 28
brk(0x5555568e1c40)                     = 0x5555568e1c40
brk(0x5555568e2000)                     = 0x5555568e2000
mprotect(0x7f5f1da33000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
io_uring_setup(10458, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3
mmap(0x206d3000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x206d3000
mmap(0x20ffa000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20ffa000
socketpair(AF_TIPC, SOCK_STREAM, 0, [4, 5]) = 0
socketpair(AF_TIPC, SOCK_STREAM, 0, [6, 7]) = 0
io_uring_setup(10458, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 8
mmap(0x206d3000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 8, 0) = 0x206d3000
mmap(0x20ffa000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 8, 0x10000000) = 0x20ffa000
socket(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP) = 9
io_uring_setup(7648, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=8192, cq_entries=16384, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=262464}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 10
ioctl(-1, AUTOFS_DEV_IOCTL_PROTOSUBVER, 0x20000000) = -1 EBADF (Bad file descriptor)
io_uring_register(10, IORING_REGISTER_PERSONALITY, NULL, 0) = 1
syzkaller login: [   40.453323][ T3610] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   40.465055][ T3610] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   40.473451][ T3610] CPU: 0 PID: 3610 Comm: syz-executor202 Not tainted 6.0.0-rc2-next-20220823-syzkaller #0
[   40.483333][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   40.493563][ T3610] RIP: 0010:__io_sync_cancel+0x10d/0x1c0
[   40.499191][ T3610] Code: 48 c1 ea 03 80 3c 02 00 0f 85 aa 00 00 00 49 8b 86 f8 00 00 00 48 8d 1c d8 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 8e 00 00 00 48 8b 1b 48 8d 7d 08 48 b8 00 00 00
[   40.518792][ T3610] RSP: 0018:ffffc90003a3fc20 EFLAGS: 00010246
[   40.524845][ T3610] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   40.532801][ T3610] RDX: 0000000000000000 RSI: ffffffff83f95344 RDI: ffff888026eb10f8
[   40.540755][ T3610] RBP: ffffc90003a3fce0 R08: 0000000000000004 R09: 0000000000000000
[   40.548714][ T3610] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[   40.556674][ T3610] R13: ffff888021117c00 R14: ffff888026eb1000 R15: 0000000000000000
[   40.564736][ T3610] FS:  00005555568c0300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   40.573655][ T3610] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.580223][ T3610] CR2: 00000000005d84c8 CR3: 00000000728d1000 CR4: 00000000003506f0
[   40.588183][ T3610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   40.596139][ T3610] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.604094][ T3610] Call Trace:
[   40.607362][ T3610]  <TASK>
[   40.610283][ T3610]  io_sync_cancel+0x240/0x630
[   40.614954][ T3610]  ? __schedule+0xaed/0x52c0
[   40.619534][ T3610]  ? init_hash_table+0xf0/0xf0
[   40.624287][ T3610]  ? trace_contention_end+0xea/0x150
[   40.629567][ T3610]  ? __mutex_lock+0x231/0x1350
[   40.634335][ T3610]  ? ptrace_stop.part.0+0x5ec/0xa80
[   40.639565][ T3610]  ? __do_sys_io_uring_register+0x1d5/0x1110
[   40.645554][ T3610]  ? prepare_to_wait_exclusive+0x2b0/0x2b0
[   40.651349][ T3610]  ? rwlock_bug.part.0+0x90/0x90
[   40.656275][ T3610]  ? ptrace_stop.part.0+0x746/0xa80
[   40.661549][ T3610]  __do_sys_io_uring_register+0x5c9/0x1110
[   40.667361][ T3610]  ? io_cqring_event_overflow+0x730/0x730
[   40.673072][ T3610]  ? trace_hardirqs_on+0x2d/0x120
[   40.678164][ T3610]  ? _raw_spin_unlock_irq+0x2a/0x40
[   40.683371][ T3610]  ? ptrace_notify+0xfa/0x140
[   40.688067][ T3610]  do_syscall_64+0x35/0xb0
[   40.692495][ T3610]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   40.698380][ T3610] RIP: 0033:0x7f5f1d9c6d29
[   40.702787][ T3610] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   40.722387][ T3610] RSP: 002b:00007ffe53da8668 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[   40.730793][ T3610] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f1d9c6d29
[   40.738751][ T3610] RDX: 0000000020000000 RSI: 0000000000000018 RDI: 000000000000000a
[   40.746727][ T3610] RBP: 00007f5f1d98aed0 R08: 0000000000000000 R09: 0000000000000000
[   40.754707][ T3610] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f5f1d98af60
[   40.762678][ T3610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   40.770746][ T3610]  </TASK>
[   40.773753][ T3610] Modules linked in:
[   40.778831][ T3610] ---[ end trace 0000000000000000 ]---
[   40.784311][ T3610] RIP: 0010:__io_sync_cancel+0x10d/0x1c0
[   40.790087][ T3610] Code: 48 c1 ea 03 80 3c 02 00 0f 85 aa 00 00 00 49 8b 86 f8 00 00 00 48 8d 1c d8 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 8e 00 00 00 48 8b 1b 48 8d 7d 08 48 b8 00 00 00
[   40.809772][ T3610] RSP: 0018:ffffc90003a3fc20 EFLAGS: 00010246
[   40.815828][ T3610] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   40.823814][ T3610] RDX: 0000000000000000 RSI: ffffffff83f95344 RDI: ffff888026eb10f8
[   40.831811][ T3610] RBP: ffffc90003a3fce0 R08: 0000000000000004 R09: 0000000000000000
[   40.839807][ T3610] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[   40.847840][ T3610] R13: ffff888021117c00 R14: ffff888026eb1000 R15: 0000000000000000
[   40.855831][ T3610] FS:  00005555568c0300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   40.864785][ T3610] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.871389][ T3610] CR2: 00007f5f1da0dfb8 CR3: 00000000728d1000 CR4: 00000000003506e0
[   40.879384][ T3610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   40.887341][ T3610] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.895358][ T3610] Kernel panic - not syncing: Fatal exception
[   40.901579][ T3610] Kernel Offset: disabled
[   40.905898][ T3610] Rebooting in 86400 seconds..