program: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xd3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1400, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, @perf_config_ext={0xff, 0x7}, 0x104101, 0x184, 0x3, 0x9, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000040)='./file2\x00', 0x3200400, &(0x7f0000000c00)=ANY=[], 0x1, 0xa56, &(0x7f0000001c80)="$eJzs3U2MW0fhAPB53vUmm6T/OP0ndElCm/DRlo/uNpslfETQVM2FqKm4Vaq4RGlaItKASCVoVYkkJ260qsKVD3EqhwoQUntBUU9cKtFIXHoqHDgQBakSBygkRrFnvPasrWfvl+317yfNjufNs2fe2+fn9zUzAZhYlcbfpaW5IoRrb79+8u8P/m327pTHWnPUGn+n21LVEEIR09PZ530w1Yxvf/jK2W5xERYbf1M6PHWr9d6dIYTL4VC4Hmph/7Ubr727+OTpK6euHn7vjeM3N2bpAQBgsnzz+vGlfX/504E9H715/4mwrTU9HZ/XYnpXPO4/EQ/80/F/JXSmi7bQbiabbzqGSjbfVJf52supZvNN9yh/Jvvcaiv/QMd820rKn2qb1m25YZyl7bgWisp8R7pSmZ9vnpOHxnn9TDF/8fyF5y4NqaLAuvvnAyGEQ8KgoV6v/6ixAkegLoKw2lDfPew9EEBTfr9whcv5lYW1aX3adH/l33q80v39sA42e/tX/niV/6sr9jisn626NaXlSt+jXTGd30fIn18a9PufPi+/H1Hts5697iOMy/2FXvWc2uR6rFav+ufbxVb1tRin9fD1LL/9+5P/T8flfwx0968Ju/5/aATqsKVDdQTqIPQd6sPeAQEja/m5uaZ6lPLz5/ry/G0l+dtL8mdL8neU5O8syYdJ9rsXfxJeLZbP8/Nz+kGvh6XrbPfE+P8GrE9+PXLQ8vPnfge11vLz54lhlL115ulzX372mRvN5/+L1vZ/J27vh2K6Fr9b1+MM6Xphfl299ex/rbOcSo/57s3qc8+K+evNEvd2zlfsXf6c0LafWVGPuc737e4138HO+WrZfLMxbM/qmx+f7Mjel44/0n41ra/pbHmr2XLMZPVI+5U9Mc7rAauRtsdez/+n7XMuVIvnzl8492hMp+30j1PVbXenH2n/0F9vTt2Btem3/c9c6Gz/s6s1vVpp3y/sXp5etO8Xatn0xWaydZs8TT8a0+l37ttTs43p82e/e+HZ9V54mHCXXnr5O2cuXDj3fS/Si1mrxQsvhr1nAjbawosvfG/h0ksvP3L+hTPPn3v+3MWjx44dXVw89pWjSwuN4/qF9qN7YCtZ/tEfdk0AAAAAAAAAAACAfv3g1Mkbf37nS+832/8vt/9L7f/Tk7+p/f+Ps/b/eTv51A4+tQPc0yW/Me7eW531mMnmq8bw/1l992bl7Mve97EYt8bxi+3/U3v7vF/XVJ/7sul5/71pvqw7gRX9pcxkfZDk4wV+MsZXY/zLAENUzHafHOOy/q3Ttp76p9AvxXhK/7e0NaR+TFL77179OqX9/55NqCPrbzOaEw57GYHu/jHy/X+3HYkPvS4TEKzniQr1ulE8gNEw7PE/03XPFF/8wze23w1ptluPd+4v8/5LYS1GffxJ5W+t8T9b49/1tf/r0rt6Rz/P/Y+u8O+f3Xy/rdiwv9/9b778qR/oveVltvsolp+W/6HQX/n1X2Tl5zeE+vSfrPwdfZa/YvkPrq78/8by02p7+FP9lt+scVHprEd+3Tjd/8uvGye3s+VPfXsOvPyrHKjxTiwfJlnvcWb7HcF2NI3L+L+95M9hfDGm044wPeeQ/yIPWv/0fEX6HdiXfX5R8vs2LuMU9zLp4/9+NcZl34c0/m/aHmtd0pW2dLXLuh33bQW2mg9G/v7fmIXLI1AHYUTD7AjUoTPU6/WNvaBVYqiFM/T1P+y7z8Muf9jrv0w+/m9+DJ+P/1vJTiDy8X/z9+fj/+b5+fh6eX4+/m++PvPxf/P8+7LPza9gz5Xkf7wkf39J/oHl/Nlu+QdL3v+JkvzDJfn3l+Q/UJJ/b0n+VEn+p0vyP1OS/2BJ/sMl+Z8tyd/qUnuUSV1+mGR5+zzff5gc6f5Pr+//3pJ8YHz99M0jTzzz22/Vmu3/Z1rna+k+3omYrsZz5x/GdH7fO7Sl7+a9E9N/zfJH/XoHTJK8/4z89/2hknxgfKXnvHy/YQIV3Xvs6bffql7H+YyXz8X48zH+QowfifF8jBdifCTGi5tUPzbGE7/5/fFXi+Xz/d1Zfr/Pk+ftgfJ+oo72WZ/8+sCgz7Pn/fgNaq3lr7I5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNBUGn+XluaKEK69/frJp0+fX7g75bHWHLXG3+m2VLX1vhAejfFUjH8eX9z+8JWz7fGdGBdhMRShaE0PT91qlbQzhHA5HArXQy3sv3bjtXcXnzx95dTVw++9cfzmxq0BAAAA2Pr+FwAA//9BFBh3") r1 = open(&(0x7f0000000280)='./file2\x00', 0x400141382, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x580000a, 0x13, r1, 0x0) write$cgroup_type(r1, &(0x7f0000000000), 0x9) r2 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000001c0)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0], 0x4}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000240)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], 0x2, r3, 0xdededede}) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) [ 78.380423][ T5308] Bluetooth: hci0: command tx timeout [ 78.383387][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 78.385723][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 78.488720][ T5324] loop0: detected capacity change from 0 to 2048 [ 78.541277][ T5327] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.557099][ T5324] NILFS (loop0): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 78.561837][ T5324] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [ 78.565833][ T5324] Remounting filesystem read-only [ 78.567419][ T5324] NILFS (loop0): error -5 truncating bmap (ino=16) [ 78.579011][ T5324] [ 78.580089][ T5324] ====================================================== [ 78.582831][ T5324] WARNING: possible circular locking dependency detected [ 78.585612][ T5324] 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 Not tainted [ 78.588358][ T5324] ------------------------------------------------------ [ 78.591103][ T5324] syz.0.0/5324 is trying to acquire lock: [ 78.593440][ T5324] ffff88801119a610 (sb_internal#2){.+.+}-{0:0}, at: nilfs_page_mkwrite+0x8b0/0xc20 [ 78.596991][ T5324] [ 78.596991][ T5324] but task is already holding lock: [ 78.599754][ T5324] ffff88801119a518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x14a/0x310 [ 78.603187][ T5324] [ 78.603187][ T5324] which lock already depends on the new lock. [ 78.603187][ T5324] [ 78.607277][ T5324] [ 78.607277][ T5324] the existing dependency chain (in reverse order) is: [ 78.610642][ T5324] [ 78.610642][ T5324] -> #5 (sb_pagefaults){.+.+}-{0:0}: [ 78.613549][ T5324] lock_acquire+0x120/0x360 [ 78.615463][ T5324] nilfs_page_mkwrite+0x21e/0xc20 [ 78.617655][ T5324] do_page_mkwrite+0x14a/0x310 [ 78.619660][ T5324] do_wp_page+0x2626/0x5760 [ 78.621591][ T5324] __handle_mm_fault+0x1028/0x5380 [ 78.623612][ T5324] handle_mm_fault+0x3f6/0x8c0 [ 78.625486][ T5324] do_user_addr_fault+0x764/0x1390 [ 78.627664][ T5324] exc_page_fault+0x68/0x110 [ 78.629651][ T5324] asm_exc_page_fault+0x26/0x30 [ 78.631776][ T5324] __put_user_4+0xd/0x20 [ 78.633510][ T5324] __sys_sendmmsg+0x25f/0x430 [ 78.635353][ T5324] __x64_sys_sendmmsg+0xa0/0xc0 [ 78.637137][ T5324] do_syscall_64+0xf6/0x210 [ 78.639211][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.641842][ T5324] [ 78.641842][ T5324] -> #4 (&mm->mmap_lock){++++}-{4:4}: [ 78.644766][ T5324] lock_acquire+0x120/0x360 [ 78.646760][ T5324] __might_fault+0xcc/0x130 [ 78.648765][ T5324] _copy_to_iter+0xf3/0x15a0 [ 78.650874][ T5324] copy_page_to_iter+0xa7/0x150 [ 78.653148][ T5324] filemap_read+0x78d/0x11d0 [ 78.655304][ T5324] blkdev_read_iter+0x30a/0x440 [ 78.657518][ T5324] vfs_read+0x4cd/0x980 [ 78.659135][ T5324] ksys_read+0x145/0x250 [ 78.660648][ T5324] do_syscall_64+0xf6/0x210 [ 78.662307][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.664272][ T5324] [ 78.664272][ T5324] -> #3 (&sb->s_type->i_mutex_key#8){++++}-{4:4}: [ 78.667336][ T5324] lock_acquire+0x120/0x360 [ 78.669389][ T5324] down_write+0x96/0x1f0 [ 78.671600][ T5324] set_blocksize+0x23b/0x500 [ 78.673702][ T5324] sb_min_blocksize+0x119/0x210 [ 78.675899][ T5324] init_nilfs+0x43/0x690 [ 78.677859][ T5324] nilfs_fill_super+0x8f/0x650 [ 78.680016][ T5324] nilfs_get_tree+0x4f4/0x870 [ 78.682180][ T5324] vfs_get_tree+0x8f/0x2b0 [ 78.684187][ T5324] do_new_mount+0x249/0xa50 [ 78.686399][ T5324] __se_sys_mount+0x317/0x410 [ 78.688517][ T5324] do_syscall_64+0xf6/0x210 [ 78.690793][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.693372][ T5324] [ 78.693372][ T5324] -> #2 (&nilfs->ns_sem){++++}-{4:4}: [ 78.696320][ T5324] lock_acquire+0x120/0x360 [ 78.698493][ T5324] down_write+0x96/0x1f0 [ 78.700340][ T5324] __nilfs_error+0x1ca/0x4b0 [ 78.702196][ T5324] nilfs_bmap_truncate+0x506/0x570 [ 78.704359][ T5324] nilfs_truncate_bmap+0x1a4/0x340 [ 78.706738][ T5324] nilfs_truncate+0x279/0x4e0 [ 78.709123][ T5324] nilfs_setattr+0x206/0x2b0 [ 78.711178][ T5324] notify_change+0xb33/0xe40 [ 78.713234][ T5324] do_truncate+0x19a/0x220 [ 78.715243][ T5324] path_openat+0x306c/0x3830 [ 78.717703][ T5324] do_filp_open+0x1fa/0x410 [ 78.719382][ T5324] do_sys_openat2+0x121/0x1c0 [ 78.721586][ T5324] __x64_sys_open+0x11e/0x150 [ 78.723653][ T5324] do_syscall_64+0xf6/0x210 [ 78.725587][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.728008][ T5324] [ 78.728008][ T5324] -> #1 (&nilfs->ns_segctor_sem){.+.+}-{4:4}: [ 78.731673][ T5324] lock_acquire+0x120/0x360 [ 78.734253][ T5324] down_read+0x46/0x2e0 [ 78.736223][ T5324] nilfs_transaction_begin+0x365/0x710 [ 78.738671][ T5324] nilfs_setattr+0x10f/0x2b0 [ 78.740601][ T5324] notify_change+0xb33/0xe40 [ 78.742594][ T5324] do_truncate+0x19a/0x220 [ 78.744550][ T5324] path_openat+0x306c/0x3830 [ 78.746634][ T5324] do_filp_open+0x1fa/0x410 [ 78.748618][ T5324] do_sys_openat2+0x121/0x1c0 [ 78.750550][ T5324] __x64_sys_open+0x11e/0x150 [ 78.752633][ T5324] do_syscall_64+0xf6/0x210 [ 78.754662][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.757231][ T5324] [ 78.757231][ T5324] -> #0 (sb_internal#2){.+.+}-{0:0}: [ 78.760172][ T5324] validate_chain+0xb9b/0x2140 [ 78.761872][ T5324] __lock_acquire+0xaac/0xd20 [ 78.763827][ T5324] lock_acquire+0x120/0x360 [ 78.765826][ T5324] nilfs_transaction_begin+0x268/0x710 [ 78.768083][ T5324] nilfs_page_mkwrite+0x8b0/0xc20 [ 78.770257][ T5324] do_page_mkwrite+0x14a/0x310 [ 78.772232][ T5324] do_wp_page+0x2626/0x5760 [ 78.774082][ T5324] __handle_mm_fault+0x1028/0x5380 [ 78.776297][ T5324] handle_mm_fault+0x3f6/0x8c0 [ 78.778375][ T5324] do_user_addr_fault+0x764/0x1390 [ 78.780410][ T5324] exc_page_fault+0x68/0x110 [ 78.782383][ T5324] asm_exc_page_fault+0x26/0x30 [ 78.784244][ T5324] __put_user_4+0xd/0x20 [ 78.786126][ T5324] __sys_sendmmsg+0x25f/0x430 [ 78.787948][ T5324] __x64_sys_sendmmsg+0xa0/0xc0 [ 78.789856][ T5324] do_syscall_64+0xf6/0x210 [ 78.791780][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.794247][ T5324] [ 78.794247][ T5324] other info that might help us debug this: [ 78.794247][ T5324] [ 78.798078][ T5324] Chain exists of: [ 78.798078][ T5324] sb_internal#2 --> &mm->mmap_lock --> sb_pagefaults [ 78.798078][ T5324] [ 78.802669][ T5324] Possible unsafe locking scenario: [ 78.802669][ T5324] [ 78.805531][ T5324] CPU0 CPU1 [ 78.807637][ T5324] ---- ---- [ 78.809630][ T5324] rlock(sb_pagefaults); [ 78.811245][ T5324] lock(&mm->mmap_lock); [ 78.813825][ T5324] lock(sb_pagefaults); [ 78.816473][ T5324] rlock(sb_internal#2); [ 78.818142][ T5324] [ 78.818142][ T5324] *** DEADLOCK *** [ 78.818142][ T5324] [ 78.821174][ T5324] 2 locks held by syz.0.0/5324: [ 78.822898][ T5324] #0: ffff888035be65e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x300 [ 78.826664][ T5324] #1: ffff88801119a518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x14a/0x310 [ 78.830172][ T5324] [ 78.830172][ T5324] stack backtrace: [ 78.832242][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 78.832253][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.832258][ T5324] Call Trace: [ 78.832264][ T5324] [ 78.832268][ T5324] dump_stack_lvl+0x189/0x250 [ 78.832281][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.832295][ T5324] ? __pfx__printk+0x10/0x10 [ 78.832303][ T5324] ? stack_trace_save+0x9c/0xe0 [ 78.832316][ T5324] print_circular_bug+0x2ee/0x310 [ 78.832327][ T5324] check_noncircular+0x134/0x160 [ 78.832335][ T5324] validate_chain+0xb9b/0x2140 [ 78.832342][ T5324] ? validate_chain+0x897/0x2140 [ 78.832349][ T5324] __lock_acquire+0xaac/0xd20 [ 78.832362][ T5324] ? nilfs_page_mkwrite+0x8b0/0xc20 [ 78.832369][ T5324] lock_acquire+0x120/0x360 [ 78.832376][ T5324] ? nilfs_page_mkwrite+0x8b0/0xc20 [ 78.832386][ T5324] ? __pfx___might_resched+0x10/0x10 [ 78.832401][ T5324] ? rcu_read_lock_any_held+0xb3/0x120 [ 78.832409][ T5324] nilfs_transaction_begin+0x268/0x710 [ 78.832420][ T5324] ? nilfs_page_mkwrite+0x8b0/0xc20 [ 78.832431][ T5324] nilfs_page_mkwrite+0x8b0/0xc20 [ 78.832443][ T5324] ? do_page_mkwrite+0x14a/0x310 [ 78.832456][ T5324] ? __pfx_nilfs_page_mkwrite+0x10/0x10 [ 78.832470][ T5324] do_page_mkwrite+0x14a/0x310 [ 78.832485][ T5324] do_wp_page+0x2626/0x5760 [ 78.832496][ T5324] ? __lock_acquire+0xaac/0xd20 [ 78.832508][ T5324] ? __lock_acquire+0xaac/0xd20 [ 78.832521][ T5324] ? __pfx_do_wp_page+0x10/0x10 [ 78.832530][ T5324] ? do_raw_spin_lock+0x121/0x290 [ 78.832539][ T5324] ? __handle_mm_fault+0xf74/0x5380 [ 78.832549][ T5324] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 78.832560][ T5324] __handle_mm_fault+0x1028/0x5380 [ 78.832575][ T5324] ? __pfx___handle_mm_fault+0x10/0x10 [ 78.832590][ T5324] ? find_vma+0xe7/0x160 [ 78.832601][ T5324] ? __pfx_find_vma+0x10/0x10 [ 78.832610][ T5324] handle_mm_fault+0x3f6/0x8c0 [ 78.832618][ T5324] do_user_addr_fault+0x764/0x1390 [ 78.832627][ T5324] exc_page_fault+0x68/0x110 [ 78.832634][ T5324] asm_exc_page_fault+0x26/0x30 [ 78.832644][ T5324] RIP: 0010:__put_user_4+0xd/0x20 [ 78.832656][ T5324] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 78.832664][ T5324] RSP: 0018:ffffc900019efc98 EFLAGS: 00050202 [ 78.832673][ T5324] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000001038 [ 78.832681][ T5324] RDX: 0000000000000000 RSI: ffffffff8d933fdf RDI: ffffffff8bc1cde0 [ 78.832688][ T5324] RBP: ffffc900019efec0 R08: 0000000000000000 R09: 0000000000000000 [ 78.832695][ T5324] R10: 0000000000000000 R11: ffffffff820add20 R12: 0000200000001000 [ 78.832702][ T5324] R13: 0000000000040000 R14: 0000200000000900 R15: 000000000000001c [ 78.832711][ T5324] ? __might_fault+0xb0/0x130 [ 78.832726][ T5324] __sys_sendmmsg+0x25f/0x430 [ 78.832736][ T5324] ? __pfx___sys_sendmmsg+0x10/0x10 [ 78.832748][ T5324] ? rcu_is_watching+0x15/0xb0 [ 78.832757][ T5324] __x64_sys_sendmmsg+0xa0/0xc0 [ 78.832764][ T5324] do_syscall_64+0xf6/0x210 [ 78.832770][ T5324] ? clear_bhb_loop+0x45/0xa0 [ 78.832777][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.832783][ T5324] RIP: 0033:0x7fe00818e969 [ 78.832790][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.832795][ T5324] RSP: 002b:00007fe008fe7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 78.832802][ T5324] RAX: ffffffffffffffda RBX: 00007fe0083b5fa0 RCX: 00007fe00818e969 [ 78.832807][ T5324] RDX: 00000000040000cf RSI: 0000200000000900 RDI: 0000000000000007 [ 78.832812][ T5324] RBP: 00007fe008210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 78.832816][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.832820][ T5324] R13: 0000000000000000 R14: 00007fe0083b5fa0 R15: 00007ffca1c0b678 [ 78.832827][ T5324] [ 79.017251][ T5324] syz.0.0 (5324) used greatest stack depth: 19752 bytes left