./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3534131547

<...>
Warning: Permanently added '10.128.1.95' (ECDSA) to the list of known hosts.
execve("./syz-executor3534131547", ["./syz-executor3534131547"], 0x7fff63ce8530 /* 10 vars */) = 0
brk(NULL)                               = 0x555556985000
brk(0x555556985c40)                     = 0x555556985c40
arch_prctl(ARCH_SET_FS, 0x555556985300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x5555569855d0)         = 3614
set_robust_list(0x5555569855e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7ff7ca7c2e00, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7ff7ca7c34d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7ff7ca7c2ea0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff7ca7c34d0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3534131547", 4096) = 28
brk(0x5555569a6c40)                     = 0x5555569a6c40
brk(0x5555569a7000)                     = 0x5555569a7000
mprotect(0x7ff7ca883000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
futex(0x7ff7ca8894cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff7ca793000
mprotect(0x7ff7ca794000, 131072, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7ff7ca7b33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3615], tls=0x7ff7ca7b3700, child_tidptr=0x7ff7ca7b39d0) = 3615
futex(0x7ff7ca8894c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
futex(0x7ff7ca8894cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3615 attached
 <unfinished ...>
[pid  3615] set_robust_list(0x7ff7ca7b39e0, 24) = 0
[pid  3615] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3
[pid  3615] futex(0x7ff7ca8894cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7ff7ca8894c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7ff7ca8894cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3615] <... futex resumed>)        = 1
[pid  3615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65326 <unfinished ...>
[pid  3614] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3614] futex(0x7ff7ca8894dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff7ca772000
[pid  3614] mprotect(0x7ff7ca773000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3614] clone(child_stack=0x7ff7ca7923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3616], tls=0x7ff7ca792700, child_tidptr=0x7ff7ca7929d0) = 3616
[pid  3614] futex(0x7ff7ca8894d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3614] futex(0x7ff7ca8894dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3616 attached
 <unfinished ...>
[pid  3616] set_robust_list(0x7ff7ca7929e0, 24) = 0
[pid  3616] ioctl(3, TIOCSPTLCK, [0])   = 0
[pid  3616] futex(0x7ff7ca8894dc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] futex(0x7ff7ca8894d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7ff7ca8894d8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3616] <... futex resumed>)        = 0
[pid  3614] futex(0x7ff7ca8894dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3616] ioctl(3, TIOCGPTN, [0])     = 0
[pid  3616] openat(AT_FDCWD, "/dev/pts/0", O_RDONLY) = 4
[pid  3616] futex(0x7ff7ca8894dc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3616] <... futex resumed>)        = 1
[pid  3614] futex(0x7ff7ca8894d8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3616] ioctl(4, TIOCSETD, [21] <unfinished ...>
[pid  3614] <... futex resumed>)        = 0
[pid  3614] futex(0x7ff7ca8894dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3616] <... ioctl resumed>)        = 0
[pid  3616] futex(0x7ff7ca8894dc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3614] <... futex resumed>)        = 0
syzkaller login: [   50.277009][   T56] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   50.284849][   T56] #PF: supervisor instruction fetch in kernel mode
[   50.291340][   T56] #PF: error_code(0x0010) - not-present page
[   50.297306][   T56] PGD 72883067 P4D 72883067 PUD 72882067 PMD 0 
[   50.303566][   T56] Oops: 0010 [#1] PREEMPT SMP KASAN
[   50.308758][   T56] CPU: 0 PID: 56 Comm: kworker/u4:4 Not tainted 6.0.0-rc2-syzkaller-00016-g072e51356cd5 #0
[   50.318736][   T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   50.328782][   T56] Workqueue: events_unbound flush_to_ldisc
[   50.334611][   T56] RIP: 0010:0x0
[   50.338071][   T56] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[   50.345782][   T56] RSP: 0018:ffffc90001577bb8 EFLAGS: 00010246
[   50.351859][   T56] RAX: 0000000000000000 RBX: ffff888017c3a000 RCX: 0000000000000001
[   50.359832][   T56] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017c3a000
[   50.367796][   T56] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000004
[   50.375764][   T56] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000002ff
[   50.383735][   T56] R13: 0000000000000000 R14: ffff88807697e521 R15: dffffc0000000000
[   50.391704][   T56] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   50.400634][   T56] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.407214][   T56] CR2: ffffffffffffffd6 CR3: 000000007288c000 CR4: 00000000003506f0
[   50.415182][   T56] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.423146][   T56] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.431115][   T56] Call Trace:
[   50.434387][   T56]  <TASK>
[   50.437310][   T56]  gsmld_receive_buf+0x1c2/0x2f0
[   50.442263][   T56]  ? gsmld_write_wakeup+0x130/0x130
[   50.447475][   T56]  tty_ldisc_receive_buf+0x14d/0x190
[   50.452769][   T56]  tty_port_default_receive_buf+0x6e/0xa0
[   50.458493][   T56]  flush_to_ldisc+0x219/0x6c0
[   50.463176][   T56]  process_one_work+0x991/0x1610
[   50.468120][   T56]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   50.473496][   T56]  ? rwlock_bug.part.0+0x90/0x90
[   50.478436][   T56]  ? _raw_spin_lock_irq+0x41/0x50
[   50.483467][   T56]  worker_thread+0x665/0x1080
[   50.488160][   T56]  ? __kthread_parkme+0x15f/0x220
[   50.493196][   T56]  ? process_one_work+0x1610/0x1610
[   50.498398][   T56]  kthread+0x2e4/0x3a0
[   50.502464][   T56]  ? kthread_complete_and_exit+0x40/0x40
[   50.508096][   T56]  ret_from_fork+0x1f/0x30
[   50.512519][   T56]  </TASK>
[   50.515530][   T56] Modules linked in:
[   50.519416][   T56] CR2: 0000000000000000
[   50.523561][   T56] ---[ end trace 0000000000000000 ]---
[   50.529009][   T56] RIP: 0010:0x0
[   50.532484][   T56] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[   50.540185][   T56] RSP: 0018:ffffc90001577bb8 EFLAGS: 00010246
[   50.546248][   T56] RAX: 0000000000000000 RBX: ffff888017c3a000 RCX: 0000000000000001
[   50.554213][   T56] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017c3a000
[   50.562177][   T56] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000004
[   50.570142][   T56] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000002ff
[   50.578105][   T56] R13: 0000000000000000 R14: ffff88807697e521 R15: dffffc0000000000
[   50.586070][   T56] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   50.594997][   T56] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.601578][   T56] CR2: ffffffffffffffd6 CR3: 000000007288c000 CR4: 00000000003506f0
[   50.609546][   T56] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.617513][   T56] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.625480][   T56] Kernel panic - not syncing: Fatal exception
[   50.631686][   T56] Kernel Offset: disabled
[   50.636007][   T56] Rebooting in 86400 seconds..