./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor838899721

<...>
Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts.
execve("./syz-executor838899721", ["./syz-executor838899721"], 0x7ffd35afd2a0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555556aa000
brk(0x5555556aac40)                     = 0x5555556aac40
arch_prctl(ARCH_SET_FS, 0x5555556aa300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x5555556aa5d0)         = 3604
set_robust_list(0x5555556aa5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f4915b72e00, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f4915b734d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f4915b72ea0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4915b734d0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor838899721", 4096) = 27
brk(0x5555556cbc40)                     = 0x5555556cbc40
brk(0x5555556cc000)                     = 0x5555556cc000
mprotect(0x7f4915c33000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
futex(0x7f4915c394cc, FUTEX_WAKE_PRIVATE, 1000000) = 0
mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4915b43000
mprotect(0x7f4915b44000, 131072, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f4915b633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3605 attached
, parent_tid=[3605], tls=0x7f4915b63700, child_tidptr=0x7f4915b639d0) = 3605
[pid  3604] futex(0x7f4915c394c8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3605] set_robust_list(0x7f4915b639e0, 24 <unfinished ...>
[pid  3604] <... futex resumed>)        = 0
[pid  3605] <... set_robust_list resumed>) = 0
[pid  3604] futex(0x7f4915c394cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3605] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3
[pid  3605] futex(0x7f4915c394cc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3604] <... futex resumed>)        = 0
[pid  3604] futex(0x7f4915c394c8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3604] futex(0x7f4915c394cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3605] <... futex resumed>)        = 1
[pid  3605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65326 <unfinished ...>
[pid  3604] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3604] futex(0x7f4915c394dc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4915b22000
[pid  3604] mprotect(0x7f4915b23000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3604] clone(child_stack=0x7f4915b423f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3606], tls=0x7f4915b42700, child_tidptr=0x7f4915b429d0) = 3606
[pid  3604] futex(0x7f4915c394d8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3604] futex(0x7f4915c394dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3606 attached
 <unfinished ...>
[pid  3606] set_robust_list(0x7f4915b429e0, 24) = 0
[pid  3606] ioctl(3, TIOCSPTLCK, [0])   = 0
[pid  3606] futex(0x7f4915c394dc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3606] futex(0x7f4915c394d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3604] <... futex resumed>)        = 0
[pid  3604] futex(0x7f4915c394d8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3606] <... futex resumed>)        = 0
[pid  3604] futex(0x7f4915c394dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3606] ioctl(3, TIOCGPTN, [0])     = 0
[pid  3606] openat(AT_FDCWD, "/dev/pts/0", O_RDONLY) = 4
[pid  3606] futex(0x7f4915c394dc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3604] <... futex resumed>)        = 0
[pid  3604] futex(0x7f4915c394d8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3606] ioctl(4, TIOCSETD, [21] <unfinished ...>
[pid  3604] <... futex resumed>)        = 0
[pid  3604] futex(0x7f4915c394dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3606] <... ioctl resumed>)        = 0
[pid  3606] futex(0x7f4915c394dc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3604] <... futex resumed>)        = 0
[pid  3606] <... futex resumed>)        = 1
syzkaller login: [   40.047641][   T11] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   40.055484][   T11] #PF: supervisor instruction fetch in kernel mode
[   40.061967][   T11] #PF: error_code(0x0010) - not-present page
[   40.068624][   T11] PGD 6f4cb067 P4D 6f4cb067 PUD 6f4ca067 PMD 0 
[   40.075039][   T11] Oops: 0010 [#1] PREEMPT SMP KASAN
[   40.080237][   T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.0.0-rc2-syzkaller-00327-g8379c0b31fbc #0
[   40.090491][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   40.100795][   T11] Workqueue: events_unbound flush_to_ldisc
[   40.106612][   T11] RIP: 0010:0x0
[   40.110085][   T11] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[   40.117800][   T11] RSP: 0018:ffffc90000107bb8 EFLAGS: 00010246
[   40.123854][   T11] RAX: 0000000000000000 RBX: ffff888017574000 RCX: 0000000000000001
[   40.131819][   T11] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017574000
[   40.139971][   T11] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000004
[pid  3606] futex(0x7f4915c394d8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3604] exit_group(0)               = ?
[pid  3606] <... futex resumed>)        = ?
[pid  3605] <... write resumed>)        = ?
[   40.147940][   T11] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000028f
[   40.155915][   T11] R13: 0000000000000000 R14: ffff888020ace591 R15: dffffc0000000000
[   40.163971][   T11] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   40.173596][   T11] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.180270][   T11] CR2: ffffffffffffffd6 CR3: 00000000201f8000 CR4: 0000000000350ef0
[   40.188242][   T11] Call Trace:
[   40.191515][   T11]  <TASK>
[   40.194438][   T11]  gsmld_receive_buf+0x1c2/0x2f0
[   40.199374][   T11]  ? gsmld_write_wakeup+0x130/0x130
[   40.204570][   T11]  tty_ldisc_receive_buf+0x14d/0x190
[   40.209851][   T11]  tty_port_default_receive_buf+0x6e/0xa0
[   40.215569][   T11]  flush_to_ldisc+0x219/0x6c0
[   40.220329][   T11]  process_one_work+0x991/0x1610
[   40.225264][   T11]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   40.230629][   T11]  ? rwlock_bug.part.0+0x90/0x90
[   40.235557][   T11]  ? _raw_spin_lock_irq+0x41/0x50
[   40.240580][   T11]  worker_thread+0x665/0x1080
[   40.245252][   T11]  ? process_one_work+0x1610/0x1610
[   40.250443][   T11]  kthread+0x2e4/0x3a0
[   40.254591][   T11]  ? kthread_complete_and_exit+0x40/0x40
[   40.260214][   T11]  ret_from_fork+0x1f/0x30
[   40.264626][   T11]  </TASK>
[   40.267633][   T11] Modules linked in:
[   40.271516][   T11] CR2: 0000000000000000
[   40.275656][   T11] ---[ end trace 0000000000000000 ]---
[   40.281094][   T11] RIP: 0010:0x0
[   40.284553][   T11] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[   40.292253][   T11] RSP: 0018:ffffc90000107bb8 EFLAGS: 00010246
[   40.298312][   T11] RAX: 0000000000000000 RBX: ffff888017574000 RCX: 0000000000000001
[   40.306275][   T11] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017574000
[   40.314235][   T11] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000004
[   40.322195][   T11] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000028f
[   40.330156][   T11] R13: 0000000000000000 R14: ffff888020ace591 R15: dffffc0000000000
[   40.338390][   T11] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   40.347486][   T11] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.354061][   T11] CR2: ffffffffffffffd6 CR3: 00000000201f8000 CR4: 0000000000350ef0
[   40.362029][   T11] Kernel panic - not syncing: Fatal exception
[   40.368827][   T11] Kernel Offset: disabled
[   40.373151][   T11] Rebooting in 86400 seconds..