Extracting prog: 46.149902789s
Minimizing prog: 19m27.156004717s
Simplifying prog options: 0s
Extracting C: 24.438867311s
Simplifying C: 7m15.986320188s


extracting reproducer from 38 programs
testing a last program of every proc
single: executing 8 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-syz_init_net_socket$nl_generic-sendmsg$NLBL_CIPSOV4_C_ADD-ioctl$DRM_IOCTL_CONTROL-prlimit64-openat$zero-ioctl$DRM_IOCTL_AGP_ALLOC-ioctl$DRM_IOCTL_SG_ALLOC
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, r4, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x3c, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x20b53d97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3952887f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x44d472db}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xa60ebf0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x73b9fb97}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24048804}, 0x840)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000c80)={0x0, 0xbe42})
prlimit64(0xffffffffffffffff, 0x0, &(0x7f0000000cc0)={0x8, 0x401}, &(0x7f0000000d00))
r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000d40), 0x100, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000d80)={0x40, <r10=>0x0, 0x2})
ioctl$DRM_IOCTL_SG_ALLOC(r9, 0xc0106438, &(0x7f0000000dc0)={0x4, r10})

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
single: successfully extracted reproducer
found reproducer with 30 syscalls
minimizing guilty program
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-syz_init_net_socket$nl_generic-sendmsg$NLBL_CIPSOV4_C_ADD-ioctl$DRM_IOCTL_CONTROL-prlimit64-openat$zero-ioctl$DRM_IOCTL_AGP_ALLOC
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, r4, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x3c, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x20b53d97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3952887f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x44d472db}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xa60ebf0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x73b9fb97}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24048804}, 0x840)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000c80)={0x0, 0xbe42})
prlimit64(0xffffffffffffffff, 0x0, &(0x7f0000000cc0)={0x8, 0x401}, &(0x7f0000000d00))
openat$zero(0xffffffffffffff9c, &(0x7f0000000d40), 0x100, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000d80)={0x40, 0x0, 0x2})

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-syz_init_net_socket$nl_generic-sendmsg$NLBL_CIPSOV4_C_ADD-ioctl$DRM_IOCTL_CONTROL-prlimit64-openat$zero
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, r4, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x3c, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x20b53d97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3952887f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x44d472db}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xa60ebf0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x73b9fb97}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24048804}, 0x840)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000c80)={0x0, 0xbe42})
prlimit64(0xffffffffffffffff, 0x0, &(0x7f0000000cc0)={0x8, 0x401}, &(0x7f0000000d00))
openat$zero(0xffffffffffffff9c, &(0x7f0000000d40), 0x100, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-syz_init_net_socket$nl_generic-sendmsg$NLBL_CIPSOV4_C_ADD-ioctl$DRM_IOCTL_CONTROL-prlimit64
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, r4, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x3c, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x20b53d97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3952887f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x44d472db}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xa60ebf0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x73b9fb97}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24048804}, 0x840)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000c80)={0x0, 0xbe42})
prlimit64(0xffffffffffffffff, 0x0, &(0x7f0000000cc0)={0x8, 0x401}, &(0x7f0000000d00))

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-syz_init_net_socket$nl_generic-sendmsg$NLBL_CIPSOV4_C_ADD-ioctl$DRM_IOCTL_CONTROL
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, r4, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x3c, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x20b53d97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3952887f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x44d472db}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xa60ebf0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x73b9fb97}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24048804}, 0x840)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000c80)={0x0, 0xbe42})

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-syz_init_net_socket$nl_generic-sendmsg$NLBL_CIPSOV4_C_ADD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x54, r4, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x3c, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x20b53d97}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3952887f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x44d472db}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xa60ebf0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x73b9fb97}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x24048804}, 0x840)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-syz_init_net_socket$nl_generic
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b00)={0x5, &(0x7f0000000ac0)=[{0x7, 0x7f, 0x4, 0x4}, {0xba3, 0xcf, 0x7, 0xfffffff9}, {0x8, 0x40, 0x3, 0x7}, {0xfff9, 0x6, 0x6, 0xb}, {0x400, 0xf4, 0xff, 0x5}]})

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='xprt_retransmit\x00', r1, 0x0, 0x4}, 0x18)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD-close_range
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00)={0x0, 0x0, <r7=>0xffffffffffffffff})
close_range(r1, r7, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP-ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000a00))

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET-ioctl$GIO_CMAP
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000009c0))

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc-sendmsg$SMC_PNETID_GET
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
r6 = syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD-syz_genetlink_get_family_id$smc
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)
syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r2)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-syz_open_dev$loop
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)

program did not crash
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-write$selinux_load-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
write$selinux_load(r0, &(0x7f00000007c0)={0xf97cff8c, 0x8, 'SE Linux', "2a4fd9afcb0cdeecadf642c84f509827e8625044bdcc138032f99fa2e0b8765842e51054d324ff2d2dac78c3eb729d047913f2c81ac06a3aaca6ff150a1ff095e12bad3b2951052c051426d4c69cd01b79356f"}, 0x63)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r1)

program did not crash
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_LISTALL-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000780)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000440)={0x2d0, r4, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x58, 0x8, 0x0, 0x1, [{0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74ff85b6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d81c593}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x656498c0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4f59d27a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xadc6849}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x68, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x46152237}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xad63}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0c3}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3b26b432}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8f57dae}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa33c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4240975b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x938e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7c98}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2080}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x34, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b6a20b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3846fdc1}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d8667b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7dd6cb7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4b95}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x17c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbfd3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x276ed53f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41953a90}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5a86}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db29b77}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38fc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xed066f4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xae22608}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38467649}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x55a24e1c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49866123}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc902}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7408}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2391}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa3f7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8e9523d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30727426}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15f095ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6753866f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3f9259e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x618c257b}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9390}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74d9a2ee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1019d05f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65bc}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53a8781}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd218}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1f984021}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8275d5b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5d4a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5353}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcdf0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a410788}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e06a57e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2d86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x58c0}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637822de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x582}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x202c5554}]}]}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040040)
r5 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r5, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000400), 0xffffffffffffffff)
r3 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_init_net_socket$nl_generic-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_emit_vhci-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0xc1}, 0x2)
r3 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-ioctl$VHOST_VDPA_GET_IOVA_RANGE-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r2, 0x8010af78, &(0x7f0000000340))
r3 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-mmap-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r2, 0x5dd28000)
r3 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r2, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-ioctl$DRM_IOCTL_WAIT_VBLANK-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0xb, 0x6b8})
r2 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r2, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r2, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-write$selinux_load-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
write$selinux_load(r0, &(0x7f0000000240)={0xf97cff8c, 0x8, 'SE Linux', "4e8f2f16165e3bf78f1d4a"}, 0x1b)
r1 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r1, 0x4c00, 0xffffffffffffffff)

program did not crash
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-sendmsg$NL80211_CMD_GET_SCAN-openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x401, 0x20}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r2, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-sendmsg$RDMA_NLDEV_CMD_SET-openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1402, 0x100, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20400c4}, 0x800)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r2, 0x4c00, r1)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$audion-openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
syz_open_dev$audion(&(0x7f0000000000), 0xc8, 0x80083)
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000840), 0x8, 0x81)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

program did not crash
testing program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
detailed listing:
executing program 0:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$loop(0x0, 0x8, 0x81)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

program did not crash
extracting C reproducer
testing compiled C program (duration=30.681073641s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
simplifying C reproducer
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program did not crash
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
testing compiled C program (duration=30.681073641s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$selinux_policy-syz_open_dev$loop-ioctl$LOOP_SET_FD
program crashed: BUG: unable to handle kernel NULL pointer dereference in lo_rw_aio
reproducing took 27m53.731117336s
repro crashed as (corrupted=false):
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 0 P4D 0 
Oops: Oops: 0010 [#1] SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: loop8 loop_rootcg_workfn
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90000107a38 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffff8beceec0 RCX: ffffffff86084265
RDX: 1ffffffff17d9ddd RSI: ffffc90000107b28 RDI: ffff8880264c0128
RBP: ffff8880264c0128 R08: 0000000000000005 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000002be0 R12: ffffc90000107b28
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880d6ab2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000287f6000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lo_rw_aio.isra.0+0x9c2/0xd90 drivers/block/loop.c:393
 do_req_filebacked drivers/block/loop.c:424 [inline]
 loop_handle_cmd drivers/block/loop.c:1866 [inline]
 loop_process_work+0x8a4/0x10d0 drivers/block/loop.c:1901
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90000107a38 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffff8beceec0 RCX: ffffffff86084265
RDX: 1ffffffff17d9ddd RSI: ffffc90000107b28 RDI: ffff8880264c0128
RBP: ffff8880264c0128 R08: 0000000000000005 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000002be0 R12: ffffc90000107b28
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880d6ab2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000287f6000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

final repro crashed as (corrupted=false):
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 0 P4D 0 
Oops: Oops: 0010 [#1] SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: loop8 loop_rootcg_workfn
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90000107a38 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffff8beceec0 RCX: ffffffff86084265
RDX: 1ffffffff17d9ddd RSI: ffffc90000107b28 RDI: ffff8880264c0128
RBP: ffff8880264c0128 R08: 0000000000000005 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000002be0 R12: ffffc90000107b28
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880d6ab2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000287f6000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lo_rw_aio.isra.0+0x9c2/0xd90 drivers/block/loop.c:393
 do_req_filebacked drivers/block/loop.c:424 [inline]
 loop_handle_cmd drivers/block/loop.c:1866 [inline]
 loop_process_work+0x8a4/0x10d0 drivers/block/loop.c:1901
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90000107a38 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffff8beceec0 RCX: ffffffff86084265
RDX: 1ffffffff17d9ddd RSI: ffffc90000107b28 RDI: ffff8880264c0128
RBP: ffff8880264c0128 R08: 0000000000000005 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000002be0 R12: ffffc90000107b28
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880d6ab2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000287f6000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400