BUG: unable to handle page fault for address: ffffed100fffc000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 PID: 9785 Comm: syz-executor.7 Not tainted 6.1.0-rc3-next-20221031 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__memset+0x24/0x50 Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 RSP: 0018:ffff88803b2ffcc0 EFLAGS: 00010216 RAX: 0000000000000000 RBX: ffff88800bfd70c0 RCX: 1ffffe21fe6000d2 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 RBP: ffff88800c00c3c0 R08: 0000000000000005 R09: ffffed10017fae18 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c00c3c0 R13: ffff88800bfd70c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f FS: 00007f5937b22700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffed100fffc000 CR3: 0000000041ed8000 CR4: 0000000000350ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 Call Trace: kasan_unpoison+0x23/0x60 mempool_exit+0x1c2/0x330 bioset_exit+0x2c9/0x630 disk_release+0x143/0x490 device_release+0xa2/0x250 kobject_put+0x173/0x280 put_device+0x1b/0x40 put_disk+0x41/0x60 loop_control_ioctl+0x4d1/0x630 __x64_sys_ioctl+0x19a/0x220 do_syscall_64+0x3b/0xa0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f593a5acb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5937b22188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f593a6bff60 RCX: 00007f593a5acb19 RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004 RBP: 00007f593a606f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffaeffe93f R14: 00007f5937b22300 R15: 0000000000022000 Modules linked in: CR2: ffffed100fffc000 ---[ end trace 0000000000000000 ]--- RIP: 0010:__memset+0x24/0x50 Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 RSP: 0018:ffff88803b2ffcc0 EFLAGS: 00010216 RAX: 0000000000000000 RBX: ffff88800bfd70c0 RCX: 1ffffe21fe6000d2 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 RBP: ffff88800c00c3c0 R08: 0000000000000005 R09: ffffed10017fae18 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c00c3c0 R13: ffff88800bfd70c0 R14: ffffffff815f27a0 R15: 1ffff1100112361f FS: 00007f5937b22700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffed100fffc000 CR3: 0000000041ed8000 CR4: 0000000000350ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400 random: crng reseeded on system resumption Restarting kernel threads ... done. random: crng reseeded on system resumption Restarting kernel threads ... done. random: crng reseeded on system resumption Restarting kernel threads ... done. random: crng reseeded on system resumption Restarting kernel threads ... done. random: crng reseeded on system resumption Restarting kernel threads ... done. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=259 sclass=netlink_xfrm_socket pid=9936 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=259 sclass=netlink_xfrm_socket pid=9965 comm=syz-executor.4 blktrace: Concurrent blktraces are not allowed on sg0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=259 sclass=netlink_xfrm_socket pid=9977 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=259 sclass=netlink_xfrm_socket pid=9986 comm=syz-executor.4 Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout Process accounting resumed Process accounting resumed warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed syz-executor.6 (10291) used greatest stack depth: 23432 bytes left netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) b: 49 89 f9 mov %rdi,%r9 e: 48 89 d1 mov %rdx,%rcx 11: 83 e2 07 and $0x7,%edx 14: 48 c1 e9 03 shr $0x3,%rcx 18: 40 0f b6 f6 movzbl %sil,%esi 1c: 48 b8 01 01 01 01 01 movabs $0x101010101010101,%rax 23: 01 01 01 26: 48 0f af c6 imul %rsi,%rax * 2a: f3 48 ab rep stos %rax,%es:(%rdi) <-- trapping instruction 2d: 89 d1 mov %edx,%ecx 2f: f3 aa rep stos %al,%es:(%rdi) 31: 4c 89 c8 mov %r9,%rax 34: e9 4d d4 12 00 jmpq 0x12d486 39: 66 data16 3a: 66 data16 3b: 2e cs 3c: 0f .byte 0xf 3d: 1f (bad) 3e: 84 00 test %al,(%rax)