./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1292238328 <...> DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2 forked to background, child pid 3261 [ 28.374854][ T3262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.383464][ T3262] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.119' (ECDSA) to the list of known hosts. execve("./syz-executor1292238328", ["./syz-executor1292238328"], 0x7fffdf384090 /* 10 vars */) = 0 brk(NULL) = 0x55555604c000 brk(0x55555604cc40) = 0x55555604cc40 arch_prctl(ARCH_SET_FS, 0x55555604c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1292238328", 4096) = 28 brk(0x55555606dc40) = 0x55555606dc40 brk(0x55555606e000) = 0x55555606e000 mprotect(0x7f2aed601000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 io_uring_setup(2816, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=4096, cq_entries=8192, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=131392}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 mmap(0x20002000, 147776, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20002000 mmap(0x20ffc000, 262144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20ffc000 io_uring_enter(3, 767, 0, 0, NULL, 90) = 1 exit_group(0) = ? syzkaller login: [ 51.343016][ T3683] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 51.354762][ T3683] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 51.363170][ T3683] CPU: 0 PID: 3683 Comm: iou-wrk-3682 Not tainted 5.18.0-rc6-next-20220512-syzkaller #0 [ 51.372886][ T3683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.382940][ T3683] RIP: 0010:__list_add_valid+0x47/0xa0 [ 51.388416][ T3683] Code: fa 48 c1 ea 03 80 3c 02 00 75 50 49 8b 54 24 08 48 39 f2 0f 85 56 73 43 05 48 b8 00 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 <80> 3c 02 00 75 3a 48 8b 16 4c 39 e2 0f 85 5b 73 43 05 48 39 f5 0f [ 51.408030][ T3683] RSP: 0018:ffffc90002fd7ae8 EFLAGS: 00010246 [ 51.414102][ T3683] RAX: dffffc0000000000 RBX: ffff888023ed0000 RCX: 0000000000000000 [ 51.422068][ T3683] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801ef405c8 [ 51.430039][ T3683] RBP: ffff888023ed0000 R08: 0000000000000000 R09: 0000000000000001 [ 51.438015][ T3683] R10: ffffffff81f05205 R11: 0000000000000000 R12: ffff88801ef405c0 [ 51.445984][ T3683] R13: ffff88801ef405c8 R14: ffff88807a30f1e0 R15: ffff888023ed0020 [ 51.453953][ T3683] FS: 000055555604c300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 51.462882][ T3683] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.469466][ T3683] CR2: 00007f2aed5d7b08 CR3: 0000000023ed5000 CR4: 00000000003506f0 [ 51.477449][ T3683] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.485434][ T3683] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.493421][ T3683] Call Trace: [ 51.496716][ T3683] [ 51.499651][ T3683] io_issue_sqe+0x2b72/0xa140 [ 51.504368][ T3683] ? io_openat2+0xbb0/0xbb0 [ 51.508895][ T3683] ? find_held_lock+0x2d/0x110 [ 51.513689][ T3683] ? io_worker_handle_work+0x53d/0x1ab0 [ 51.519256][ T3683] ? lock_downgrade+0x6e0/0x6e0 [ 51.524122][ T3683] ? do_raw_spin_lock+0x120/0x2a0 [ 51.529149][ T3683] io_wq_submit_work+0x22a/0x600 [ 51.534098][ T3683] io_worker_handle_work+0xb1c/0x1ab0 [ 51.539491][ T3683] io_wqe_worker+0x637/0xdb0 [ 51.544096][ T3683] ? io_wqe_dec_running+0x240/0x240 [ 51.549308][ T3683] ? ret_from_fork+0x8/0x30 [ 51.553816][ T3683] ? lock_downgrade+0x6e0/0x6e0 [ 51.558677][ T3683] ? do_raw_spin_lock+0x120/0x2a0 [ 51.563701][ T3683] ? rwlock_bug.part.0+0x90/0x90 [ 51.568641][ T3683] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.573842][ T3683] ? io_wqe_dec_running+0x240/0x240 [ 51.579054][ T3683] ret_from_fork+0x1f/0x30 [ 51.583482][ T3683] [ 51.586494][ T3683] Modules linked in: [ 51.590715][ T3683] ---[ end trace 0000000000000000 ]--- [ 51.590724][ T3683] RIP: 0010:__list_add_valid+0x47/0xa0 [ 51.590759][ T3683] Code: fa 48 c1 ea 03 80 3c 02 00 75 50 49 8b 54 24 08 48 39 f2 0f 85 56 73 43 05 48 b8 00 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 <80> 3c 02 00 75 3a 48 8b 16 4c 39 e2 0f 85 5b 73 43 05 48 39 f5 0f [ 51.590781][ T3683] RSP: 0018:ffffc90002fd7ae8 EFLAGS: 00010246 [ 51.590799][ T3683] RAX: dffffc0000000000 RBX: ffff888023ed0000 RCX: 0000000000000000 [ 51.590814][ T3683] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801ef405c8 [ 51.590828][ T3683] RBP: ffff888023ed0000 R08: 0000000000000000 R09: 0000000000000001 [ 51.590842][ T3683] R10: ffffffff81f05205 R11: 0000000000000000 R12: ffff88801ef405c0 [ 51.590856][ T3683] R13: ffff88801ef405c8 R14: ffff88807a30f1e0 R15: ffff888023ed0020 [ 51.590869][ T3683] FS: 000055555604c300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 51.590892][ T3683] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.590908][ T3683] CR2: 00007f2aed5d7b08 CR3: 0000000023ed5000 CR4: 00000000003506f0 [ 51.590920][ T3683] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.590933][ T3683] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.590949][ T3683] Kernel panic - not syncing: Fatal exception [ 51.712691][ T3683] Kernel Offset: disabled [ 51.717012][ T3683] Rebooting in 86400 seconds..