last executing test programs: 589.831315ms ago: executing program 4 (id=310): epoll_create1(0x0) 589.146873ms ago: executing program 4 (id=314): fchmod(0xffffffffffffffff, 0x0) 540.437711ms ago: executing program 4 (id=318): timer_getoverrun(0x0) 539.85208ms ago: executing program 4 (id=322): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/kdamond_pid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/kdamond_pid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/kdamond_pid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/kdamond_pid', 0x800, 0x0) 476.407357ms ago: executing program 4 (id=327): acct(0x0) 462.169432ms ago: executing program 4 (id=331): rt_sigreturn() 332.551219ms ago: executing program 3 (id=341): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2', 0x800, 0x0) 312.926509ms ago: executing program 3 (id=345): syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbmon(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbmon(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$usbmon(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$usbmon(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$usbmon(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$usbmon(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$usbmon(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$usbmon(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$usbmon(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$usbmon(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$usbmon(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$usbmon(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$usbmon(&(0x7f0000000500), 0x4, 0x800) 234.963385ms ago: executing program 0 (id=348): syz_open_dev$sndhw(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x28, 0x800) 156.603993ms ago: executing program 0 (id=352): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ipv6host', 0x2, 0x0) 156.541251ms ago: executing program 2 (id=353): move_pages(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0) 156.276082ms ago: executing program 1 (id=354): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 143.728926ms ago: executing program 0 (id=355): get_mempolicy(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x0) 134.601598ms ago: executing program 3 (id=356): mknod(&(0x7f0000000000), 0x0, 0x0) 88.991792ms ago: executing program 2 (id=357): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vndbinder', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vndbinder', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vndbinder', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vndbinder', 0x800, 0x0) 88.870114ms ago: executing program 0 (id=358): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/mk_contexts', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/mk_contexts', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/mk_contexts', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/mk_contexts', 0x800, 0x0) 88.56065ms ago: executing program 1 (id=359): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qrtr-tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qrtr-tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qrtr-tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qrtr-tun', 0x800, 0x0) 88.492468ms ago: executing program 3 (id=360): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 88.414766ms ago: executing program 2 (id=361): statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 85.714709ms ago: executing program 0 (id=362): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/rm_contexts', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/rm_contexts', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/rm_contexts', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/rm_contexts', 0x800, 0x0) 80.482004ms ago: executing program 1 (id=363): socket$nl_generic(0x10, 0x3, 0x10) 75.200676ms ago: executing program 2 (id=364): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0) 16.991151ms ago: executing program 0 (id=365): socket$packet(0x11, 0x2, 0x300) 16.866925ms ago: executing program 1 (id=366): open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000), 0x0) 16.669863ms ago: executing program 3 (id=367): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats', 0x0, 0x0) 16.403515ms ago: executing program 2 (id=368): capset(&(0x7f0000000000), &(0x7f0000000000)) 16.344667ms ago: executing program 3 (id=369): fchdir(0xffffffffffffffff) 16.199833ms ago: executing program 1 (id=370): pkey_mprotect(0x0, 0x0, 0x0, 0xffffffffffffffff) 8.530675ms ago: executing program 2 (id=371): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0) 0s ago: executing program 1 (id=372): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mali0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mali0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mali0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mali0', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts. [ 55.219688][ T5214] cgroup: Unknown subsys name 'net' [ 55.327924][ T5214] cgroup: Unknown subsys name 'cpuset' [ 55.337357][ T5214] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 56.650805][ T5214] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.780602][ T5263] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.797609][ T5266] mmap: syz.0.27 (5266) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 61.461889][ T5611] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN PTI [ 61.475491][ T5611] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 61.484206][ T5611] CPU: 1 UID: 0 PID: 5611 Comm: syz.2.371 Not tainted 6.11.0-rc7-next-20240912-syzkaller #0 [ 61.494294][ T5611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 61.504633][ T5611] RIP: 0010:fuse_get_req+0x699/0xd40 [ 61.510139][ T5611] Code: 24 50 48 83 c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f5 d0 e9 fe 48 8b 1b 48 83 c3 58 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 d8 d0 e9 fe 48 8b 1b 81 e3 00 20 [ 61.530088][ T5611] RSP: 0018:ffffc900043274c0 EFLAGS: 00010202 [ 61.536204][ T5611] RAX: 000000000000000b RBX: 0000000000000058 RCX: ffffffff83149a52 [ 61.544207][ T5611] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88807c392030 [ 61.552216][ T5611] RBP: ffffc900043275e8 R08: ffff88807c392037 R09: 1ffff1100f872406 [ 61.560303][ T5611] R10: dffffc0000000000 R11: ffffed100f872407 R12: ffff88807c392000 [ 61.568388][ T5611] R13: dffffc0000000000 R14: ffff888020f54040 R15: ffff88807c392000 [ 61.576555][ T5611] FS: 0000555560925500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 61.585521][ T5611] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.592320][ T5611] CR2: 00007ffd9bc8be88 CR3: 0000000031d82000 CR4: 00000000003506f0 [ 61.600336][ T5611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.608687][ T5611] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.617298][ T5611] Call Trace: [ 61.620952][ T5611] [ 61.624186][ T5611] ? __die_body+0x5f/0xb0 [ 61.628907][ T5611] ? die_addr+0xb0/0xe0 [ 61.633213][ T5611] ? exc_general_protection+0x3dd/0x5d0 [ 61.638888][ T5611] ? asm_exc_general_protection+0x26/0x30 [ 61.644667][ T5611] ? fuse_get_req+0x602/0xd40 [ 61.649464][ T5611] ? fuse_get_req+0x699/0xd40 [ 61.654358][ T5611] ? __pfx_fuse_get_req+0x10/0x10 [ 61.659509][ T5611] fuse_simple_background+0x9d/0xb10 [ 61.664828][ T5611] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 61.670410][ T5611] cuse_channel_open+0x447/0x670 [ 61.675385][ T5611] ? __pfx_cuse_channel_open+0x10/0x10 [ 61.680974][ T5611] misc_open+0x2cc/0x340 [ 61.685254][ T5611] chrdev_open+0x521/0x600 [ 61.689709][ T5611] ? __pfx_apparmor_file_open+0x10/0x10 [ 61.695298][ T5611] ? __pfx_chrdev_open+0x10/0x10 [ 61.700620][ T5611] ? security_file_open+0x513/0x990 [ 61.706019][ T5611] ? __pfx_chrdev_open+0x10/0x10 [ 61.711042][ T5611] do_dentry_open+0x978/0x1460 [ 61.716456][ T5611] vfs_open+0x3e/0x330 [ 61.720556][ T5611] path_openat+0x2cb5/0x3b40 [ 61.725195][ T5611] ? mark_lock+0x9a/0x360 [ 61.729555][ T5611] ? __pfx_stack_trace_save+0x10/0x10 [ 61.734965][ T5611] ? __pfx_path_openat+0x10/0x10 [ 61.740020][ T5611] ? __lock_acquire+0x1384/0x2050 [ 61.745260][ T5611] do_filp_open+0x235/0x490 [ 61.749807][ T5611] ? __pfx_do_filp_open+0x10/0x10 [ 61.754887][ T5611] ? _raw_spin_unlock+0x28/0x50 [ 61.759775][ T5611] ? alloc_fd+0x5a1/0x640 [ 61.764306][ T5611] do_sys_openat2+0x13e/0x1d0 [ 61.769011][ T5611] ? __pfx_do_sys_openat2+0x10/0x10 [ 61.774415][ T5611] __x64_sys_openat+0x247/0x2a0 [ 61.779395][ T5611] ? __pfx___x64_sys_openat+0x10/0x10 [ 61.784807][ T5611] ? exc_page_fault+0x590/0x8c0 [ 61.789700][ T5611] ? do_syscall_64+0xb6/0x230 [ 61.794431][ T5611] do_syscall_64+0xf3/0x230 [ 61.798973][ T5611] ? clear_bhb_loop+0x35/0x90 [ 61.803774][ T5611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.810132][ T5611] RIP: 0033:0x7fde00f7def9 [ 61.814586][ T5611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.834563][ T5611] RSP: 002b:00007fff889957d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.843094][ T5611] RAX: ffffffffffffffda RBX: 00007fde01135f80 RCX: 00007fde00f7def9 [ 61.851263][ T5611] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 61.859354][ T5611] RBP: 00007fde00ff0b76 R08: 0000000000000000 R09: 0000000000000000 [ 61.867355][ T5611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.875435][ T5611] R13: 00007fde01135f80 R14: 00007fde01135f80 R15: 0000000000000b44 [ 61.883436][ T5611] [ 61.886567][ T5611] Modules linked in: [ 61.891071][ T5611] ---[ end trace 0000000000000000 ]--- [ 61.943208][ T5571] coredump: 73(syz.4.331): interrupted: fatal signal pending [ 61.952294][ T5611] RIP: 0010:fuse_get_req+0x699/0xd40 [ 61.953203][ T5388] coredump: 38(syz.4.153): interrupted: fatal signal pending [ 61.958146][ T5611] Code: 24 50 48 83 c3 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f5 d0 e9 fe 48 8b 1b 48 83 c3 58 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 d8 d0 e9 fe 48 8b 1b 81 e3 00 20 [ 61.984177][ T5571] coredump: 73(syz.4.331): written to core: VMAs: 17, size 53436416; core: 27799504 bytes, pos 39944192 [ 61.992432][ T5611] RSP: 0018:ffffc900043274c0 EFLAGS: 00010202 [ 61.998855][ T5388] coredump: 38(syz.4.153): written to core: VMAs: 17, size 53436416; core: 31162194 bytes, pos 43307008 [ 62.005792][ T5611] [ 62.045781][ T5611] RAX: 000000000000000b RBX: 0000000000000058 RCX: ffffffff83149a52 [ 62.064392][ T5611] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88807c392030 [ 62.072769][ T5611] RBP: ffffc900043275e8 R08: ffff88807c392037 R09: 1ffff1100f872406 [ 62.134232][ T5611] R10: dffffc0000000000 R11: ffffed100f872407 R12: ffff88807c392000 [ 62.160138][ T5611] R13: dffffc0000000000 R14: ffff888020f54040 R15: ffff88807c392000 [ 62.185208][ T5611] FS: 0000555560925500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 62.205708][ T5611] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.224209][ T5611] CR2: 00007f0f6ad36050 CR3: 0000000031d82000 CR4: 00000000003506f0 [ 62.232453][ T5611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.275041][ T5611] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.284037][ T5611] Kernel panic - not syncing: Fatal exception [ 62.290455][ T5611] Kernel Offset: disabled [ 62.294789][ T5611] Rebooting in 86400 seconds..