./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2165500037

<...>
forked to background, child pid 3186
no interfaces have a carrier
[   25.015071][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.029537][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.84' (ECDSA) to the list of known hosts.
execve("./syz-executor2165500037", ["./syz-executor2165500037"], 0x7fffd10872c0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555635f000
brk(0x55555635fc40)                     = 0x55555635fc40
arch_prctl(ARCH_SET_FS, 0x55555635f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2165500037", 4096) = 28
brk(0x555556380c40)                     = 0x555556380c40
brk(0x555556381000)                     = 0x555556381000
mprotect(0x7f292e4dc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3609 attached
, child_tidptr=0x55555635f5d0) = 3609
[pid  3609] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3609] setsid()                    = 1
[pid  3609] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3609] unshare(CLONE_NEWNS)        = 0
[pid  3609] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3609] unshare(CLONE_NEWIPC)       = 0
[pid  3609] unshare(CLONE_NEWCGROUP)    = 0
[pid  3609] unshare(CLONE_NEWUTS)       = 0
[pid  3609] unshare(CLONE_SYSVSEM)      = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "16777216", 8)     = 8
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "536870912", 9)    = 9
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "8192", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3609] close(3)                    = 0
[pid  3609] getpid()                    = 1
[pid  3609] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3609] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3609] unshare(CLONE_NEWNET)       = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "0 65535", 7)      = 7
[pid  3609] close(3)                    = 0
[pid  3609] mkdir("/dev/binderfs", 0777) = 0
[pid  3609] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3609] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3609] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 2
./strace-static-x86_64: Process 3610 attached
[pid  3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3610] setpgid(0, 0)               = 0
[pid  3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3610] write(3, "1000", 4)         = 4
[pid  3610] close(3)                    = 0
[pid  3610] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY) = 3
[pid  3610] ioctl(3, BINDER_SET_CONTEXT_MGR, 0) = 0
[pid  3610] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY) = 4
[pid  3610] ioctl(4, BINDER_WRITE_READ, 0x20000080) = 0
[pid  3610] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY) = 5
[pid  3610] dup2(5, 3)                  = 3
[pid  3610] ioctl(3, BINDER_SET_CONTEXT_MGR_EXT, 0x20000000) = 0
[pid  3610] ioctl(4, BINDER_WRITE_READ, 0x20001480) = -1 EFAULT (Bad address)
syzkaller login: [   41.987796][ T3610] binder: 3610:3610 ioctl c0306201 20001480 returned -14
[   41.996138][ T3610] general protection fault, probably for non-canonical address 0xdffffc0000000025: 0000 [#1] PREEMPT SMP KASAN
[   42.008204][ T3610] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]
[   42.016595][ T3610] CPU: 0 PID: 3610 Comm: syz-executor216 Not tainted 6.0.0-rc3-syzkaller #0
[   42.025249][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   42.035287][ T3610] RIP: 0010:__lock_acquire+0x6b/0x1f60
[   42.040740][ T3610] Code: ff df 8a 04 10 84 c0 0f 85 62 16 00 00 83 3d bf 50 bc 0c 00 0f 84 13 15 00 00 83 3d 7e 93 55 0b 00 74 2c 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 b7 f3 73 00 48 ba 00 00 00 00 00 fc
[   42.060331][ T3610] RSP: 0018:ffffc90003a2efa8 EFLAGS: 00010002
[   42.066385][ T3610] RAX: 0000000000000025 RBX: 0000000000000000 RCX: 0000000000000001
[   42.074350][ T3610] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000128
[   42.082311][ T3610] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[   42.090266][ T3610] R10: fffffbfff1c4ae0e R11: 1ffffffff1c4ae0d R12: 0000000000000001
[   42.098222][ T3610] R13: 0000000000000128 R14: 0000000000000000 R15: 0000000000000001
[   42.106266][ T3610] FS:  000055555635f300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   42.115182][ T3610] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.121755][ T3610] CR2: 0000000000000000 CR3: 000000001db40000 CR4: 00000000003506f0
[   42.129718][ T3610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.137700][ T3610] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.145656][ T3610] Call Trace:
[   42.148923][ T3610]  <TASK>
[   42.151849][ T3610]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   42.157825][ T3610]  lock_acquire+0x1a7/0x400
[   42.162314][ T3610]  ? binder_alloc_new_buf_locked+0x9d/0x15f0
[   42.168282][ T3610]  ? read_lock_is_recursive+0x10/0x10
[   42.173639][ T3610]  ? __might_sleep+0xc0/0xc0
[   42.178216][ T3610]  ? rcu_lock_release+0x5/0x20
[   42.182963][ T3610]  ? binder_alloc_new_buf+0x2b/0x60
[   42.188144][ T3610]  down_read+0x39/0x50
[   42.192212][ T3610]  ? binder_alloc_new_buf_locked+0x9d/0x15f0
[   42.198182][ T3610]  binder_alloc_new_buf_locked+0x9d/0x15f0
[   42.203972][ T3610]  ? rcu_read_lock_sched_held+0x89/0x130
[   42.209589][ T3610]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   42.215556][ T3610]  binder_alloc_new_buf+0x42/0x60
[   42.220564][ T3610]  binder_transaction+0x284b/0x72e0
[   42.225762][ T3610]  ? __lock_acquire+0x1292/0x1f60
[   42.230771][ T3610]  ? binder_free_buf+0x830/0x830
[   42.235692][ T3610]  ? rcu_read_lock_sched_held+0x89/0x130
[   42.241307][ T3610]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   42.247275][ T3610]  ? __might_sleep+0xc0/0xc0
[   42.251850][ T3610]  ? __might_fault+0xb6/0x110
[   42.256509][ T3610]  ? __lock_acquire+0x1f60/0x1f60
[   42.261520][ T3610]  ? rcu_read_lock_sched_held+0x89/0x130
[   42.267153][ T3610]  ? __might_fault+0xb2/0x110
[   42.271828][ T3610]  binder_ioctl_write_read+0xd9a/0x8e50
[   42.277382][ T3610]  ? arch_stack_walk+0xf8/0x140
[   42.282242][ T3610]  ? stack_trace_snprint+0xf0/0xf0
[   42.287359][ T3610]  ? __stack_depot_save+0x33/0x490
[   42.292465][ T3610]  ? trace_binder_ioctl+0x220/0x220
[   42.297654][ T3610]  ? mark_lock+0x9a/0x350
[   42.301979][ T3610]  ? binder_get_thread+0x17a/0x6f0
[   42.307083][ T3610]  ? rcu_read_lock_sched_held+0x89/0x130
[   42.312708][ T3610]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   42.318688][ T3610]  ? __lock_acquire+0x1f60/0x1f60
[   42.323702][ T3610]  ? do_raw_spin_unlock+0x134/0x8a0
[   42.328887][ T3610]  ? _raw_spin_unlock+0x24/0x40
[   42.333733][ T3610]  ? binder_get_thread+0x184/0x6f0
[   42.338831][ T3610]  binder_ioctl+0x385/0x18c0
[   42.343427][ T3610]  ? kfree+0xda/0x210
[   42.347406][ T3610]  ? tomoyo_path_number_perm+0x657/0x7b0
[   42.353033][ T3610]  ? __rwlock_init+0x140/0x140
[   42.357783][ T3610]  ? binder_poll+0x3b0/0x3b0
[   42.362360][ T3610]  ? smack_log+0x11f/0x530
[   42.366770][ T3610]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   42.372226][ T3610]  ? smk_access+0x490/0x490
[   42.376719][ T3610]  ? smk_tskacc+0x304/0x370
[   42.381212][ T3610]  ? smack_file_ioctl+0x2f7/0x3a0
[   42.386227][ T3610]  ? smack_file_alloc_security+0xd0/0xd0
[   42.391848][ T3610]  ? print_irqtrace_events+0x220/0x220
[   42.397292][ T3610]  ? vtime_user_exit+0x2b2/0x3e0
[   42.402228][ T3610]  ? __ct_user_exit+0x81/0xe0
[   42.406890][ T3610]  ? bpf_lsm_file_ioctl+0x5/0x10
[   42.411812][ T3610]  ? security_file_ioctl+0x9d/0xb0
[   42.416912][ T3610]  ? binder_poll+0x3b0/0x3b0
[   42.421488][ T3610]  __se_sys_ioctl+0xfb/0x170
[   42.426067][ T3610]  do_syscall_64+0x2b/0x70
[   42.430470][ T3610]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.436348][ T3610] RIP: 0033:0x7f292e46f339
[   42.440748][ T3610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   42.460339][ T3610] RSP: 002b:00007ffda7bf8418 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   42.468737][ T3610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f292e46f339
[   42.476699][ T3610] RDX: 0000000020000040 RSI: 00000000c0306201 RDI: 0000000000000004
[   42.484654][ T3610] RBP: 0000000000000000 R08: 00007f292e4dce40 R09: 00007f292e4dce40
[   42.492607][ T3610] R10: 00007f292e4dce40 R11: 0000000000000246 R12: 00007ffda7bf8450
[   42.500562][ T3610] R13: 00007ffda7bf8440 R14: 00007ffda7bf8430 R15: 0000000000000000
[   42.508527][ T3610]  </TASK>
[   42.511528][ T3610] Modules linked in:
[   42.515419][ T3610] ---[ end trace 0000000000000000 ]---
[   42.520854][ T3610] RIP: 0010:__lock_acquire+0x6b/0x1f60
[   42.526308][ T3610] Code: ff df 8a 04 10 84 c0 0f 85 62 16 00 00 83 3d bf 50 bc 0c 00 0f 84 13 15 00 00 83 3d 7e 93 55 0b 00 74 2c 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 b7 f3 73 00 48 ba 00 00 00 00 00 fc
[   42.545909][ T3610] RSP: 0018:ffffc90003a2efa8 EFLAGS: 00010002
[   42.551961][ T3610] RAX: 0000000000000025 RBX: 0000000000000000 RCX: 0000000000000001
[   42.559915][ T3610] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000128
[   42.567867][ T3610] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[   42.575824][ T3610] R10: fffffbfff1c4ae0e R11: 1ffffffff1c4ae0d R12: 0000000000000001
[   42.583781][ T3610] R13: 0000000000000128 R14: 0000000000000000 R15: 0000000000000001
[   42.591737][ T3610] FS:  000055555635f300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   42.600675][ T3610] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.607251][ T3610] CR2: 0000000000000000 CR3: 000000001db40000 CR4: 00000000003506f0
[   42.615235][ T3610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.623208][ T3610] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.631173][ T3610] Kernel panic - not syncing: Fatal exception
[   42.637370][ T3610] Kernel Offset: disabled
[   42.641685][ T3610] Rebooting in 86400 seconds..