./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3590281745 <...> forked to background, child pid 3174 no interfaces have a carrier [ 21.230205][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.239262][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts. execve("./syz-executor3590281745", ["./syz-executor3590281745"], 0x7ffe368668d0 /* 10 vars */) = 0 brk(NULL) = 0x555556f9d000 brk(0x555556f9dc40) = 0x555556f9dc40 arch_prctl(ARCH_SET_FS, 0x555556f9d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3590281745", 4096) = 28 brk(0x555556fbec40) = 0x555556fbec40 brk(0x555556fbf000) = 0x555556fbf000 mprotect(0x7f115bc8a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 io_uring_setup(18777, {flags=IORING_SETUP_IOPOLL, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 mmap(0x20ee7000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20ee7000 mmap(0x20002000, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20002000 mmap(0x20ee7000, 12288, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED, 3, 0x10000000) = 0x20ee7000 io_uring_setup(11751, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 mmap(0x20002000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0) = 0x20002000 mmap(0x20003000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000) = 0x20003000 io_uring_enter(3, 25588, 0, 0, NULL, 0) = 1 exit_group(0) = ? syzkaller login: [ 37.112575][ T3596] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 37.120411][ T3596] #PF: supervisor instruction fetch in kernel mode [ 37.127190][ T3596] #PF: error_code(0x0010) - not-present page [ 37.133154][ T3596] PGD 0 P4D 0 [ 37.136523][ T3596] Oops: 0010 [#1] PREEMPT SMP KASAN [ 37.141695][ T3596] CPU: 0 PID: 3596 Comm: syz-executor359 Not tainted 5.18.0-rc7-syzkaller #0 [ 37.150432][ T3596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.160483][ T3596] RIP: 0010:0x0 [ 37.163939][ T3596] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 37.171904][ T3596] RSP: 0018:ffffc9000325fb68 EFLAGS: 00010246 [ 37.177960][ T3596] RAX: ffffffff89dad220 RBX: dffffc0000000000 RCX: 0000000000000000 [ 37.185917][ T3596] RDX: 0000000000000003 RSI: ffffc9000325fbe0 RDI: ffff8880213388c0 [ 37.193871][ T3596] RBP: ffff888021338901 R08: 0000000000000000 R09: 0000000000000000 [ 37.201821][ T3596] R10: ffffffff81ec11a0 R11: 0000000000000000 R12: 0000000000000003 [ 37.209775][ T3596] R13: ffffc9000325fbe0 R14: ffff8880213388c0 R15: ffff888021338938 [ 37.217733][ T3596] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 37.226654][ T3596] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.233230][ T3596] CR2: ffffffffffffffd6 CR3: 000000000ba8e000 CR4: 0000000000350ef0 [ 37.241186][ T3596] Call Trace: [ 37.244450][ T3596] [ 37.247359][ T3596] io_do_iopoll+0x262/0x1080 [ 37.251998][ T3596] ? mutex_lock_io_nested+0x1150/0x1150 [ 37.257531][ T3596] ? lock_downgrade+0x6e0/0x6e0 [ 37.262371][ T3596] ? __io_submit_flush_completions+0xb10/0xb10 [ 37.268514][ T3596] ? do_raw_spin_unlock+0x171/0x230 [ 37.273701][ T3596] io_iopoll_try_reap_events+0xba/0x158 [ 37.279238][ T3596] io_ring_ctx_wait_and_kill+0x1d9/0x327 [ 37.284853][ T3596] ? io_iopoll_try_reap_events+0x158/0x158 [ 37.290647][ T3596] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 37.296874][ T3596] io_uring_release+0x42/0x46 [ 37.301537][ T3596] __fput+0x277/0x9d0 [ 37.305522][ T3596] ? io_ring_ctx_wait_and_kill+0x327/0x327 [ 37.311313][ T3596] task_work_run+0xdd/0x1a0 [ 37.315802][ T3596] do_exit+0xaff/0x2a00 [ 37.319941][ T3596] ? lock_downgrade+0x6e0/0x6e0 [ 37.324787][ T3596] ? mm_update_next_owner+0x7a0/0x7a0 [ 37.330150][ T3596] ? _raw_spin_unlock_irq+0x1f/0x40 [ 37.335341][ T3596] do_group_exit+0xd2/0x2f0 [ 37.339837][ T3596] __x64_sys_exit_group+0x3a/0x50 [ 37.344846][ T3596] do_syscall_64+0x35/0xb0 [ 37.349251][ T3596] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 37.355130][ T3596] RIP: 0033:0x7f115bc1bf19 [ 37.359615][ T3596] Code: Unable to access opcode bytes at RIP 0x7f115bc1beef. [ 37.366957][ T3596] RSP: 002b:00007ffde3b5abf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.375446][ T3596] RAX: ffffffffffffffda RBX: 00007f115bc90290 RCX: 00007f115bc1bf19 [ 37.383399][ T3596] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 37.391356][ T3596] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 37.399316][ T3596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f115bc90290 [ 37.407273][ T3596] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 37.415326][ T3596] [ 37.418330][ T3596] Modules linked in: [ 37.422205][ T3596] CR2: 0000000000000000 [ 37.426338][ T3596] ---[ end trace 0000000000000000 ]--- [ 37.431767][ T3596] RIP: 0010:0x0 [ 37.435215][ T3596] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 37.442905][ T3596] RSP: 0018:ffffc9000325fb68 EFLAGS: 00010246 [ 37.448956][ T3596] RAX: ffffffff89dad220 RBX: dffffc0000000000 RCX: 0000000000000000 [ 37.456913][ T3596] RDX: 0000000000000003 RSI: ffffc9000325fbe0 RDI: ffff8880213388c0 [ 37.464868][ T3596] RBP: ffff888021338901 R08: 0000000000000000 R09: 0000000000000000 [ 37.472825][ T3596] R10: ffffffff81ec11a0 R11: 0000000000000000 R12: 0000000000000003 [ 37.480779][ T3596] R13: ffffc9000325fbe0 R14: ffff8880213388c0 R15: ffff888021338938 [ 37.488822][ T3596] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 37.497740][ T3596] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.504397][ T3596] CR2: ffffffffffffffd6 CR3: 000000000ba8e000 CR4: 0000000000350ef0 [ 37.512355][ T3596] Kernel panic - not syncing: Fatal exception [ 37.518929][ T3596] Kernel Offset: disabled [ 37.523238][ T3596] Rebooting in 86400 seconds..