./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2078578316

<...>
forked to background, child pid 3187
no interfaces have a carrier
[   21.620325][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0
[   21.623879][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts.
execve("./syz-executor2078578316", ["./syz-executor2078578316"], 0x7ffc0becbbf0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555a79000
brk(0x555555a79c40)                     = 0x555555a79c40
arch_prctl(ARCH_SET_FS, 0x555555a79300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2078578316", 4096) = 28
brk(0x555555a9ac40)                     = 0x555555a9ac40
brk(0x555555a9b000)                     = 0x555555a9b000
mprotect(0x7f96d9a7d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3608 attached
, child_tidptr=0x555555a795d0) = 3608
[pid  3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3608] setpgid(0, 0)               = 0
[pid  3608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1000", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] io_uring_setup(18778, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3
[pid  3608] mmap(0x20ee7000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20ee7000
[pid  3608] mmap(0x20ffc000, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20ffc000
[pid  3608] io_uring_enter(3, 16542, 0, 0, NULL, 0) = 1
[pid  3608] exit_group(0)               = ?
syzkaller login: [   36.708106][ T3609] ==================================================================
[   36.708117][ T3609] BUG: KASAN: null-ptr-deref in io_file_get_normal+0x351/0x3b0
[   36.708145][ T3609] Write of size 4 at addr 0000000000000118 by task iou-wrk-3608/3609
[   36.708160][ T3609] 
[   36.708163][ T3609] CPU: 0 PID: 3609 Comm: iou-wrk-3608 Not tainted 5.19.0-rc2-syzkaller-00052-g979086f5e006 #0
[   36.708184][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.708192][ T3609] Call Trace:
[   36.708198][ T3609]  <TASK>
[   36.708204][ T3609]  dump_stack_lvl+0xcd/0x134
[   36.708246][ T3609]  kasan_report.cold+0x61/0x1c6
[   36.708267][ T3609]  ? io_file_get_normal+0x351/0x3b0
[   36.708289][ T3609]  kasan_check_range+0x13d/0x180
[   36.708309][ T3609]  io_file_get_normal+0x351/0x3b0
[   36.708330][ T3609]  io_issue_sqe+0x1a22/0x9750
[   36.708355][ T3609]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   36.708381][ T3609]  ? __io_close_fixed.isra.0+0x4d0/0x4d0
[   36.708403][ T3609]  ? lockdep_unlock+0x11b/0x290
[   36.708426][ T3609]  ? find_held_lock+0x2d/0x110
[   36.708447][ T3609]  ? io_worker_handle_work+0x53d/0x1ab0
[   36.708463][ T3609]  ? lock_downgrade+0x6e0/0x6e0
[   36.708482][ T3609]  ? do_raw_spin_lock+0x120/0x2a0
[   36.708499][ T3609]  io_wq_submit_work+0x287/0x740
[   36.708524][ T3609]  io_worker_handle_work+0xb1c/0x1ab0
[   36.708546][ T3609]  io_wqe_worker+0x637/0xdb0
[   36.708562][ T3609]  ? io_wqe_dec_running+0x240/0x240
[   36.708578][ T3609]  ? ret_from_fork+0x8/0x30
[   36.708596][ T3609]  ? lock_downgrade+0x6e0/0x6e0
[   36.708617][ T3609]  ? do_raw_spin_lock+0x120/0x2a0
[   36.708634][ T3609]  ? rwlock_bug.part.0+0x90/0x90
[   36.708650][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   36.708668][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   36.708698][ T3609]  ? io_wqe_dec_running+0x240/0x240
[   36.708714][ T3609]  ret_from_fork+0x1f/0x30
[   36.708735][ T3609]  </TASK>
[   36.708740][ T3609] ==================================================================
[   36.708867][ T3609] Kernel panic - not syncing: panic_on_warn set ...
[   36.904883][ T3609] CPU: 0 PID: 3609 Comm: iou-wrk-3608 Not tainted 5.19.0-rc2-syzkaller-00052-g979086f5e006 #0
[   36.915113][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.925168][ T3609] Call Trace:
[   36.928442][ T3609]  <TASK>
[   36.931384][ T3609]  dump_stack_lvl+0xcd/0x134
[   36.936015][ T3609]  panic+0x2d7/0x636
[   36.939897][ T3609]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   36.945864][ T3609]  ? preempt_schedule_common+0x59/0xc0
[   36.951331][ T3609]  ? io_file_get_normal+0x351/0x3b0
[   36.956521][ T3609]  ? preempt_schedule_thunk+0x16/0x18
[   36.961892][ T3609]  ? io_file_get_normal+0x351/0x3b0
[   36.967086][ T3609]  end_report.part.0+0x3f/0x7c
[   36.971863][ T3609]  kasan_report.cold+0x93/0x1c6
[   36.976721][ T3609]  ? io_file_get_normal+0x351/0x3b0
[   36.981907][ T3609]  kasan_check_range+0x13d/0x180
[   36.986832][ T3609]  io_file_get_normal+0x351/0x3b0
[   36.991863][ T3609]  io_issue_sqe+0x1a22/0x9750
[   36.996567][ T3609]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   37.002574][ T3609]  ? __io_close_fixed.isra.0+0x4d0/0x4d0
[   37.008203][ T3609]  ? lockdep_unlock+0x11b/0x290
[   37.013045][ T3609]  ? find_held_lock+0x2d/0x110
[   37.017799][ T3609]  ? io_worker_handle_work+0x53d/0x1ab0
[   37.023335][ T3609]  ? lock_downgrade+0x6e0/0x6e0
[   37.028178][ T3609]  ? do_raw_spin_lock+0x120/0x2a0
[   37.033205][ T3609]  io_wq_submit_work+0x287/0x740
[   37.038153][ T3609]  io_worker_handle_work+0xb1c/0x1ab0
[   37.043518][ T3609]  io_wqe_worker+0x637/0xdb0
[   37.048104][ T3609]  ? io_wqe_dec_running+0x240/0x240
[   37.053301][ T3609]  ? ret_from_fork+0x8/0x30
[   37.057811][ T3609]  ? lock_downgrade+0x6e0/0x6e0
[   37.062650][ T3609]  ? do_raw_spin_lock+0x120/0x2a0
[   37.067664][ T3609]  ? rwlock_bug.part.0+0x90/0x90
[   37.072591][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   37.077787][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   37.083000][ T3609]  ? io_wqe_dec_running+0x240/0x240
[   37.088201][ T3609]  ret_from_fork+0x1f/0x30
[   37.092627][ T3609]  </TASK>
[   37.096155][ T3609] Kernel Offset: disabled
[   37.100466][ T3609] Rebooting in 86400 seconds..