./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor272455753 <...> DUID 00:04:cd:7d:74:7d:04:96:3f:c0:f2:1a:da:5a:49:b1:9f:fb forked to background, child pid 3190 [ 27.721748][ T3191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.736162][ T3191] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. execve("./syz-executor272455753", ["./syz-executor272455753"], 0x7ffc24c786e0 /* 10 vars */) = 0 brk(NULL) = 0x555556673000 brk(0x555556673c40) = 0x555556673c40 arch_prctl(ARCH_SET_FS, 0x555556673300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor272455753", 4096) = 27 brk(0x555556694c40) = 0x555556694c40 brk(0x555556695000) = 0x555556695000 mprotect(0x7f2f41dcb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566735d0) = 3612 ./strace-static-x86_64: Process 3612 attached [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3611] <... clone resumed>, child_tidptr=0x5555566735d0) = 3613 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3612] <... clone resumed>, child_tidptr=0x5555566735d0) = 3614 ./strace-static-x86_64: Process 3615 attached ./strace-static-x86_64: Process 3614 attached ./strace-static-x86_64: Process 3613 attached [pid 3611] <... clone resumed>, child_tidptr=0x5555566735d0) = 3615 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3613] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3614] setpgid(0, 0) = 0 [pid 3615] <... clone resumed>, child_tidptr=0x5555566735d0) = 3617 [pid 3611] <... clone resumed>, child_tidptr=0x5555566735d0) = 3618 [pid 3613] <... clone resumed>, child_tidptr=0x5555566735d0) = 3616 ./strace-static-x86_64: Process 3618 attached ./strace-static-x86_64: Process 3617 attached [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3611] <... clone resumed>, child_tidptr=0x5555566735d0) = 3619 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3616 attached , child_tidptr=0x5555566735d0) = 3620 [pid 3618] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3617] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 3621 attached ./strace-static-x86_64: Process 3620 attached ./strace-static-x86_64: Process 3619 attached [pid 3618] <... clone resumed>, child_tidptr=0x5555566735d0) = 3621 [pid 3617] setpgid(0, 0 [pid 3616] <... prctl resumed>) = 0 [pid 3614] <... openat resumed>) = 3 [pid 3620] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3617] <... setpgid resumed>) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3614] write(3, "1000", 4 [pid 3617] <... openat resumed>) = 3 [pid 3614] <... write resumed>) = 4 [pid 3614] close(3) = 0 [pid 3614] io_uring_setup(136, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3617] write(3, "1000", 4 [pid 3616] setpgid(0, 0 [pid 3614] <... io_uring_setup resumed>, sq_entries=256, cq_entries=512, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=8512}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3620] <... clone resumed>, child_tidptr=0x5555566735d0) = 3622 [pid 3614] mmap(0x20ee7000, 9536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0 [pid 3621] <... prctl resumed>) = 0 [pid 3617] <... write resumed>) = 4 [pid 3616] <... setpgid resumed>) = 0 [pid 3614] <... mmap resumed>) = 0x20ee7000 [pid 3617] close(3./strace-static-x86_64: Process 3622 attached ) = 0 [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3614] mmap(0x206d4000, 16384, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000 [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3621] setpgid(0, 0 [pid 3619] <... clone resumed>, child_tidptr=0x5555566735d0) = 3623 [pid 3617] io_uring_setup(136, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3616] <... openat resumed>) = 3 [pid 3614] <... mmap resumed>) = 0x206d4000 ./strace-static-x86_64: Process 3623 attached [pid 3622] <... prctl resumed>) = 0 [pid 3614] io_uring_setup(903, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3622] setpgid(0, 0 [pid 3614] <... io_uring_setup resumed>, sq_entries=1024, cq_entries=2048, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=33088}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3622] <... setpgid resumed>) = 0 [pid 3614] mmap(0x20ff9000, 37184, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3621] <... setpgid resumed>) = 0 [pid 3617] <... io_uring_setup resumed>, sq_entries=256, cq_entries=512, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=8512}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3616] write(3, "1000", 4 [pid 3614] <... mmap resumed>) = 0x20ff9000 [pid 3622] <... openat resumed>) = 3 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3617] mmap(0x20ee7000, 9536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0 [pid 3616] <... write resumed>) = 4 [pid 3614] mmap(0x205c0000, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000 [pid 3623] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3622] write(3, "1000", 4 [pid 3617] <... mmap resumed>) = 0x20ee7000 [pid 3616] close(3 [pid 3614] <... mmap resumed>) = 0x205c0000 [pid 3622] <... write resumed>) = 4 [pid 3621] <... openat resumed>) = 3 [pid 3617] mmap(0x206d4000, 16384, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000 [pid 3616] <... close resumed>) = 0 [pid 3614] io_uring_enter(3, 17672, 0, 0, NULL, 0 [pid 3623] <... prctl resumed>) = 0 [pid 3622] close(3 [pid 3621] write(3, "1000", 4 [pid 3617] <... mmap resumed>) = 0x206d4000 [pid 3616] io_uring_setup(136, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3623] setpgid(0, 0 [pid 3622] <... close resumed>) = 0 [pid 3621] <... write resumed>) = 4 [pid 3617] io_uring_setup(903, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3616] <... io_uring_setup resumed>, sq_entries=256, cq_entries=512, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=8512}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3614] <... io_uring_enter resumed>) = 256 [pid 3623] <... setpgid resumed>) = 0 [pid 3621] close(3 [pid 3617] <... io_uring_setup resumed>, sq_entries=1024, cq_entries=2048, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=33088}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3616] mmap(0x20ee7000, 9536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0 [pid 3623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3621] <... close resumed>) = 0 [pid 3617] mmap(0x20ff9000, 37184, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0 [pid 3616] <... mmap resumed>) = 0x20ee7000 [pid 3623] <... openat resumed>) = 3 [pid 3621] io_uring_setup(136, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3617] <... mmap resumed>) = 0x20ff9000 [pid 3616] mmap(0x206d4000, 16384, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000 [pid 3623] write(3, "1000", 4 [pid 3621] <... io_uring_setup resumed>, sq_entries=256, cq_entries=512, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=8512}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3617] mmap(0x205c0000, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000 [pid 3616] <... mmap resumed>) = 0x206d4000 [pid 3623] <... write resumed>) = 4 [pid 3621] mmap(0x20ee7000, 9536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0 [pid 3617] <... mmap resumed>) = 0x205c0000 [pid 3616] io_uring_setup(903, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3623] close(3 [pid 3621] <... mmap resumed>) = 0x20ee7000 [pid 3617] io_uring_enter(3, 17672, 0, 0, NULL, 0 [pid 3616] <... io_uring_setup resumed>, sq_entries=1024, cq_entries=2048, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=33088}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3623] <... close resumed>) = 0 [pid 3621] mmap(0x206d4000, 16384, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000 [pid 3617] <... io_uring_enter resumed>) = 256 [pid 3616] mmap(0x20ff9000, 37184, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0 [pid 3623] io_uring_setup(136, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3621] <... mmap resumed>) = 0x206d4000 [pid 3617] exit_group(0 [pid 3616] <... mmap resumed>) = 0x20ff9000 [pid 3623] <... io_uring_setup resumed>, sq_entries=256, cq_entries=512, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=8512}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3621] io_uring_setup(903, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3617] <... exit_group resumed>) = ? [pid 3616] mmap(0x205c0000, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000 [pid 3623] mmap(0x20ee7000, 9536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0 [pid 3621] <... io_uring_setup resumed>, sq_entries=1024, cq_entries=2048, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=33088}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3616] <... mmap resumed>) = 0x205c0000 [pid 3623] <... mmap resumed>) = 0x20ee7000 [pid 3621] mmap(0x20ff9000, 37184, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0 [pid 3616] io_uring_enter(3, 17672, 0, 0, NULL, 0 [pid 3623] mmap(0x206d4000, 16384, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000 [pid 3621] <... mmap resumed>) = 0x20ff9000 [pid 3616] <... io_uring_enter resumed>) = 256 [pid 3623] <... mmap resumed>) = 0x206d4000 [pid 3621] mmap(0x205c0000, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000 [pid 3616] exit_group(0 [pid 3623] io_uring_setup(903, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3621] <... mmap resumed>) = 0x205c0000 [pid 3616] <... exit_group resumed>) = ? [pid 3623] <... io_uring_setup resumed>, sq_entries=1024, cq_entries=2048, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=33088}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3621] io_uring_enter(3, 17672, 0, 0, NULL, 0 [pid 3623] mmap(0x20ff9000, 37184, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0 [pid 3621] <... io_uring_enter resumed>) = 256 [pid 3623] <... mmap resumed>) = 0x20ff9000 [pid 3621] exit_group(0 [pid 3623] mmap(0x205c0000, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000 [pid 3621] <... exit_group resumed>) = ? [pid 3623] <... mmap resumed>) = 0x205c0000 syzkaller login: [ 50.784951][ T3624] ================================================================== [ 50.784962][ T3624] BUG: KASAN: null-ptr-deref in io_file_get_normal+0x351/0x3b0 [ 50.785000][ T3624] Write of size 4 at addr 0000000000000118 by task iou-wrk-3614/3624 [ 50.785017][ T3624] [ 50.785021][ T3624] CPU: 0 PID: 3624 Comm: iou-wrk-3614 Not tainted 5.19.0-rc1-next-20220610-syzkaller #0 [ 50.785042][ T3624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.785055][ T3624] Call Trace: [pid 3623] io_uring_enter(3, 17672, 0, 0, NULL, 0) = 256 [pid 3623] exit_group(0) = ? [pid 3623] +++ exited with 0 +++ [pid 3619] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3623, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3622] io_uring_setup(136, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=256, cq_entries=512, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=8512}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3622] mmap(0x20ee7000, 9536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20ee7000 [pid 3622] mmap(0x206d4000, 16384, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000 [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3622] <... mmap resumed>) = 0x206d4000 [pid 3622] io_uring_setup(903, {flags=0, sq_thread_cpu=0, sq_thread_idle=0 [pid 3619] <... clone resumed>, child_tidptr=0x5555566735d0) = 3629 [pid 3622] <... io_uring_setup resumed>, sq_entries=1024, cq_entries=2048, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=33088}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3622] mmap(0x20ff9000, 37184, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0) = 0x20ff9000 [ 50.785060][ T3624] [ 50.785067][ T3624] dump_stack_lvl+0xcd/0x134 [ 50.785106][ T3624] kasan_report.cold+0x61/0x1c6 [ 50.785140][ T3624] ? io_file_get_normal+0x351/0x3b0 [ 50.785170][ T3624] kasan_check_range+0x13d/0x180 [ 50.785194][ T3624] io_file_get_normal+0x351/0x3b0 [ 50.785225][ T3624] io_issue_sqe+0x1a22/0x9750 [ 50.785249][ T3624] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.785272][ T3624] ? __io_close_fixed.isra.0+0x4d0/0x4d0 [ 50.785292][ T3624] ? lockdep_unlock+0x11b/0x290 [ 50.785323][ T3624] ? find_held_lock+0x2d/0x110 [ 50.785353][ T3624] ? io_worker_handle_work+0x53d/0x1ab0 [ 50.785375][ T3624] ? lock_downgrade+0x6e0/0x6e0 [ 50.785393][ T3624] ? do_raw_spin_lock+0x120/0x2a0 [ 50.785416][ T3624] io_wq_submit_work+0x287/0x740 [ 50.785438][ T3624] io_worker_handle_work+0xb1c/0x1ab0 [ 50.785469][ T3624] io_wqe_worker+0x637/0xdb0 [ 50.785494][ T3624] ? io_wqe_dec_running+0x240/0x240 [ 50.785517][ T3624] ? ret_from_fork+0x8/0x30 [ 50.785545][ T3624] ? lock_downgrade+0x6e0/0x6e0 [ 50.785563][ T3624] ? do_raw_spin_lock+0x120/0x2a0 [ 50.785585][ T3624] ? rwlock_bug.part.0+0x90/0x90 [ 50.785608][ T3624] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.785631][ T3624] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.785653][ T3624] ? io_wqe_dec_running+0x240/0x240 [ 50.785677][ T3624] ret_from_fork+0x1f/0x30 [ 50.785711][ T3624] [ 50.785718][ T3624] ================================================================== [ 50.785726][ T3624] Kernel panic - not syncing: panic_on_warn set ... [ 50.980399][ T3624] CPU: 0 PID: 3624 Comm: iou-wrk-3614 Not tainted 5.19.0-rc1-next-20220610-syzkaller #0 [ 50.990112][ T3624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.000160][ T3624] Call Trace: [ 51.003434][ T3624] [ 51.006360][ T3624] dump_stack_lvl+0xcd/0x134 [ 51.010953][ T3624] panic+0x2d7/0x636 [ 51.014862][ T3624] ? panic_print_sys_info.part.0+0x10b/0x10b [ 51.020849][ T3624] ? io_file_get_normal+0x351/0x3b0 [ 51.026054][ T3624] ? io_file_get_normal+0x351/0x3b0 [ 51.031271][ T3624] end_report.part.0+0x3f/0x7c [ 51.036029][ T3624] kasan_report.cold+0x93/0x1c6 [ 51.040872][ T3624] ? io_file_get_normal+0x351/0x3b0 [ 51.046072][ T3624] kasan_check_range+0x13d/0x180 [ 51.051016][ T3624] io_file_get_normal+0x351/0x3b0 [ 51.056045][ T3624] io_issue_sqe+0x1a22/0x9750 [ 51.060720][ T3624] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.066784][ T3624] ? __io_close_fixed.isra.0+0x4d0/0x4d0 [ 51.072411][ T3624] ? lockdep_unlock+0x11b/0x290 [ 51.077265][ T3624] ? find_held_lock+0x2d/0x110 [ 51.082044][ T3624] ? io_worker_handle_work+0x53d/0x1ab0 [ 51.087586][ T3624] ? lock_downgrade+0x6e0/0x6e0 [ 51.092429][ T3624] ? do_raw_spin_lock+0x120/0x2a0 [ 51.097470][ T3624] io_wq_submit_work+0x287/0x740 [ 51.102404][ T3624] io_worker_handle_work+0xb1c/0x1ab0 [ 51.107781][ T3624] io_wqe_worker+0x637/0xdb0 [ 51.112372][ T3624] ? io_wqe_dec_running+0x240/0x240 [ 51.117566][ T3624] ? ret_from_fork+0x8/0x30 [ 51.122068][ T3624] ? lock_downgrade+0x6e0/0x6e0 [ 51.126926][ T3624] ? do_raw_spin_lock+0x120/0x2a0 [ 51.131969][ T3624] ? rwlock_bug.part.0+0x90/0x90 [ 51.136903][ T3624] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.142105][ T3624] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.147299][ T3624] ? io_wqe_dec_running+0x240/0x240 [ 51.152494][ T3624] ret_from_fork+0x1f/0x30 [ 51.156916][ T3624] [ 51.160080][ T3624] Kernel Offset: disabled [ 51.164408][ T3624] Rebooting in 86400 seconds..