./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1156692901 <...> Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts. execve("./syz-executor1156692901", ["./syz-executor1156692901"], 0x7ffdbc08cf30 /* 10 vars */) = 0 brk(NULL) = 0x5555556ef000 brk(0x5555556efd00) = 0x5555556efd00 arch_prctl(ARCH_SET_FS, 0x5555556ef380) = 0 set_tid_address(0x5555556ef650) = 5058 set_robust_list(0x5555556ef660, 24) = 0 rseq(0x5555556efca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1156692901", 4096) = 28 getrandom("\x02\xd1\xf8\xee\xb2\xdc\xe0\x1d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555556efd00 brk(0x555555710d00) = 0x555555710d00 brk(0x555555711000) = 0x555555711000 mprotect(0x7ff0248fb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 4 ioctl(4, SIOCGIFINDEX, {ifr_name="ip6tnl0", ifr_ifindex=21}) = 0 [ 67.152597][ T5058] general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN [ 67.164366][ T5058] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f] [ 67.172776][ T5058] CPU: 0 PID: 5058 Comm: syz-executor115 Not tainted 6.7.0-rc8-next-20240105-syzkaller #0 [ 67.182970][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 67.193840][ T5058] RIP: 0010:qdisc_create+0x6a8/0x1440 [ 67.199242][ T5058] Code: ea 03 80 3c 02 00 0f 85 57 0c 00 00 4c 8b 6d 08 49 8d 45 48 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 16 0c 00 00 31 d2 be f2 ff 00 00 48 89 df 41 ff [ 67.219197][ T5058] RSP: 0018:ffffc900039ef410 EFLAGS: 00010206 [ 67.225347][ T5058] RAX: dffffc0000000000 RBX: ffff88802f3c5000 RCX: ffffffff889a5187 [ 67.233394][ T5058] RDX: 0000000000000009 RSI: ffffffff889a4b28 RDI: ffffffff8f3b9ce8 [ 67.241438][ T5058] RBP: ffffffff8f3b9ce0 R08: 0000000000000001 R09: 0000000000000000 [ 67.249499][ T5058] R10: 0000000000000001 R11: ffffffff8acf20a0 R12: ffff88802a126000 [ 67.257690][ T5058] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8f3b9ce0 [ 67.265669][ T5058] FS: 00005555556ef380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 67.274952][ T5058] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.281932][ T5058] CR2: 00000000004585c0 CR3: 000000002dc52000 CR4: 00000000003506f0 [ 67.290489][ T5058] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.299995][ T5058] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.307989][ T5058] Call Trace: [ 67.311416][ T5058] [ 67.314354][ T5058] ? show_regs+0x8e/0xa0 [ 67.318633][ T5058] ? die_addr+0x4f/0xd0 [ 67.323075][ T5058] ? exc_general_protection+0x155/0x230 [ 67.329018][ T5058] ? asm_exc_general_protection+0x26/0x30 [ 67.335571][ T5058] ? qdisc_create+0xca7/0x1440 [ 67.340553][ T5058] ? qdisc_create+0x648/0x1440 [ 67.345955][ T5058] ? qdisc_create+0x6a8/0x1440 [ 67.350781][ T5058] ? tc_get_qdisc+0xdf0/0xdf0 [ 67.355752][ T5058] ? __nla_parse+0x40/0x50 [ 67.360532][ T5058] tc_modify_qdisc+0x4d5/0x1c30 [ 67.365409][ T5058] ? qdisc_create+0x1440/0x1440 [ 67.370281][ T5058] ? trace_irq_enable.constprop.0+0xe0/0x110 [ 67.376378][ T5058] ? bpf_lsm_capable+0x9/0x10 [ 67.381062][ T5058] ? security_capable+0x92/0xc0 [ 67.386547][ T5058] ? qdisc_create+0x1440/0x1440 [ 67.391592][ T5058] rtnetlink_rcv_msg+0x3c7/0xe00 [ 67.396559][ T5058] ? rtnl_fill_vf+0x490/0x490 [ 67.401544][ T5058] netlink_rcv_skb+0x16b/0x440 [ 67.406620][ T5058] ? rtnl_fill_vf+0x490/0x490 [ 67.411344][ T5058] ? netlink_ack+0x1380/0x1380 [ 67.416562][ T5058] ? lock_sync+0x190/0x190 [ 67.422312][ T5058] ? __rhashtable_lookup.constprop.0+0x397/0x710 [ 67.429064][ T5058] ? netlink_deliver_tap+0x1a0/0xd00 [ 67.434663][ T5058] ? _copy_from_iter+0x2c1/0x10f0 [ 67.440166][ T5058] netlink_unicast+0x53b/0x810 [ 67.445319][ T5058] ? netlink_attachskb+0x870/0x870 [ 67.450676][ T5058] ? __phys_addr_symbol+0x30/0x70 [ 67.457059][ T5058] ? __check_object_size+0x322/0x730 [ 67.462735][ T5058] netlink_sendmsg+0x8b4/0xd70 [ 67.467538][ T5058] ? netlink_unicast+0x810/0x810 [ 67.472861][ T5058] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 67.478514][ T5058] ? netlink_unicast+0x810/0x810 [ 67.484156][ T5058] __sock_sendmsg+0xd5/0x180 [ 67.489759][ T5058] ____sys_sendmsg+0x6ac/0x940 [ 67.495156][ T5058] ? copy_msghdr_from_user+0x10b/0x160 [ 67.501152][ T5058] ? kernel_sendmsg+0x50/0x50 [ 67.506350][ T5058] ? finish_task_switch.isra.0+0x217/0xcb0 [ 67.513334][ T5058] ? __switch_to+0x749/0x1370 [ 67.518326][ T5058] ___sys_sendmsg+0x135/0x1d0 [ 67.523845][ T5058] ? do_recvmmsg+0x740/0x740 [ 67.529099][ T5058] ? trace_irq_enable.constprop.0+0xe0/0x110 [ 67.535860][ T5058] ? lock_sync+0x190/0x190 [ 67.540960][ T5058] ? ptrace_stop.part.0+0x44a/0x930 [ 67.546940][ T5058] ? __fget_light+0x172/0x200 [ 67.552167][ T5058] __sys_sendmsg+0x117/0x1e0 [ 67.557501][ T5058] ? __sys_sendmsg_sock+0x30/0x30 [ 67.562549][ T5058] ? ptrace_notify+0xf1/0x130 [ 67.567565][ T5058] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.573072][ T5058] ? ptrace_notify+0xf1/0x130 [ 67.577900][ T5058] do_syscall_64+0xd0/0x250 [ 67.582623][ T5058] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 67.588532][ T5058] RIP: 0033:0x7ff024888469 [ 67.592998][ T5058] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.614566][ T5058] RSP: 002b:00007ffe0b11d918 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.623092][ T5058] RAX: ffffffffffffffda RBX: 00007ffe0b11dae8 RCX: 00007ff024888469 [ 67.631186][ T5058] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 [ 67.639353][ T5058] RBP: 00007ff0248fb610 R08: 00000000ffffffff R09: 00007ffe0b11dae8 [ 67.647733][ T5058] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 67.656289][ T5058] R13: 00007ffe0b11dad8 R14: 0000000000000001 R15: 0000000000000001 [ 67.664400][ T5058] [ 67.667418][ T5058] Modules linked in: [ 67.672702][ T5058] ---[ end trace 0000000000000000 ]--- [ 67.678775][ T5058] RIP: 0010:qdisc_create+0x6a8/0x1440 [ 67.684480][ T5058] Code: ea 03 80 3c 02 00 0f 85 57 0c 00 00 4c 8b 6d 08 49 8d 45 48 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 16 0c 00 00 31 d2 be f2 ff 00 00 48 89 df 41 ff [ 67.705469][ T5058] RSP: 0018:ffffc900039ef410 EFLAGS: 00010206 [ 67.711682][ T5058] RAX: dffffc0000000000 RBX: ffff88802f3c5000 RCX: ffffffff889a5187 [ 67.719797][ T5058] RDX: 0000000000000009 RSI: ffffffff889a4b28 RDI: ffffffff8f3b9ce8 [ 67.727910][ T5058] RBP: ffffffff8f3b9ce0 R08: 0000000000000001 R09: 0000000000000000 [ 67.736277][ T5058] R10: 0000000000000001 R11: ffffffff8acf20a0 R12: ffff88802a126000 [ 67.744542][ T5058] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8f3b9ce0 [ 67.752954][ T5058] FS: 00005555556ef380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 67.762596][ T5058] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.769317][ T5058] CR2: 000055be3e440798 CR3: 000000002dc52000 CR4: 00000000003506f0 [ 67.777522][ T5058] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.786680][ T5058] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.795998][ T5058] Kernel panic - not syncing: Fatal exception [ 67.803750][ T5058] Kernel Offset: disabled [ 67.809056][ T5058] Rebooting in 86400 seconds..