./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2921852056 <...> Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. execve("./syz-executor2921852056", ["./syz-executor2921852056"], 0x7fff0807b570 /* 10 vars */) = 0 brk(NULL) = 0x555556af9000 brk(0x555556af9c40) = 0x555556af9c40 arch_prctl(ARCH_SET_FS, 0x555556af9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2921852056", 4096) = 28 brk(0x555556b1ac40) = 0x555556b1ac40 brk(0x555556b1b000) = 0x555556b1b000 mprotect(0x7f15eadd0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_ALG, SOCK_SEQPACKET, 0) = 3 bind(3, {sa_family=AF_ALG, salg_type="hash", salg_feat=0, salg_mask=0, salg_name="ghash-clmulni"}, 88) = 0 setsockopt(3, SOL_ALG, ALG_SET_KEY, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 0 accept4(3, NULL, NULL, 0) = 4 sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}], 1, MSG_PEEK|MSG_PROBE|MSG_MORE|MSG_FASTOPEN) = 1 syzkaller login: [ 57.970402][ T5003] general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN [ 57.982137][ T5003] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 57.990530][ T5003] CPU: 0 PID: 5003 Comm: syz-executor292 Not tainted 6.4.0-rc6-syzkaller-01333-g9a94d764e9bc #0 [ 58.000933][ T5003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 58.010991][ T5003] RIP: 0010:shash_ahash_update+0x126/0x210 [ 58.017248][ T5003] Code: 8c 00 00 00 e8 bb f7 a4 fd 48 8b 04 24 48 8b 6c 24 40 80 38 00 0f 85 c3 00 00 00 4d 8b 75 00 49 8d 7e 20 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 c1 00 00 00 4d 8b 7e 20 49 8d 7f 2c 48 89 fa 48 [ 58.037034][ T5003] RSP: 0018:ffffc9000399f948 EFLAGS: 00010202 [ 58.043094][ T5003] RAX: ffffed100fc1276b RBX: dffffc0000000000 RCX: 0000000000000000 [ 58.051050][ T5003] RDX: 0000000000000004 RSI: ffffffff83df4f25 RDI: 0000000000000020 [ 58.059004][ T5003] RBP: ffff88807241a100 R08: 0000000000000005 R09: 0000000000000000 [ 58.066999][ T5003] R10: 0000000000000f00 R11: 0000000000000009 R12: 0000000000000f00 [ 58.074967][ T5003] R13: ffff88807e093b58 R14: 0000000000000000 R15: 1ffff92000733f2b [ 58.082924][ T5003] FS: 0000555556af9300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.091840][ T5003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.098476][ T5003] CR2: 00007f33cc8b6440 CR3: 000000007d856000 CR4: 00000000003506f0 [ 58.106438][ T5003] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.114388][ T5003] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.122359][ T5003] Call Trace: [ 58.126084][ T5003] [ 58.129005][ T5003] ? die_addr+0x3c/0xa0 [ 58.133955][ T5003] ? exc_general_protection+0x129/0x230 [ 58.139512][ T5003] ? asm_exc_general_protection+0x26/0x30 [ 58.145229][ T5003] ? shash_ahash_update+0x105/0x210 [ 58.150433][ T5003] ? shash_ahash_update+0x126/0x210 [ 58.155680][ T5003] ? shash_ahash_update+0x105/0x210 [ 58.160879][ T5003] ? crypto_shash_finup+0x160/0x160 [ 58.166121][ T5003] ? mark_held_locks+0x9f/0xe0 [ 58.170969][ T5003] ghash_async_update+0x136/0x170 [ 58.176087][ T5003] hash_sendmsg+0x434/0xde0 [ 58.180599][ T5003] ? hash_accept_nokey+0x90/0x90 [ 58.185534][ T5003] sock_sendmsg+0xde/0x190 [ 58.189948][ T5003] ____sys_sendmsg+0x733/0x920 [ 58.194873][ T5003] ? copy_msghdr_from_user+0xfc/0x150 [ 58.200234][ T5003] ? kernel_sendmsg+0x50/0x50 [ 58.204902][ T5003] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.210880][ T5003] ___sys_sendmsg+0x110/0x1b0 [ 58.215566][ T5003] ? do_recvmmsg+0x6f0/0x6f0 [ 58.220146][ T5003] ? lock_sync+0x190/0x190 [ 58.224563][ T5003] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 58.229749][ T5003] ? do_raw_spin_lock+0x124/0x2b0 [ 58.234761][ T5003] ? spin_bug+0x1c0/0x1c0 [ 58.239517][ T5003] ? _raw_spin_lock_irq+0x45/0x50 [ 58.244535][ T5003] ? __fget_light+0x20a/0x270 [ 58.249290][ T5003] __sys_sendmsg+0xf7/0x1c0 [ 58.253781][ T5003] ? __sys_sendmsg_sock+0x40/0x40 [ 58.258803][ T5003] ? lock_downgrade+0x690/0x690 [ 58.263643][ T5003] ? lockdep_hardirqs_on+0x7d/0x100 [ 58.268836][ T5003] ? _raw_spin_unlock_irq+0x2e/0x50 [ 58.274036][ T5003] ? ptrace_notify+0xfe/0x140 [ 58.278702][ T5003] do_syscall_64+0x39/0xb0 [ 58.283103][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.288988][ T5003] RIP: 0033:0x7f15ead63cb9 [ 58.293499][ T5003] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.313192][ T5003] RSP: 002b:00007ffc678219d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.321593][ T5003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f15ead63cb9 [ 58.329547][ T5003] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004 [ 58.337502][ T5003] RBP: 00007f15ead27e60 R08: 0000000000000000 R09: 0000000000000000 [ 58.345462][ T5003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15ead27ef0 [ 58.353506][ T5003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 58.362249][ T5003] [ 58.365249][ T5003] Modules linked in: [ 58.369373][ T5003] ---[ end trace 0000000000000000 ]--- [ 58.374899][ T5003] RIP: 0010:shash_ahash_update+0x126/0x210 [ 58.381195][ T5003] Code: 8c 00 00 00 e8 bb f7 a4 fd 48 8b 04 24 48 8b 6c 24 40 80 38 00 0f 85 c3 00 00 00 4d 8b 75 00 49 8d 7e 20 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 c1 00 00 00 4d 8b 7e 20 49 8d 7f 2c 48 89 fa 48 [ 58.402750][ T5003] RSP: 0018:ffffc9000399f948 EFLAGS: 00010202 [ 58.408922][ T5003] RAX: ffffed100fc1276b RBX: dffffc0000000000 RCX: 0000000000000000 [ 58.417510][ T5003] RDX: 0000000000000004 RSI: ffffffff83df4f25 RDI: 0000000000000020 [ 58.425586][ T5003] RBP: ffff88807241a100 R08: 0000000000000005 R09: 0000000000000000 [ 58.433595][ T5003] R10: 0000000000000f00 R11: 0000000000000009 R12: 0000000000000f00 [ 58.441886][ T5003] R13: ffff88807e093b58 R14: 0000000000000000 R15: 1ffff92000733f2b [ 58.449914][ T5003] FS: 0000555556af9300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 58.459089][ T5003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.465719][ T5003] CR2: 00007f70d29f2304 CR3: 000000007d856000 CR4: 00000000003506e0 [ 58.473946][ T5003] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.482043][ T5003] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.490103][ T5003] Kernel panic - not syncing: Fatal exception [ 58.496235][ T5003] Kernel Offset: disabled [ 58.501014][ T5003] Rebooting in 86400 seconds..