./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor535279311 <...> Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts. execve("./syz-executor535279311", ["./syz-executor535279311"], 0x7ffe9d30f070 /* 10 vars */) = 0 brk(NULL) = 0x555555fb6000 brk(0x555555fb6d00) = 0x555555fb6d00 arch_prctl(ARCH_SET_FS, 0x555555fb6380) = 0 set_tid_address(0x555555fb6650) = 5057 set_robust_list(0x555555fb6660, 24) = 0 rseq(0x555555fb6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor535279311", 4096) = 27 getrandom("\x3f\x30\x4e\x1f\x70\x44\x44\xc9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555fb6d00 brk(0x555555fd7d00) = 0x555555fd7d00 brk(0x555555fd8000) = 0x555555fd8000 mprotect(0x7f9166878000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_ALG, SOCK_SEQPACKET, 0) = 3 bind(3, {sa_family=AF_ALG, salg_type="skcipher", salg_feat=0, salg_mask=0, salg_name="cbc(arc4-generic)"}, 88) = 0 setsockopt(3, SOL_ALG, ALG_SET_KEY, "\xad\x56\xb6\xc5\x91\x0f\xae\x9d\x6d\xcd\x32\x92\xea\x54\xc7\xb6\xef\x91\x5d\x56\x4c\x90\xc2\x00", 24) = 0 accept4(3, NULL, NULL, 0) = 4 sendto(4, "\x20\x00\x00\x00\x10\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x09\x00\x02\x00\x49\x50\x56\x53\x00\x00\x00\x00", 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [ 75.560446][ T5057] "syz-executor535" (5057) uses obsolete ecb(arc4) skcipher [ 75.593265][ T5057] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 75.601143][ T5057] #PF: supervisor write access in kernel mode [ 75.610933][ T5057] #PF: error_code(0x0002) - not-present page [ 75.616913][ T5057] PGD 20608067 P4D 20608067 PUD 220ac067 PMD 0 [ 75.623151][ T5057] Oops: 0002 [#1] PREEMPT SMP KASAN [ 75.628332][ T5057] CPU: 0 PID: 5057 Comm: syz-executor535 Not tainted 6.8.0-rc1-syzkaller-00192-g62b424810535 #0 [ 75.638724][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 75.648762][ T5057] RIP: 0010:memcpy_orig+0x31/0x120 [ 75.653876][ T5057] Code: 48 83 fa 20 0f 82 86 00 00 00 40 38 fe 7c 35 48 83 ea 20 48 83 ea 20 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 48 8d 76 20 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 48 8d 7f 20 73 d4 83 [ 75.673480][ T5057] RSP: 0018:ffffc900040ef8c0 EFLAGS: 00010202 [ 75.679540][ T5057] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84401c81 [ 75.687507][ T5057] RDX: 00000000000003c8 RSI: ffff888020166040 RDI: 0000000000000000 [ 75.695479][ T5057] RBP: ffff888020166000 R08: 0000000400000003 R09: 0000002200000071 [ 75.703533][ T5057] R10: 0000000800000016 R11: 0000001700000083 R12: 0000000000000000 [ 75.711680][ T5057] R13: ffff88807f589da0 R14: ffff88807aecb000 R15: 0000000000000001 [ 75.719642][ T5057] FS: 0000555555fb6380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 75.728571][ T5057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.735152][ T5057] CR2: 0000000000000000 CR3: 0000000029834000 CR4: 00000000003506f0 [ 75.743135][ T5057] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.751100][ T5057] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.759339][ T5057] Call Trace: [ 75.762608][ T5057] [ 75.765542][ T5057] ? show_regs+0x8f/0xa0 [ 75.769776][ T5057] ? __die+0x2c/0x80 [ 75.773655][ T5057] ? page_fault_oops+0x398/0xab0 [ 75.778576][ T5057] ? dump_pagetable+0x530/0x530 [ 75.783426][ T5057] ? stack_depot_save_flags+0x558/0x730 [ 75.788964][ T5057] ? reacquire_held_locks+0x4c0/0x4c0 [ 75.794323][ T5057] ? _raw_write_unlock_irqrestore+0x4e/0x70 [ 75.800206][ T5057] ? lockdep_hardirqs_on+0x7d/0x110 [ 75.805418][ T5057] ? do_user_addr_fault+0x564/0x1030 [ 75.810689][ T5057] ? irqentry_enter+0x2d/0x50 [ 75.815349][ T5057] ? rcu_is_watching+0x12/0xb0 [ 75.820100][ T5057] ? exc_page_fault+0x5d/0xc0 [ 75.824762][ T5057] ? asm_exc_page_fault+0x26/0x30 [ 75.829775][ T5057] ? crypto_arc4_crypt+0x31/0x70 [ 75.834697][ T5057] ? memcpy_orig+0x31/0x120 [ 75.839183][ T5057] crypto_arc4_crypt+0x4b/0x70 [ 75.843935][ T5057] ? cast6_setkey+0x30/0x30 [ 75.848422][ T5057] crypto_lskcipher_decrypt+0xd4/0x130 [ 75.853871][ T5057] crypto_cbc_decrypt+0x14f/0x330 [ 75.858883][ T5057] ? crypto_cbc_encrypt+0x220/0x220 [ 75.864098][ T5057] ? skcipher_walk_skcipher+0x4d9/0x640 [ 75.869654][ T5057] crypto_lskcipher_crypt_sg+0x28c/0x460 [ 75.875383][ T5057] ? crypto_cbc_encrypt+0x220/0x220 [ 75.880581][ T5057] ? crypto_lskcipher_decrypt+0x130/0x130 [ 75.886288][ T5057] ? kfree+0x124/0x360 [ 75.890375][ T5057] crypto_skcipher_decrypt+0xda/0x160 [ 75.895765][ T5057] skcipher_recvmsg+0xc2b/0x1040 [ 75.900707][ T5057] ? algif_skcipher_export.part.0+0x200/0x200 [ 75.906768][ T5057] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 75.912043][ T5057] ? security_socket_recvmsg+0x92/0xc0 [ 75.917488][ T5057] ? algif_skcipher_export.part.0+0x200/0x200 [ 75.923544][ T5057] sock_recvmsg+0xe2/0x170 [ 75.927950][ T5057] __sys_recvfrom+0x1ab/0x2e0 [ 75.932620][ T5057] ? __ia32_sys_send+0x100/0x100 [ 75.937550][ T5057] ? spin_bug+0x1d0/0x1d0 [ 75.941863][ T5057] ? cgroup_update_frozen+0x144/0x6b0 [ 75.947237][ T5057] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.952423][ T5057] ? lockdep_hardirqs_on+0x7d/0x110 [ 75.957622][ T5057] __x64_sys_recvfrom+0xe0/0x1b0 [ 75.962543][ T5057] ? syscall_trace_enter+0xb3/0x200 [ 75.967730][ T5057] do_syscall_64+0xd3/0x250 [ 75.972225][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 75.978108][ T5057] RIP: 0033:0x7f91668079b9 [ 75.982507][ T5057] Code: ff e8 cb 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d f1 56 07 00 00 41 89 ca 74 1c 45 31 c9 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 55 48 83 ec 20 48 89 [ 76.002202][ T5057] RSP: 002b:00007ffe09073d28 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 76.010605][ T5057] RAX: ffffffffffffffda RBX: 00007ffe09073db4 RCX: 00007f91668079b9 [ 76.018577][ T5057] RDX: 0000000000001000 RSI: 00007ffe09073da0 RDI: 0000000000000004 [ 76.026894][ T5057] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 76.034884][ T5057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe09073da0 [ 76.042839][ T5057] R13: 00007ffe09074f88 R14: 0000000000000001 R15: 0000000000000001 [ 76.050799][ T5057] [ 76.053803][ T5057] Modules linked in: [ 76.057679][ T5057] CR2: 0000000000000000 [ 76.061809][ T5057] ---[ end trace 0000000000000000 ]--- [ 76.067265][ T5057] RIP: 0010:memcpy_orig+0x31/0x120 [ 76.072380][ T5057] Code: 48 83 fa 20 0f 82 86 00 00 00 40 38 fe 7c 35 48 83 ea 20 48 83 ea 20 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 48 8d 76 20 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 48 8d 7f 20 73 d4 83 [ 76.091988][ T5057] RSP: 0018:ffffc900040ef8c0 EFLAGS: 00010202 [ 76.098040][ T5057] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84401c81 [ 76.106026][ T5057] RDX: 00000000000003c8 RSI: ffff888020166040 RDI: 0000000000000000 [ 76.113981][ T5057] RBP: ffff888020166000 R08: 0000000400000003 R09: 0000002200000071 [ 76.121936][ T5057] R10: 0000000800000016 R11: 0000001700000083 R12: 0000000000000000 [ 76.129892][ T5057] R13: ffff88807f589da0 R14: ffff88807aecb000 R15: 0000000000000001 [ 76.137845][ T5057] FS: 0000555555fb6380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 76.146773][ T5057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.153342][ T5057] CR2: 0000000000000000 CR3: 0000000029834000 CR4: 00000000003506f0 [ 76.161300][ T5057] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.169257][ T5057] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.177214][ T5057] Kernel panic - not syncing: Fatal exception [ 76.183491][ T5057] Kernel Offset: disabled [ 76.187811][ T5057] Rebooting in 86400 seconds..