last executing test programs: 2.056120125s ago: executing program 1 (id=120): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/user', 0x2, 0x0) 2.001342588s ago: executing program 1 (id=125): mknodat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 2.000858922s ago: executing program 1 (id=129): syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x800) 1.933779535s ago: executing program 1 (id=137): mlock2(0x0, 0x0, 0x0) 1.933563066s ago: executing program 1 (id=140): accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 1.889124348s ago: executing program 1 (id=143): pause() 367.574883ms ago: executing program 0 (id=327): getpid() 350.888408ms ago: executing program 0 (id=330): ioprio_get$auto(0x0, 0x0) 293.036152ms ago: executing program 0 (id=336): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self', 0x800, 0x0) 258.978037ms ago: executing program 0 (id=339): execveat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 258.568907ms ago: executing program 0 (id=342): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng', 0x800, 0x0) 196.152813ms ago: executing program 0 (id=347): rt_sigreturn() 185.437922ms ago: executing program 4 (id=352): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/userio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio', 0x800, 0x0) 120.447925ms ago: executing program 3 (id=354): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pktcdvd/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pktcdvd/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/pktcdvd/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pktcdvd/control', 0x800, 0x0) 119.799697ms ago: executing program 4 (id=355): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/sw_sync', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/sw_sync', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/sw_sync', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/sw_sync', 0x800, 0x0) 119.694989ms ago: executing program 2 (id=356): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 119.597094ms ago: executing program 3 (id=357): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control', 0x800, 0x0) 119.437896ms ago: executing program 4 (id=358): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx', 0x800, 0x0) 119.256706ms ago: executing program 2 (id=359): syz_open_dev$hidraw(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$hidraw(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$hidraw(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$hidraw(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$hidraw(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$hidraw(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$hidraw(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$hidraw(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$hidraw(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$hidraw(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$hidraw(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$hidraw(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$hidraw(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$hidraw(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$hidraw(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$hidraw(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$hidraw(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$hidraw(&(0x7f0000000500), 0x4, 0x800) 107.98267ms ago: executing program 3 (id=360): copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 86.058052ms ago: executing program 2 (id=361): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/unconfined', 0x2, 0x0) 85.941377ms ago: executing program 3 (id=362): socket$inet6_dccp(0xa, 0x6, 0x0) 20.402372ms ago: executing program 3 (id=363): fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) 20.299743ms ago: executing program 2 (id=364): times(&(0x7f0000000000)) 20.232054ms ago: executing program 4 (id=365): syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$radio(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$radio(&(0x7f0000000100), 0x0, 0x800) 20.152685ms ago: executing program 4 (id=366): renameat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000)) 20.077566ms ago: executing program 2 (id=367): msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) 19.981342ms ago: executing program 3 (id=368): timerfd_create(0x0, 0x0) 9.706582ms ago: executing program 2 (id=369): open(&(0x7f0000000000), 0x0, 0x0) 0s ago: executing program 4 (id=370): socket$rds(0x15, 0x5, 0x0) 0s ago: executing program 3 (id=371): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts. [ 50.115308][ T5214] cgroup: Unknown subsys name 'net' [ 50.247108][ T5214] cgroup: Unknown subsys name 'cpuset' [ 50.255435][ T5214] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 51.662366][ T5214] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.581428][ T5391] mmap: syz.0.157 (5391) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 55.048771][ T5454] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 55.176510][ T5468] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 56.396968][ T5608] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN PTI [ 56.409717][ T5608] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 56.418251][ T5608] CPU: 1 UID: 0 PID: 5608 Comm: syz.3.371 Not tainted 6.11.0-rc7-next-20240913-syzkaller #0 [ 56.428337][ T5608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 56.438451][ T5608] RIP: 0010:fuse_get_req+0x699/0xd40 [ 56.443755][ T5608] Code: 24 50 48 83 c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d5 d1 e9 fe 48 8b 1b 48 83 c3 58 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 b8 d1 e9 fe 48 8b 1b 81 e3 00 20 [ 56.463655][ T5608] RSP: 0018:ffffc900045df4c0 EFLAGS: 00010202 [ 56.469807][ T5608] RAX: 000000000000000b RBX: 0000000000000058 RCX: ffffffff8314a332 [ 56.477860][ T5608] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888079da9030 [ 56.486167][ T5608] RBP: ffffc900045df5e8 R08: ffff888079da9037 R09: 1ffff1100f3b5206 [ 56.494162][ T5608] R10: dffffc0000000000 R11: ffffed100f3b5207 R12: ffff888079da9000 [ 56.502390][ T5608] R13: dffffc0000000000 R14: ffff88807b0b2840 R15: ffff888079da9000 [ 56.510354][ T5608] FS: 000055556f021500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 56.519359][ T5608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.525930][ T5608] CR2: 00007f6407d07040 CR3: 000000002f65c000 CR4: 00000000003506f0 [ 56.534075][ T5608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.542379][ T5608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.550337][ T5608] Call Trace: [ 56.553698][ T5608] [ 56.556621][ T5608] ? __die_body+0x5f/0xb0 [ 56.560944][ T5608] ? die_addr+0xb0/0xe0 [ 56.565094][ T5608] ? exc_general_protection+0x3dd/0x5d0 [ 56.570725][ T5608] ? asm_exc_general_protection+0x26/0x30 [ 56.576526][ T5608] ? fuse_get_req+0x602/0xd40 [ 56.581216][ T5608] ? fuse_get_req+0x699/0xd40 [ 56.585980][ T5608] ? __pfx_fuse_get_req+0x10/0x10 [ 56.591100][ T5608] fuse_simple_background+0x9d/0xb10 [ 56.596563][ T5608] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 56.602103][ T5608] cuse_channel_open+0x447/0x670 [ 56.607036][ T5608] ? __pfx_cuse_channel_open+0x10/0x10 [ 56.612573][ T5608] misc_open+0x2cc/0x340 [ 56.616805][ T5608] chrdev_open+0x521/0x600 [ 56.621213][ T5608] ? __pfx_apparmor_file_open+0x10/0x10 [ 56.627122][ T5608] ? __pfx_chrdev_open+0x10/0x10 [ 56.632139][ T5608] ? security_file_open+0x513/0x990 [ 56.637608][ T5608] ? __pfx_chrdev_open+0x10/0x10 [ 56.642552][ T5608] do_dentry_open+0x978/0x1460 [ 56.647497][ T5608] vfs_open+0x3e/0x330 [ 56.651592][ T5608] path_openat+0x2cb5/0x3b40 [ 56.656187][ T5608] ? mark_lock+0x9a/0x360 [ 56.660505][ T5608] ? __pfx_stack_trace_save+0x10/0x10 [ 56.665877][ T5608] ? __pfx_path_openat+0x10/0x10 [ 56.670800][ T5608] ? __lock_acquire+0x1384/0x2050 [ 56.675883][ T5608] do_filp_open+0x235/0x490 [ 56.680480][ T5608] ? __pfx_do_filp_open+0x10/0x10 [ 56.685510][ T5608] ? _raw_spin_unlock+0x28/0x50 [ 56.690359][ T5608] ? alloc_fd+0x5a1/0x640 [ 56.694692][ T5608] do_sys_openat2+0x13e/0x1d0 [ 56.699797][ T5608] ? __pfx_do_sys_openat2+0x10/0x10 [ 56.705105][ T5608] __x64_sys_openat+0x247/0x2a0 [ 56.710169][ T5608] ? __pfx___x64_sys_openat+0x10/0x10 [ 56.715561][ T5608] ? exc_page_fault+0x590/0x8c0 [ 56.720505][ T5608] ? do_syscall_64+0xb6/0x230 [ 56.725195][ T5608] do_syscall_64+0xf3/0x230 [ 56.729800][ T5608] ? clear_bhb_loop+0x35/0x90 [ 56.734500][ T5608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.740504][ T5608] RIP: 0033:0x7f6407d7def9 [ 56.745005][ T5608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.764949][ T5608] RSP: 002b:00007ffc1212f3b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 56.773473][ T5608] RAX: ffffffffffffffda RBX: 00007f6407f35f80 RCX: 00007f6407d7def9 [ 56.781543][ T5608] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 56.789510][ T5608] RBP: 00007f6407df0b76 R08: 0000000000000000 R09: 0000000000000000 [ 56.797664][ T5608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.805638][ T5608] R13: 00007f6407f35f80 R14: 00007f6407f35f80 R15: 0000000000000b44 [ 56.813698][ T5608] [ 56.816706][ T5608] Modules linked in: [ 56.820677][ C1] vkms_vblank_simulate: vblank timer overrun [ 56.827353][ T5608] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 56.938712][ T5608] RIP: 0010:fuse_get_req+0x699/0xd40 [ 56.944589][ T5283] coredump: 11(syz.1.47): interrupted: fatal signal pending [ 56.963574][ T5283] coredump: 11(syz.1.47): written to core: VMAs: 17, size 53436416; core: 38604626 bytes, pos 50753536 [ 56.999269][ T5583] coredump: 88(syz.0.347): interrupted: fatal signal pending [ 57.010639][ T5608] Code: 24 50 48 83 c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d5 d1 e9 fe 48 8b 1b 48 83 c3 58 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 b8 d1 e9 fe 48 8b 1b 81 e3 00 20 [ 57.019344][ T5583] coredump: 88(syz.0.347): written to core: VMAs: 17, size 53436416; core: 11382736 bytes, pos 23527424 [ 57.064493][ T5608] RSP: 0018:ffffc900045df4c0 EFLAGS: 00010202 [ 57.070632][ T5608] RAX: 000000000000000b RBX: 0000000000000058 RCX: ffffffff8314a332 [ 57.103849][ T5608] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888079da9030 [ 57.133918][ T5608] RBP: ffffc900045df5e8 R08: ffff888079da9037 R09: 1ffff1100f3b5206 [ 57.141957][ T5608] R10: dffffc0000000000 R11: ffffed100f3b5207 R12: ffff888079da9000 [ 57.154774][ T5608] R13: dffffc0000000000 R14: ffff88807b0b2840 R15: ffff888079da9000 [ 57.162995][ T5608] FS: 000055556f021500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 57.172833][ T5608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.179857][ T5608] CR2: 00007ffe58badfe8 CR3: 000000002f65c000 CR4: 00000000003506f0 [ 57.188641][ T5608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.197007][ T5608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.205422][ T5608] Kernel panic - not syncing: Fatal exception [ 57.212195][ T5608] Kernel Offset: disabled [ 57.216507][ T5608] Rebooting in 86400 seconds..