./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor742860601 <...> Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. execve("./syz-executor742860601", ["./syz-executor742860601"], 0x7ffef6894690 /* 10 vars */) = 0 brk(NULL) = 0x555555943000 brk(0x555555943d00) = 0x555555943d00 arch_prctl(ARCH_SET_FS, 0x555555943380) = 0 set_tid_address(0x555555943650) = 5030 set_robust_list(0x555555943660, 24) = 0 rseq(0x555555943ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor742860601", 4096) = 27 getrandom("\xc7\xbc\x61\x30\x4a\x3f\x69\x36", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555943d00 brk(0x555555964d00) = 0x555555964d00 brk(0x555555965000) = 0x555555965000 mprotect(0x7fddb1734000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 io_uring_setup(27557, {flags=IORING_SETUP_R_DISABLED|0x3000, sq_thread_cpu=0x1, sq_thread_idle=4, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0x2000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=1048640}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 3 mmap(NULL, 1179712, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0) = 0x7fddb1567000 mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0x10000000) = 0x7fddb1367000 io_uring_register(3, IORING_REGISTER_BUFFERS2, {nr=4, flags=0, data=[{iov_base=0x20000000, iov_len=126}, {iov_base=0x200000c0, iov_len=103}, {iov_base=0x20000280, iov_len=184}, {iov_base=NULL, iov_len=0}], tags=[0x7f7c, 0x1000, 0x5, 0]}, 32) = 0 [ 72.731446][ T5030] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 72.743217][ T5030] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 72.751628][ T5030] CPU: 1 PID: 5030 Comm: syz-executor742 Not tainted 6.6.0-rc3-syzkaller-00146-g9f3ebbef746f #0 [ 72.762044][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 72.772096][ T5030] RIP: 0010:io_get_cqe_overflow+0x1f2/0x570 [ 72.778059][ T5030] Code: fc ff df 80 3c 08 00 74 08 48 89 ef e8 67 54 b2 fd 4c 8b 75 00 49 8d 6e 2c 48 89 e8 48 c1 e8 03 48 bb 00 00 00 00 00 fc ff df <0f> b6 04 18 84 c0 0f 85 18 03 00 00 44 8b 65 00 41 83 e4 04 31 ff [ 72.797675][ T5030] RSP: 0018:ffffc9000398f930 EFLAGS: 00010207 [ 72.803747][ T5030] RAX: 0000000000000005 RBX: dffffc0000000000 RCX: dffffc0000000000 [ 72.811718][ T5030] RDX: ffff888017a4d940 RSI: 0000000000000020 RDI: 0000000000000000 [ 72.819693][ T5030] RBP: 000000000000002c R08: ffffffff84362701 R09: fffff52000731f20 [ 72.827664][ T5030] R10: dffffc0000000000 R11: fffff52000731f20 R12: 1ffff1100410b400 [ 72.835638][ T5030] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9000398f9c0 [ 72.843609][ T5030] FS: 0000555555943380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 72.852536][ T5030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.859117][ T5030] CR2: 0000000020001380 CR3: 000000007d529000 CR4: 00000000003506e0 [ 72.867087][ T5030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.875061][ T5030] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.883041][ T5030] Call Trace: [ 72.886325][ T5030] [ 72.889258][ T5030] ? __die_body+0x8b/0xe0 [ 72.893602][ T5030] ? die_addr+0xc9/0x100 [ 72.897868][ T5030] ? exc_general_protection+0x3c2/0x5b0 [ 72.903443][ T5030] ? asm_exc_general_protection+0x26/0x30 [ 72.909173][ T5030] ? io_get_cqe_overflow+0xe1/0x570 [ 72.914395][ T5030] ? io_get_cqe_overflow+0x1f2/0x570 [ 72.919695][ T5030] __io_post_aux_cqe+0xe7/0x440 [ 72.924584][ T5030] ? io_post_aux_cqe+0x40/0x40 [ 72.929362][ T5030] io_rsrc_node_ref_zero+0x219/0x570 [ 72.934678][ T5030] io_queue_rsrc_removal+0x4a0/0x5c0 [ 72.939977][ T5030] __io_register_rsrc_update+0x828/0x1430 [ 72.945714][ T5030] ? io_register_files_update+0x210/0x210 [ 72.951446][ T5030] ? __might_sleep+0xc0/0xc0 [ 72.956044][ T5030] ? __might_fault+0xa5/0x120 [ 72.960729][ T5030] ? __lock_acquire+0x7f70/0x7f70 [ 72.965757][ T5030] ? rcu_is_watching+0x15/0xb0 [ 72.970528][ T5030] ? trace_contention_end+0x3c/0xf0 [ 72.975741][ T5030] ? __might_fault+0xc1/0x120 [ 72.980436][ T5030] io_register_rsrc_update+0x1cd/0x220 [ 72.985915][ T5030] ? __io_register_rsrc_update+0x1430/0x1430 [ 72.991913][ T5030] ? __fdget+0x152/0x210 [ 72.996165][ T5030] __se_sys_io_uring_register+0x78f/0x1470 [ 73.001993][ T5030] ? __x64_sys_io_uring_register+0xb0/0xb0 [ 73.007812][ T5030] ? syscall_enter_from_user_mode+0x32/0x230 [ 73.013801][ T5030] ? syscall_enter_from_user_mode+0x8c/0x230 [ 73.019793][ T5030] do_syscall_64+0x41/0xc0 [ 73.024217][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.030117][ T5030] RIP: 0033:0x7fddb16c14e9 [ 73.034537][ T5030] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.054145][ T5030] RSP: 002b:00007ffe58601a08 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 73.062599][ T5030] RAX: ffffffffffffffda RBX: 0000000000006ba5 RCX: 00007fddb16c14e9 [ 73.070592][ T5030] RDX: 0000000020001600 RSI: 0000000000000010 RDI: 0000000000000003 [ 73.078565][ T5030] RBP: 0000000000000003 R08: 00000000000ac5f8 R09: 00000000000ac5f8 [ 73.086538][ T5030] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001 [ 73.094533][ T5030] R13: 00007ffe58601bd8 R14: 0000000000000001 R15: 0000000000000001 [ 73.102524][ T5030] [ 73.105543][ T5030] Modules linked in: [ 73.109790][ T5030] ---[ end trace 0000000000000000 ]--- [ 73.115603][ T5030] RIP: 0010:io_get_cqe_overflow+0x1f2/0x570 [ 73.121620][ T5030] Code: fc ff df 80 3c 08 00 74 08 48 89 ef e8 67 54 b2 fd 4c 8b 75 00 49 8d 6e 2c 48 89 e8 48 c1 e8 03 48 bb 00 00 00 00 00 fc ff df <0f> b6 04 18 84 c0 0f 85 18 03 00 00 44 8b 65 00 41 83 e4 04 31 ff [ 73.141511][ T5030] RSP: 0018:ffffc9000398f930 EFLAGS: 00010207 [ 73.147615][ T5030] RAX: 0000000000000005 RBX: dffffc0000000000 RCX: dffffc0000000000 [ 73.155709][ T5030] RDX: ffff888017a4d940 RSI: 0000000000000020 RDI: 0000000000000000 [ 73.163680][ T5030] RBP: 000000000000002c R08: ffffffff84362701 R09: fffff52000731f20 [ 73.171726][ T5030] R10: dffffc0000000000 R11: fffff52000731f20 R12: 1ffff1100410b400 [ 73.179756][ T5030] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9000398f9c0 [ 73.187797][ T5030] FS: 0000555555943380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 73.196795][ T5030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.203387][ T5030] CR2: 0000000020001380 CR3: 000000007d529000 CR4: 00000000003506e0 [ 73.211500][ T5030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.219581][ T5030] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.227642][ T5030] Kernel panic - not syncing: Fatal exception [ 73.234027][ T5030] Kernel Offset: disabled [ 73.238367][ T5030] Rebooting in 86400 seconds..