Extracting prog: 1m5.149788628s
Minimizing prog: 18m45.020551936s
Simplifying prog options: 0s
Extracting C: 30.847548824s
Simplifying C: 3m18.126073297s


extracting reproducer from 31 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$DCCPDIAG_GETSOCK-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r6)
sendmsg$IEEE802154_LIST_IFACE(r6, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)={0x490, 0x13, 0x100, 0x70bd27, 0x25dfdbfd, {0x1, 0xff, 0xff, 0x4, {0x4e23, 0x4e20, [0x2, 0x10000, 0x3, 0x2], [0x7, 0x7f, 0x9, 0xdf80], 0x0, [0xa, 0x7f]}, 0x9, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xb8, 0x1, "91995af8ce30ca6e98f7255a3dafaf02bae9b530e1c4e58be4415159d7928484233cad03dd3a75f08474d9551f6a3c86109b3ccf4d648d407eb8a179d7701cd9d8e5b976a19946554838cc24b94775c5248d1beb2c582c380a71ff772f4f3d174a421a3478eebc369c398c5ea839895860f4dfe157af7bc6d8bdfc4a93cf3372834a284be94270ab5e28495110dfbf56d2a7acb7e8c858f0fed189623a5340c533e0656c9df5ce8b7c2d66a0bf3809e1172f9f42"}, @INET_DIAG_REQ_BYTECODE={0xf1, 0x1, "d47cf6aaa5cdad31f1ccc41f4290b3fdb6ea87fe362060ef7865d61635675222e09ea704d6e78e356cfbd62944da9f783e0317f78a5951be94120ecf73c4874ebf7dc97a9228e1656f354be09e97ab56d8dec6c203c0f497ad49494652cd4934f8836cfbfd402b6abc7b12af833966ee3bb697637f923449b56f30661a198738f9b2d7fc7dc08ad0bb3661eb91de17a2f66b3babd5accdfbf3989fe57143cf3c78f02c1177fafb693c51088009a590e435d1ac4ddb112749ee38119e481236804ea426e250bc906b303d7c2fef3b9748889c62e35a6bb28c84936337199718493797047af4e73aead482db6b8b"}, @INET_DIAG_REQ_BYTECODE={0x85, 0x1, "f52694767e388833c3993aec9e285fafea5e79ca9d54d4f33956e0b398a5545520ae1008a628f9c0439ec7ea3e17588bb93c69eed8c49e9a179f53ed100039b847addbd231550c88aaf2cbb7d13d5a661dfcf9c3169ae33cab58ebb46459d6a1cb52dce401aadf71a396c1270475de7f60e3467d8a1c518a8592a1ee90ffb9d432"}, @INET_DIAG_REQ_BYTECODE={0x41, 0x1, "ba7cccb1da70ceeefc1d67c6ad00bae177b4cf30804ccb06a1c999f1fd57b88ca623880a5e34b4fc24d660664627f4c1c86a53093bf597b5a0db1331e3"}, @INET_DIAG_REQ_BYTECODE={0x10, 0x1, "eee6e13d0c6330d2fe4dd44c"}, @INET_DIAG_REQ_BYTECODE={0x8a, 0x1, "0fd56e0f63696157cd3b7da20a6f6df439c25f0c7fbd33506c03252caa8d62d0e56ef0df7a40197555d600db08a496ae243ebfd7be0c71d790b3b076eff9357379fdd1983942be6eaa7fac836f002f9eb0e339248992315a31f1113b30eefdef339027374b100e119a90ac67f3079d2477733a8cf90ce0bc379ef20256366ff81d72fc9370ff"}, @INET_DIAG_REQ_BYTECODE={0x82, 0x1, "6411ccd989e04f814798000dd6cd6ffeb3334abeddeefdddb6814435f6eff267bfede4c4ce2ea7beaa1a1ab6dd3f3566ff576c291974e6e68677b8854213c9b0ea79567f40ca958133f27b566d8c036d45bb346036127abe279755fdf4703d081a379c3e337904b09d1c3f9c9f2cabcc992772dc2198d570e3c306480344"}, @INET_DIAG_REQ_BYTECODE={0x9, 0x1, "7fc2ad6a8c"}, @INET_DIAG_REQ_BYTECODE={0xa0, 0x1, "6934e88710eaa4fd0be12c8a2e4404a30b9dee5d9f48d69a0257743b82b1a7de80e5ae347ae3f5ea0db2d034bac6c9c44fbf0230b6c11e23b4e9f5d32a9ee8fcdb73aa9778264c451c7ef445bedec4554955c8074627cb94a12c324af9e51c6b18f22f2c64b4fff42fb38d835ff4c0d1b59b91220d207d21e7f1eac9b17d364b90d545c5647fdd36702f57a1a635cf8eb29d7b1d89d53579b71a1f6f"}]}, 0x490}, 0x1, 0x0, 0x0, 0x4000010}, 0x4001)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, &(0x7f0000001500)="267600410f01b00000000066b88e000f00d066420f3a14ce5736430f0164b107b805000000b9060000000f01c1f30f01330f015b7548b80c000000000000000f23d80f21f835800000000f23f8f30fc733", 0x51}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
single: successfully extracted reproducer
found reproducer with 24 syscalls
minimizing guilty program
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$DCCPDIAG_GETSOCK-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r5)
sendmsg$IEEE802154_LIST_IFACE(r5, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r6, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)={0x490, 0x13, 0x100, 0x70bd27, 0x25dfdbfd, {0x1, 0xff, 0xff, 0x4, {0x4e23, 0x4e20, [0x2, 0x10000, 0x3, 0x2], [0x7, 0x7f, 0x9, 0xdf80], 0x0, [0xa, 0x7f]}, 0x9, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xb8, 0x1, "91995af8ce30ca6e98f7255a3dafaf02bae9b530e1c4e58be4415159d7928484233cad03dd3a75f08474d9551f6a3c86109b3ccf4d648d407eb8a179d7701cd9d8e5b976a19946554838cc24b94775c5248d1beb2c582c380a71ff772f4f3d174a421a3478eebc369c398c5ea839895860f4dfe157af7bc6d8bdfc4a93cf3372834a284be94270ab5e28495110dfbf56d2a7acb7e8c858f0fed189623a5340c533e0656c9df5ce8b7c2d66a0bf3809e1172f9f42"}, @INET_DIAG_REQ_BYTECODE={0xf1, 0x1, "d47cf6aaa5cdad31f1ccc41f4290b3fdb6ea87fe362060ef7865d61635675222e09ea704d6e78e356cfbd62944da9f783e0317f78a5951be94120ecf73c4874ebf7dc97a9228e1656f354be09e97ab56d8dec6c203c0f497ad49494652cd4934f8836cfbfd402b6abc7b12af833966ee3bb697637f923449b56f30661a198738f9b2d7fc7dc08ad0bb3661eb91de17a2f66b3babd5accdfbf3989fe57143cf3c78f02c1177fafb693c51088009a590e435d1ac4ddb112749ee38119e481236804ea426e250bc906b303d7c2fef3b9748889c62e35a6bb28c84936337199718493797047af4e73aead482db6b8b"}, @INET_DIAG_REQ_BYTECODE={0x85, 0x1, "f52694767e388833c3993aec9e285fafea5e79ca9d54d4f33956e0b398a5545520ae1008a628f9c0439ec7ea3e17588bb93c69eed8c49e9a179f53ed100039b847addbd231550c88aaf2cbb7d13d5a661dfcf9c3169ae33cab58ebb46459d6a1cb52dce401aadf71a396c1270475de7f60e3467d8a1c518a8592a1ee90ffb9d432"}, @INET_DIAG_REQ_BYTECODE={0x41, 0x1, "ba7cccb1da70ceeefc1d67c6ad00bae177b4cf30804ccb06a1c999f1fd57b88ca623880a5e34b4fc24d660664627f4c1c86a53093bf597b5a0db1331e3"}, @INET_DIAG_REQ_BYTECODE={0x10, 0x1, "eee6e13d0c6330d2fe4dd44c"}, @INET_DIAG_REQ_BYTECODE={0x8a, 0x1, "0fd56e0f63696157cd3b7da20a6f6df439c25f0c7fbd33506c03252caa8d62d0e56ef0df7a40197555d600db08a496ae243ebfd7be0c71d790b3b076eff9357379fdd1983942be6eaa7fac836f002f9eb0e339248992315a31f1113b30eefdef339027374b100e119a90ac67f3079d2477733a8cf90ce0bc379ef20256366ff81d72fc9370ff"}, @INET_DIAG_REQ_BYTECODE={0x82, 0x1, "6411ccd989e04f814798000dd6cd6ffeb3334abeddeefdddb6814435f6eff267bfede4c4ce2ea7beaa1a1ab6dd3f3566ff576c291974e6e68677b8854213c9b0ea79567f40ca958133f27b566d8c036d45bb346036127abe279755fdf4703d081a379c3e337904b09d1c3f9c9f2cabcc992772dc2198d570e3c306480344"}, @INET_DIAG_REQ_BYTECODE={0x9, 0x1, "7fc2ad6a8c"}, @INET_DIAG_REQ_BYTECODE={0xa0, 0x1, "6934e88710eaa4fd0be12c8a2e4404a30b9dee5d9f48d69a0257743b82b1a7de80e5ae347ae3f5ea0db2d034bac6c9c44fbf0230b6c11e23b4e9f5d32a9ee8fcdb73aa9778264c451c7ef445bedec4554955c8074627cb94a12c324af9e51c6b18f22f2c64b4fff42fb38d835ff4c0d1b59b91220d207d21e7f1eac9b17d364b90d545c5647fdd36702f57a1a635cf8eb29d7b1d89d53579b71a1f6f"}]}, 0x490}, 0x1, 0x0, 0x0, 0x4000010}, 0x4001)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, &(0x7f0000001500)="267600410f01b00000000066b88e000f00d066420f3a14ce5736430f0164b107b805000000b9060000000f01c1f30f01330f015b7548b80c000000000000000f23d80f21f835800000000f23f8f30fc733", 0x51}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$DCCPDIAG_GETSOCK-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r6)
sendmsg$IEEE802154_LIST_IFACE(r6, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)={0x490, 0x13, 0x100, 0x70bd27, 0x25dfdbfd, {0x1, 0xff, 0xff, 0x4, {0x4e23, 0x4e20, [0x2, 0x10000, 0x3, 0x2], [0x7, 0x7f, 0x9, 0xdf80], 0x0, [0xa, 0x7f]}, 0x9, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xb8, 0x1, "91995af8ce30ca6e98f7255a3dafaf02bae9b530e1c4e58be4415159d7928484233cad03dd3a75f08474d9551f6a3c86109b3ccf4d648d407eb8a179d7701cd9d8e5b976a19946554838cc24b94775c5248d1beb2c582c380a71ff772f4f3d174a421a3478eebc369c398c5ea839895860f4dfe157af7bc6d8bdfc4a93cf3372834a284be94270ab5e28495110dfbf56d2a7acb7e8c858f0fed189623a5340c533e0656c9df5ce8b7c2d66a0bf3809e1172f9f42"}, @INET_DIAG_REQ_BYTECODE={0xf1, 0x1, "d47cf6aaa5cdad31f1ccc41f4290b3fdb6ea87fe362060ef7865d61635675222e09ea704d6e78e356cfbd62944da9f783e0317f78a5951be94120ecf73c4874ebf7dc97a9228e1656f354be09e97ab56d8dec6c203c0f497ad49494652cd4934f8836cfbfd402b6abc7b12af833966ee3bb697637f923449b56f30661a198738f9b2d7fc7dc08ad0bb3661eb91de17a2f66b3babd5accdfbf3989fe57143cf3c78f02c1177fafb693c51088009a590e435d1ac4ddb112749ee38119e481236804ea426e250bc906b303d7c2fef3b9748889c62e35a6bb28c84936337199718493797047af4e73aead482db6b8b"}, @INET_DIAG_REQ_BYTECODE={0x85, 0x1, "f52694767e388833c3993aec9e285fafea5e79ca9d54d4f33956e0b398a5545520ae1008a628f9c0439ec7ea3e17588bb93c69eed8c49e9a179f53ed100039b847addbd231550c88aaf2cbb7d13d5a661dfcf9c3169ae33cab58ebb46459d6a1cb52dce401aadf71a396c1270475de7f60e3467d8a1c518a8592a1ee90ffb9d432"}, @INET_DIAG_REQ_BYTECODE={0x41, 0x1, "ba7cccb1da70ceeefc1d67c6ad00bae177b4cf30804ccb06a1c999f1fd57b88ca623880a5e34b4fc24d660664627f4c1c86a53093bf597b5a0db1331e3"}, @INET_DIAG_REQ_BYTECODE={0x10, 0x1, "eee6e13d0c6330d2fe4dd44c"}, @INET_DIAG_REQ_BYTECODE={0x8a, 0x1, "0fd56e0f63696157cd3b7da20a6f6df439c25f0c7fbd33506c03252caa8d62d0e56ef0df7a40197555d600db08a496ae243ebfd7be0c71d790b3b076eff9357379fdd1983942be6eaa7fac836f002f9eb0e339248992315a31f1113b30eefdef339027374b100e119a90ac67f3079d2477733a8cf90ce0bc379ef20256366ff81d72fc9370ff"}, @INET_DIAG_REQ_BYTECODE={0x82, 0x1, "6411ccd989e04f814798000dd6cd6ffeb3334abeddeefdddb6814435f6eff267bfede4c4ce2ea7beaa1a1ab6dd3f3566ff576c291974e6e68677b8854213c9b0ea79567f40ca958133f27b566d8c036d45bb346036127abe279755fdf4703d081a379c3e337904b09d1c3f9c9f2cabcc992772dc2198d570e3c306480344"}, @INET_DIAG_REQ_BYTECODE={0x9, 0x1, "7fc2ad6a8c"}, @INET_DIAG_REQ_BYTECODE={0xa0, 0x1, "6934e88710eaa4fd0be12c8a2e4404a30b9dee5d9f48d69a0257743b82b1a7de80e5ae347ae3f5ea0db2d034bac6c9c44fbf0230b6c11e23b4e9f5d32a9ee8fcdb73aa9778264c451c7ef445bedec4554955c8074627cb94a12c324af9e51c6b18f22f2c64b4fff42fb38d835ff4c0d1b59b91220d207d21e7f1eac9b17d364b90d545c5647fdd36702f57a1a635cf8eb29d7b1d89d53579b71a1f6f"}]}, 0x490}, 0x1, 0x0, 0x0, 0x4000010}, 0x4001)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, &(0x7f0000001500)="267600410f01b00000000066b88e000f00d066420f3a14ce5736430f0164b107b805000000b9060000000f01c1f30f01330f015b7548b80c000000000000000f23d80f21f835800000000f23f8f30fc733", 0x51}], 0x1, 0x43, 0x0, 0x0)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$DCCPDIAG_GETSOCK-ioctl$KVM_CREATE_VCPU-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r6)
sendmsg$IEEE802154_LIST_IFACE(r6, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)={0x490, 0x13, 0x100, 0x70bd27, 0x25dfdbfd, {0x1, 0xff, 0xff, 0x4, {0x4e23, 0x4e20, [0x2, 0x10000, 0x3, 0x2], [0x7, 0x7f, 0x9, 0xdf80], 0x0, [0xa, 0x7f]}, 0x9, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xb8, 0x1, "91995af8ce30ca6e98f7255a3dafaf02bae9b530e1c4e58be4415159d7928484233cad03dd3a75f08474d9551f6a3c86109b3ccf4d648d407eb8a179d7701cd9d8e5b976a19946554838cc24b94775c5248d1beb2c582c380a71ff772f4f3d174a421a3478eebc369c398c5ea839895860f4dfe157af7bc6d8bdfc4a93cf3372834a284be94270ab5e28495110dfbf56d2a7acb7e8c858f0fed189623a5340c533e0656c9df5ce8b7c2d66a0bf3809e1172f9f42"}, @INET_DIAG_REQ_BYTECODE={0xf1, 0x1, "d47cf6aaa5cdad31f1ccc41f4290b3fdb6ea87fe362060ef7865d61635675222e09ea704d6e78e356cfbd62944da9f783e0317f78a5951be94120ecf73c4874ebf7dc97a9228e1656f354be09e97ab56d8dec6c203c0f497ad49494652cd4934f8836cfbfd402b6abc7b12af833966ee3bb697637f923449b56f30661a198738f9b2d7fc7dc08ad0bb3661eb91de17a2f66b3babd5accdfbf3989fe57143cf3c78f02c1177fafb693c51088009a590e435d1ac4ddb112749ee38119e481236804ea426e250bc906b303d7c2fef3b9748889c62e35a6bb28c84936337199718493797047af4e73aead482db6b8b"}, @INET_DIAG_REQ_BYTECODE={0x85, 0x1, "f52694767e388833c3993aec9e285fafea5e79ca9d54d4f33956e0b398a5545520ae1008a628f9c0439ec7ea3e17588bb93c69eed8c49e9a179f53ed100039b847addbd231550c88aaf2cbb7d13d5a661dfcf9c3169ae33cab58ebb46459d6a1cb52dce401aadf71a396c1270475de7f60e3467d8a1c518a8592a1ee90ffb9d432"}, @INET_DIAG_REQ_BYTECODE={0x41, 0x1, "ba7cccb1da70ceeefc1d67c6ad00bae177b4cf30804ccb06a1c999f1fd57b88ca623880a5e34b4fc24d660664627f4c1c86a53093bf597b5a0db1331e3"}, @INET_DIAG_REQ_BYTECODE={0x10, 0x1, "eee6e13d0c6330d2fe4dd44c"}, @INET_DIAG_REQ_BYTECODE={0x8a, 0x1, "0fd56e0f63696157cd3b7da20a6f6df439c25f0c7fbd33506c03252caa8d62d0e56ef0df7a40197555d600db08a496ae243ebfd7be0c71d790b3b076eff9357379fdd1983942be6eaa7fac836f002f9eb0e339248992315a31f1113b30eefdef339027374b100e119a90ac67f3079d2477733a8cf90ce0bc379ef20256366ff81d72fc9370ff"}, @INET_DIAG_REQ_BYTECODE={0x82, 0x1, "6411ccd989e04f814798000dd6cd6ffeb3334abeddeefdddb6814435f6eff267bfede4c4ce2ea7beaa1a1ab6dd3f3566ff576c291974e6e68677b8854213c9b0ea79567f40ca958133f27b566d8c036d45bb346036127abe279755fdf4703d081a379c3e337904b09d1c3f9c9f2cabcc992772dc2198d570e3c306480344"}, @INET_DIAG_REQ_BYTECODE={0x9, 0x1, "7fc2ad6a8c"}, @INET_DIAG_REQ_BYTECODE={0xa0, 0x1, "6934e88710eaa4fd0be12c8a2e4404a30b9dee5d9f48d69a0257743b82b1a7de80e5ae347ae3f5ea0db2d034bac6c9c44fbf0230b6c11e23b4e9f5d32a9ee8fcdb73aa9778264c451c7ef445bedec4554955c8074627cb94a12c324af9e51c6b18f22f2c64b4fff42fb38d835ff4c0d1b59b91220d207d21e7f1eac9b17d364b90d545c5647fdd36702f57a1a635cf8eb29d7b1d89d53579b71a1f6f"}]}, 0x490}, 0x1, 0x0, 0x0, 0x4000010}, 0x4001)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$DCCPDIAG_GETSOCK-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r6)
sendmsg$IEEE802154_LIST_IFACE(r6, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)={0x490, 0x13, 0x100, 0x70bd27, 0x25dfdbfd, {0x1, 0xff, 0xff, 0x4, {0x4e23, 0x4e20, [0x2, 0x10000, 0x3, 0x2], [0x7, 0x7f, 0x9, 0xdf80], 0x0, [0xa, 0x7f]}, 0x9, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xb8, 0x1, "91995af8ce30ca6e98f7255a3dafaf02bae9b530e1c4e58be4415159d7928484233cad03dd3a75f08474d9551f6a3c86109b3ccf4d648d407eb8a179d7701cd9d8e5b976a19946554838cc24b94775c5248d1beb2c582c380a71ff772f4f3d174a421a3478eebc369c398c5ea839895860f4dfe157af7bc6d8bdfc4a93cf3372834a284be94270ab5e28495110dfbf56d2a7acb7e8c858f0fed189623a5340c533e0656c9df5ce8b7c2d66a0bf3809e1172f9f42"}, @INET_DIAG_REQ_BYTECODE={0xf1, 0x1, "d47cf6aaa5cdad31f1ccc41f4290b3fdb6ea87fe362060ef7865d61635675222e09ea704d6e78e356cfbd62944da9f783e0317f78a5951be94120ecf73c4874ebf7dc97a9228e1656f354be09e97ab56d8dec6c203c0f497ad49494652cd4934f8836cfbfd402b6abc7b12af833966ee3bb697637f923449b56f30661a198738f9b2d7fc7dc08ad0bb3661eb91de17a2f66b3babd5accdfbf3989fe57143cf3c78f02c1177fafb693c51088009a590e435d1ac4ddb112749ee38119e481236804ea426e250bc906b303d7c2fef3b9748889c62e35a6bb28c84936337199718493797047af4e73aead482db6b8b"}, @INET_DIAG_REQ_BYTECODE={0x85, 0x1, "f52694767e388833c3993aec9e285fafea5e79ca9d54d4f33956e0b398a5545520ae1008a628f9c0439ec7ea3e17588bb93c69eed8c49e9a179f53ed100039b847addbd231550c88aaf2cbb7d13d5a661dfcf9c3169ae33cab58ebb46459d6a1cb52dce401aadf71a396c1270475de7f60e3467d8a1c518a8592a1ee90ffb9d432"}, @INET_DIAG_REQ_BYTECODE={0x41, 0x1, "ba7cccb1da70ceeefc1d67c6ad00bae177b4cf30804ccb06a1c999f1fd57b88ca623880a5e34b4fc24d660664627f4c1c86a53093bf597b5a0db1331e3"}, @INET_DIAG_REQ_BYTECODE={0x10, 0x1, "eee6e13d0c6330d2fe4dd44c"}, @INET_DIAG_REQ_BYTECODE={0x8a, 0x1, "0fd56e0f63696157cd3b7da20a6f6df439c25f0c7fbd33506c03252caa8d62d0e56ef0df7a40197555d600db08a496ae243ebfd7be0c71d790b3b076eff9357379fdd1983942be6eaa7fac836f002f9eb0e339248992315a31f1113b30eefdef339027374b100e119a90ac67f3079d2477733a8cf90ce0bc379ef20256366ff81d72fc9370ff"}, @INET_DIAG_REQ_BYTECODE={0x82, 0x1, "6411ccd989e04f814798000dd6cd6ffeb3334abeddeefdddb6814435f6eff267bfede4c4ce2ea7beaa1a1ab6dd3f3566ff576c291974e6e68677b8854213c9b0ea79567f40ca958133f27b566d8c036d45bb346036127abe279755fdf4703d081a379c3e337904b09d1c3f9c9f2cabcc992772dc2198d570e3c306480344"}, @INET_DIAG_REQ_BYTECODE={0x9, 0x1, "7fc2ad6a8c"}, @INET_DIAG_REQ_BYTECODE={0xa0, 0x1, "6934e88710eaa4fd0be12c8a2e4404a30b9dee5d9f48d69a0257743b82b1a7de80e5ae347ae3f5ea0db2d034bac6c9c44fbf0230b6c11e23b4e9f5d32a9ee8fcdb73aa9778264c451c7ef445bedec4554955c8074627cb94a12c324af9e51c6b18f22f2c64b4fff42fb38d835ff4c0d1b59b91220d207d21e7f1eac9b17d364b90d545c5647fdd36702f57a1a635cf8eb29d7b1d89d53579b71a1f6f"}]}, 0x490}, 0x1, 0x0, 0x0, 0x4000010}, 0x4001)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r6)
sendmsg$IEEE802154_LIST_IFACE(r6, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$KVM_CREATE_VM-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r6)
sendmsg$IEEE802154_LIST_IFACE(r6, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in corrupted
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_LIST_IFACE-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r5)
sendmsg$IEEE802154_LIST_IFACE(r5, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)={&(0x7f0000005840)=ANY=[@ANYBLOB="01400000", @ANYRES16=r6, @ANYBLOB="010025bd7000fbdbdf251f0000000a0001007770616e31000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000005740), r5)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-syz_init_net_socket$nl_generic-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in corrupted
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-openat$kvm-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-pread64-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
r3 = syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r3 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_open_procfs-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_open_procfs(r1, &(0x7f00000003c0)='syscall\x00')
r3 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r3 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-fchdir-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r3 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-syz_open_procfs-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_clone-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000002640)=0x7fff, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(0x0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r3 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in corrupted
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-setsockopt$inet6_tcp_int-syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r1 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r3 = syz_open_procfs$pagemap(r1, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in corrupted
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-socket$inet6_tcp-syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in corrupted
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, 0x0, 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, 0x0)
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040)=[{}], 0x144, 0x1, 0x0, 0x2, 0x0, 0x2})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
detailed listing:
executing program 0:
r0 = syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x4, 0x0)
syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0)
r2 = syz_open_procfs$pagemap(r0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x2})

program crashed: general protection fault in do_pagemap_scan
extracting C reproducer
testing compiled C program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in corrupted
simplifying C reproducer
testing compiled C program (duration=30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in do_pagemap_scan
testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in do_pagemap_scan
testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in do_pagemap_scan
testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in do_pagemap_scan
testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in do_pagemap_scan
testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in do_pagemap_scan
testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_procfs-fchdir-mount-syz_usb_connect$uac1-syz_open_procfs$pagemap-ioctl$PAGEMAP_SCAN
program crashed: general protection fault in do_pagemap_scan
reproducing took 23m39.14398141s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000003c: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000001e0-0x00000000000001e7]
CPU: 0 UID: 0 PID: 5936 Comm: syz-executor462 Not tainted 6.14.0-rc6-syzkaller-00212-geb88e6bfbc0a #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5091
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 0a 25 cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 57 83 93 0f 84
RSP: 0018:ffffc90003b1fa08 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 000000000000003c RSI: 1ffff92000763f53 RDI: 00000000000001e0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90626417 R11: 0000000000000000 R12: 00000000000001e0
R13: ffff88802a732440 R14: 0000000000000000 R15: 0000000000000000
FS:  0000555558d62380(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005622084bacf0 CR3: 0000000029d0c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
 down_read_killable+0x9d/0x380 kernel/locking/rwsem.c:1547
 mmap_read_lock_killable include/linux/mmap_lock.h:199 [inline]
 do_pagemap_scan+0x6a3/0xcd0 fs/proc/task_mmu.c:2766
 do_pagemap_cmd+0x58/0x80 fs/proc/task_mmu.c:2819
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3a7ce81159
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd116072e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffd116074b8 RCX: 00007f3a7ce81159
RDX: 0000400000000480 RSI: 00000000c0606610 RDI: 0000000000000005
RBP: 00007f3a7cef4610 R08: 00007ffd11606f94 R09: 00007ffd116074b8
R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd116074a8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5091
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 0a 25 cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 57 83 93 0f 84
RSP: 0018:ffffc90003b1fa08 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 000000000000003c RSI: 1ffff92000763f53 RDI: 00000000000001e0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90626417 R11: 0000000000000000 R12: 00000000000001e0
R13: ffff88802a732440 R14: 0000000000000000 R15: 0000000000000000
FS:  0000555558d62380(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005622084bacf0 CR3: 0000000029d0c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	08 84 d2 0f 85 15 14 	or     %al,0x1415850f(%rdx,%rdx,8)
   7:	00 00                	add    %al,(%rax)
   9:	44 8b 0d 0a 25 cc 0e 	mov    0xecc250a(%rip),%r9d        # 0xecc251a
  10:	45 85 c9             	test   %r9d,%r9d
  13:	0f 84 b4 0e 00 00    	je     0xecd
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	4c 89 e2             	mov    %r12,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 96 2c 00 00    	jne    0x2cca
  34:	49 8b 04 24          	mov    (%r12),%rax
  38:	48 3d a0 57 83 93    	cmp    $0xffffffff938357a0,%rax
  3e:	0f                   	.byte 0xf
  3f:	84                   	.byte 0x84

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000003c: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000001e0-0x00000000000001e7]
CPU: 0 UID: 0 PID: 5936 Comm: syz-executor462 Not tainted 6.14.0-rc6-syzkaller-00212-geb88e6bfbc0a #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5091
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 0a 25 cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 57 83 93 0f 84
RSP: 0018:ffffc90003b1fa08 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 000000000000003c RSI: 1ffff92000763f53 RDI: 00000000000001e0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90626417 R11: 0000000000000000 R12: 00000000000001e0
R13: ffff88802a732440 R14: 0000000000000000 R15: 0000000000000000
FS:  0000555558d62380(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005622084bacf0 CR3: 0000000029d0c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
 down_read_killable+0x9d/0x380 kernel/locking/rwsem.c:1547
 mmap_read_lock_killable include/linux/mmap_lock.h:199 [inline]
 do_pagemap_scan+0x6a3/0xcd0 fs/proc/task_mmu.c:2766
 do_pagemap_cmd+0x58/0x80 fs/proc/task_mmu.c:2819
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3a7ce81159
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd116072e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffd116074b8 RCX: 00007f3a7ce81159
RDX: 0000400000000480 RSI: 00000000c0606610 RDI: 0000000000000005
RBP: 00007f3a7cef4610 R08: 00007ffd11606f94 R09: 00007ffd116074b8
R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd116074a8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5091
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 0a 25 cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 57 83 93 0f 84
RSP: 0018:ffffc90003b1fa08 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 000000000000003c RSI: 1ffff92000763f53 RDI: 00000000000001e0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90626417 R11: 0000000000000000 R12: 00000000000001e0
R13: ffff88802a732440 R14: 0000000000000000 R15: 0000000000000000
FS:  0000555558d62380(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005622084bacf0 CR3: 0000000029d0c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	08 84 d2 0f 85 15 14 	or     %al,0x1415850f(%rdx,%rdx,8)
   7:	00 00                	add    %al,(%rax)
   9:	44 8b 0d 0a 25 cc 0e 	mov    0xecc250a(%rip),%r9d        # 0xecc251a
  10:	45 85 c9             	test   %r9d,%r9d
  13:	0f 84 b4 0e 00 00    	je     0xecd
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	4c 89 e2             	mov    %r12,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 96 2c 00 00    	jne    0x2cca
  34:	49 8b 04 24          	mov    (%r12),%rax
  38:	48 3d a0 57 83 93    	cmp    $0xffffffff938357a0,%rax
  3e:	0f                   	.byte 0xf
  3f:	84                   	.byte 0x84