./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1374174184

<...>
forked to background, child pid 3185
no interfaces have a carri[   21.030391][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0
er
[   21.052893][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts.
execve("./syz-executor1374174184", ["./syz-executor1374174184"], 0x7ffdfe1fca30 /* 10 vars */) = 0
brk(NULL)                               = 0x55555601c000
brk(0x55555601cc40)                     = 0x55555601cc40
arch_prctl(ARCH_SET_FS, 0x55555601c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1374174184", 4096) = 28
brk(0x55555603dc40)                     = 0x55555603dc40
brk(0x55555603e000)                     = 0x55555603e000
mprotect(0x7f5d9ebcd000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
io_uring_setup(7190, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=8192, cq_entries=16384, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=262464}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3
mmap(0x20002000, 295232, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20002000
mmap(0x20004000, 524288, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20004000
io_uring_setup(16094, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4
mmap(0x20002000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0) = 0x20002000
mmap(0x20ffd000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000) = 0x20ffd000
openat(AT_FDCWD, "/proc/thread-self/fdinfo/4", O_RDWR) = 5
syzkaller login: [   40.311259][ T3614] ==================================================================
[   40.319433][ T3614] BUG: KASAN: use-after-free in io_uring_show_fdinfo+0x625/0x1947
[   40.327239][ T3614] Read of size 8 at addr ffff888070efff20 by task syz-executor137/3614
[   40.335465][ T3614] 
[   40.337787][ T3614] CPU: 1 PID: 3614 Comm: syz-executor137 Not tainted 6.0.0-syzkaller-09039-ga6afa4199d3d #0
[   40.347836][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   40.357878][ T3614] Call Trace:
[   40.361147][ T3614]  <TASK>
[   40.364070][ T3614]  dump_stack_lvl+0xcd/0x134
[   40.368652][ T3614]  print_report.cold+0x2ba/0x719
[   40.373587][ T3614]  ? io_uring_show_fdinfo+0x625/0x1947
[   40.379036][ T3614]  kasan_report+0xb1/0x1e0
[   40.383448][ T3614]  ? io_uring_show_fdinfo+0x625/0x1947
[   40.388897][ T3614]  io_uring_show_fdinfo+0x625/0x1947
[   40.394185][ T3614]  ? seq_file_path+0x30/0x30
[   40.398763][ T3614]  ? rcu_lock_acquire.constprop.0+0x27/0x27
[   40.404659][ T3614]  ? rwlock_bug.part.0+0x90/0x90
[   40.409616][ T3614]  ? rcu_lock_acquire.constprop.0+0x27/0x27
[   40.415521][ T3614]  seq_show+0x587/0x800
[   40.419694][ T3614]  seq_read_iter+0x4f5/0x1280
[   40.424390][ T3614]  seq_read+0x16d/0x210
[   40.428556][ T3614]  ? seq_read_iter+0x1280/0x1280
[   40.433505][ T3614]  ? trace_hardirqs_on+0x2d/0x120
[   40.438563][ T3614]  ? security_file_permission+0xab/0xd0
[   40.444148][ T3614]  vfs_read+0x257/0x930
[   40.448336][ T3614]  ? seq_read_iter+0x1280/0x1280
[   40.453295][ T3614]  ? kernel_read+0x1c0/0x1c0
[   40.457897][ T3614]  ? recalc_sigpending_tsk+0x18f/0x1d0
[   40.463380][ T3614]  ? ptrace_stop.part.0+0x746/0xa80
[   40.468585][ T3614]  ? rcu_read_lock_sched_held+0xd/0x70
[   40.474069][ T3614]  ? lock_release+0x560/0x780
[   40.478748][ T3614]  ? ptrace_notify+0xfa/0x140
[   40.483429][ T3614]  ? lock_downgrade+0x6e0/0x6e0
[   40.488286][ T3614]  __x64_sys_pread64+0x1f7/0x250
[   40.493249][ T3614]  ? ksys_pread64+0x1a0/0x1a0
[   40.497949][ T3614]  ? _raw_spin_unlock_irq+0x2a/0x40
[   40.503153][ T3614]  ? ptrace_notify+0xfa/0x140
[   40.507849][ T3614]  do_syscall_64+0x35/0xb0
[   40.512286][ T3614]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   40.518198][ T3614] RIP: 0033:0x7f5d9eb604e9
[   40.522621][ T3614] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   40.542240][ T3614] RSP: 002b:00007fff67d324d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[   40.550663][ T3614] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d9eb604e9
[   40.558648][ T3614] RDX: 0000000000000011 RSI: 0000000020002140 RDI: 0000000000000005
[   40.566637][ T3614] RBP: 00007fff67d324e0 R08: 00007fff67d32370 R09: 68742f636f72702f
[   40.574615][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d9eb243d0
[   40.582591][ T3614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   40.590577][ T3614]  </TASK>
[   40.593597][ T3614] 
[   40.595924][ T3614] The buggy address belongs to the physical page:
[   40.602331][ T3614] page:ffffea0001c3bfc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x70eff
[   40.612483][ T3614] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   40.619598][ T3614] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[   40.628184][ T3614] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   40.636768][ T3614] page dumped because: kasan: bad access detected
[   40.643171][ T3614] page_owner tracks the page as freed
[   40.648528][ T3614] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 10956630395, free_ts 11652600851
[   40.663462][ T3614]  split_map_pages+0x1ef/0x520
[   40.668236][ T3614]  isolate_freepages_range+0x30f/0x350
[   40.673703][ T3614]  alloc_contig_range+0x2f6/0x490
[   40.678746][ T3614]  alloc_contig_pages+0x35a/0x4c0
[   40.683785][ T3614]  debug_vm_pgtable+0x88f/0x29d6
[   40.688737][ T3614]  do_one_initcall+0xfe/0x650
[   40.693424][ T3614]  kernel_init_freeable+0x6b1/0x73a
[   40.698635][ T3614]  kernel_init+0x1a/0x1d0
[   40.702966][ T3614]  ret_from_fork+0x1f/0x30
[   40.707391][ T3614] page last free stack trace:
[   40.712054][ T3614]  free_pcp_prepare+0x5e4/0xd20
[   40.716918][ T3614]  free_unref_page+0x19/0x4d0
[   40.721607][ T3614]  free_contig_range+0xb1/0x180
[   40.726467][ T3614]  destroy_args+0xa8/0x646
[   40.730899][ T3614]  debug_vm_pgtable+0x2945/0x29d6
[   40.735937][ T3614]  do_one_initcall+0xfe/0x650
[   40.740621][ T3614]  kernel_init_freeable+0x6b1/0x73a
[   40.745833][ T3614]  kernel_init+0x1a/0x1d0
[   40.750163][ T3614]  ret_from_fork+0x1f/0x30
[   40.754588][ T3614] 
[   40.756941][ T3614] Memory state around the buggy address:
[   40.762564][ T3614]  ffff888070effe00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.770622][ T3614]  ffff888070effe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.778681][ T3614] >ffff888070efff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.786737][ T3614]                                ^
[   40.791843][ T3614]  ffff888070efff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.799904][ T3614]  ffff888070f00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.807974][ T3614] ==================================================================
[   40.816339][ T3614] Kernel panic - not syncing: panic_on_warn set ...
[   40.822939][ T3614] CPU: 0 PID: 3614 Comm: syz-executor137 Not tainted 6.0.0-syzkaller-09039-ga6afa4199d3d #0
[   40.832996][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   40.843046][ T3614] Call Trace:
[   40.846321][ T3614]  <TASK>
[   40.849252][ T3614]  dump_stack_lvl+0xcd/0x134
[   40.853885][ T3614]  panic+0x2c8/0x622
[   40.857784][ T3614]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   40.863766][ T3614]  ? preempt_schedule_common+0x59/0xc0
[   40.869222][ T3614]  ? preempt_schedule_thunk+0x16/0x18
[   40.874601][ T3614]  ? io_uring_show_fdinfo+0x625/0x1947
[   40.880058][ T3614]  end_report.part.0+0x3f/0x7c
[   40.884825][ T3614]  kasan_report.cold+0xa/0xf
[   40.889422][ T3614]  ? io_uring_show_fdinfo+0x625/0x1947
[   40.894880][ T3614]  io_uring_show_fdinfo+0x625/0x1947
[   40.900169][ T3614]  ? seq_file_path+0x30/0x30
[   40.904756][ T3614]  ? rcu_lock_acquire.constprop.0+0x27/0x27
[   40.910634][ T3614]  ? rwlock_bug.part.0+0x90/0x90
[   40.915563][ T3614]  ? rcu_lock_acquire.constprop.0+0x27/0x27
[   40.921450][ T3614]  seq_show+0x587/0x800
[   40.925606][ T3614]  seq_read_iter+0x4f5/0x1280
[   40.930272][ T3614]  seq_read+0x16d/0x210
[   40.934417][ T3614]  ? seq_read_iter+0x1280/0x1280
[   40.939340][ T3614]  ? trace_hardirqs_on+0x2d/0x120
[   40.944376][ T3614]  ? security_file_permission+0xab/0xd0
[   40.949919][ T3614]  vfs_read+0x257/0x930
[   40.954073][ T3614]  ? seq_read_iter+0x1280/0x1280
[   40.959009][ T3614]  ? kernel_read+0x1c0/0x1c0
[   40.963599][ T3614]  ? recalc_sigpending_tsk+0x18f/0x1d0
[   40.969056][ T3614]  ? ptrace_stop.part.0+0x746/0xa80
[   40.974252][ T3614]  ? rcu_read_lock_sched_held+0xd/0x70
[   40.979711][ T3614]  ? lock_release+0x560/0x780
[   40.984417][ T3614]  ? ptrace_notify+0xfa/0x140
[   40.989098][ T3614]  ? lock_downgrade+0x6e0/0x6e0
[   40.993940][ T3614]  __x64_sys_pread64+0x1f7/0x250
[   40.998877][ T3614]  ? ksys_pread64+0x1a0/0x1a0
[   41.003557][ T3614]  ? _raw_spin_unlock_irq+0x2a/0x40
[   41.008759][ T3614]  ? ptrace_notify+0xfa/0x140
[   41.013430][ T3614]  do_syscall_64+0x35/0xb0
[   41.017849][ T3614]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.023755][ T3614] RIP: 0033:0x7f5d9eb604e9
[   41.028162][ T3614] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.047764][ T3614] RSP: 002b:00007fff67d324d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[   41.056166][ T3614] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d9eb604e9
[   41.064124][ T3614] RDX: 0000000000000011 RSI: 0000000020002140 RDI: 0000000000000005
[   41.072084][ T3614] RBP: 00007fff67d324e0 R08: 00007fff67d32370 R09: 68742f636f72702f
[   41.080060][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d9eb243d0
[   41.088118][ T3614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   41.096087][ T3614]  </TASK>
[   41.099249][ T3614] Kernel Offset: disabled
[   41.103561][ T3614] Rebooting in 86400 seconds..