./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor652381100 <...> DUID 00:04:98:96:05:40:f2:aa:0a:66:7a:29:c2:20:2e:76:e0:ec forked to background, child pid 3176 [ 26.164962][ T3177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.176959][ T3177] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts. execve("./syz-executor652381100", ["./syz-executor652381100"], 0x7ffde0081c30 /* 10 vars */) = 0 brk(NULL) = 0x5555564e8000 brk(0x5555564e8c40) = 0x5555564e8c40 arch_prctl(ARCH_SET_FS, 0x5555564e8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor652381100", 4096) = 27 brk(0x555556509c40) = 0x555556509c40 brk(0x55555650a000) = 0x55555650a000 mprotect(0x7f6ba5dde000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 io_uring_setup(18777, {flags=IORING_SETUP_IOPOLL, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 mmap(0x20ee7000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20ee7000 mmap(0x20002000, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20002000 mmap(0x20ee7000, 12288, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED, 3, 0x10000000) = 0x20ee7000 io_uring_setup(11751, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 mmap(0x20002000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0) = 0x20002000 mmap(0x20003000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000) = 0x20003000 io_uring_enter(3, 25588, 0, 0, NULL, 0) = 1 exit_group(0) = ? syzkaller login: [ 49.308382][ T3597] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 49.316187][ T3597] #PF: supervisor instruction fetch in kernel mode [ 49.322669][ T3597] #PF: error_code(0x0010) - not-present page [ 49.328623][ T3597] PGD 0 P4D 0 [ 49.331978][ T3597] Oops: 0010 [#1] PREEMPT SMP KASAN [ 49.337159][ T3597] CPU: 1 PID: 3597 Comm: syz-executor652 Not tainted 5.18.0-rc7-syzkaller #0 [ 49.345894][ T3597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.355925][ T3597] RIP: 0010:0x0 [ 49.359372][ T3597] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 49.367070][ T3597] RSP: 0018:ffffc90002f4fb68 EFLAGS: 00010246 [ 49.373129][ T3597] RAX: ffffffff89dad220 RBX: dffffc0000000000 RCX: 0000000000000000 [ 49.381082][ T3597] RDX: 0000000000000003 RSI: ffffc90002f4fbe0 RDI: ffff888019b838c0 [ 49.389035][ T3597] RBP: ffff888019b83901 R08: 0000000000000000 R09: 0000000000000000 [ 49.396988][ T3597] R10: ffffffff81ec11a0 R11: 0000000000000000 R12: 0000000000000003 [ 49.404937][ T3597] R13: ffffc90002f4fbe0 R14: ffff888019b838c0 R15: ffff888019b83938 [ 49.412974][ T3597] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 49.421975][ T3597] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.428539][ T3597] CR2: ffffffffffffffd6 CR3: 000000000ba8e000 CR4: 00000000003506e0 [ 49.436488][ T3597] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.444531][ T3597] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.452481][ T3597] Call Trace: [ 49.455741][ T3597] [ 49.458653][ T3597] io_do_iopoll+0x262/0x1080 [ 49.463242][ T3597] ? mutex_lock_io_nested+0x1150/0x1150 [ 49.468769][ T3597] ? lock_downgrade+0x6e0/0x6e0 [ 49.473699][ T3597] ? __io_submit_flush_completions+0xb10/0xb10 [ 49.479841][ T3597] ? do_raw_spin_unlock+0x171/0x230 [ 49.485022][ T3597] io_iopoll_try_reap_events+0xba/0x158 [ 49.490554][ T3597] io_ring_ctx_wait_and_kill+0x1d9/0x327 [ 49.496174][ T3597] ? io_iopoll_try_reap_events+0x158/0x158 [ 49.501961][ T3597] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 49.508182][ T3597] io_uring_release+0x42/0x46 [ 49.512841][ T3597] __fput+0x277/0x9d0 [ 49.516808][ T3597] ? io_ring_ctx_wait_and_kill+0x327/0x327 [ 49.522603][ T3597] task_work_run+0xdd/0x1a0 [ 49.527093][ T3597] do_exit+0xaff/0x2a00 [ 49.531231][ T3597] ? lock_downgrade+0x6e0/0x6e0 [ 49.536064][ T3597] ? mm_update_next_owner+0x7a0/0x7a0 [ 49.541419][ T3597] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.546604][ T3597] do_group_exit+0xd2/0x2f0 [ 49.551098][ T3597] __x64_sys_exit_group+0x3a/0x50 [ 49.556116][ T3597] do_syscall_64+0x35/0xb0 [ 49.560523][ T3597] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.566404][ T3597] RIP: 0033:0x7f6ba5d6ff19 [ 49.570804][ T3597] Code: Unable to access opcode bytes at RIP 0x7f6ba5d6feef. [ 49.578145][ T3597] RSP: 002b:00007ffee0f8cb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 49.586547][ T3597] RAX: ffffffffffffffda RBX: 00007f6ba5de4290 RCX: 00007f6ba5d6ff19 [ 49.594502][ T3597] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 49.602449][ T3597] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 49.610396][ T3597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ba5de4290 [ 49.618438][ T3597] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 49.626402][ T3597] [ 49.629400][ T3597] Modules linked in: [ 49.633272][ T3597] CR2: 0000000000000000 [ 49.637401][ T3597] ---[ end trace 0000000000000000 ]--- [ 49.642842][ T3597] RIP: 0010:0x0 [ 49.646297][ T3597] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 49.653986][ T3597] RSP: 0018:ffffc90002f4fb68 EFLAGS: 00010246 [ 49.660027][ T3597] RAX: ffffffff89dad220 RBX: dffffc0000000000 RCX: 0000000000000000 [ 49.667978][ T3597] RDX: 0000000000000003 RSI: ffffc90002f4fbe0 RDI: ffff888019b838c0 [ 49.675929][ T3597] RBP: ffff888019b83901 R08: 0000000000000000 R09: 0000000000000000 [ 49.683879][ T3597] R10: ffffffff81ec11a0 R11: 0000000000000000 R12: 0000000000000003 [ 49.691827][ T3597] R13: ffffc90002f4fbe0 R14: ffff888019b838c0 R15: ffff888019b83938 [ 49.699774][ T3597] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 49.708681][ T3597] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.715243][ T3597] CR2: ffffffffffffffd6 CR3: 000000000ba8e000 CR4: 00000000003506e0 [ 49.723194][ T3597] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.731140][ T3597] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.739089][ T3597] Kernel panic - not syncing: Fatal exception [ 49.745299][ T3597] Kernel Offset: disabled [ 49.749606][ T3597] Rebooting in 86400 seconds..