last executing test programs: 204.437465ms ago: executing program 1 (id=103): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0', 0x800, 0x0) 203.599004ms ago: executing program 1 (id=105): pkey_mprotect(0x0, 0x0, 0x0, 0xffffffffffffffff) 141.400051ms ago: executing program 1 (id=108): sync() 140.843861ms ago: executing program 0 (id=110): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/socket/zygote', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/socket/zygote', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/socket/zygote', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/socket/zygote', 0x800, 0x0) 84.670348ms ago: executing program 0 (id=112): socket$vsock_stream(0x28, 0x1, 0x0) 84.269948ms ago: executing program 2 (id=114): syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x800) 84.199518ms ago: executing program 0 (id=115): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1', 0x2, 0x0) 84.023712ms ago: executing program 2 (id=116): exit_group(0x0) 82.666966ms ago: executing program 2 (id=117): statfs(&(0x7f0000000000), &(0x7f0000000000)) 21.990542ms ago: executing program 1 (id=118): finit_module(0xffffffffffffffff, &(0x7f0000000000), 0x0) 21.601618ms ago: executing program 1 (id=119): getrusage(0x0, &(0x7f0000000000)) 21.369817ms ago: executing program 0 (id=120): epoll_create1(0x0) 21.096559ms ago: executing program 2 (id=121): faccessat2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 20.910777ms ago: executing program 1 (id=122): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/renderD128', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128', 0x800, 0x0) 20.680856ms ago: executing program 2 (id=123): personality(0x0) 18.350135ms ago: executing program 0 (id=124): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmci', 0x2, 0x0) 2.862442ms ago: executing program 2 (id=126): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp1', 0x800, 0x0) 0s ago: executing program 0 (id=127): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status', 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:61682' (ED25519) to the list of known hosts. syzkaller login: [ 64.953730][ T5802] cgroup: Unknown subsys name 'net' [ 65.065290][ T5802] cgroup: Unknown subsys name 'cpuset' [ 65.072024][ T5802] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.538768][ T5802] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 74.652274][ T5952] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] SMP KASAN PTI [ 74.656687][ T5952] KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] [ 74.661769][ T5952] CPU: 1 UID: 0 PID: 5952 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 74.665803][ T5952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 74.669387][ T5952] RIP: 0010:copy_creds+0x473/0xd10 [ 74.671104][ T5952] Code: 6a 8b e8 a0 76 0f 00 48 c7 c7 e0 cd 13 8e 48 89 de e8 81 5c 0f 00 e8 6c 01 19 00 ba 01 00 00 00 4c 89 f7 31 f6 e8 6d 99 00 00 <41> 80 7c 24 12 00 74 0a bf 90 00 00 00 e8 eb bc 97 00 4c 8b 34 25 [ 74.677631][ T5952] RSP: 0018:ffffc900045d7938 EFLAGS: 00010286 [ 74.679761][ T5952] RAX: 0000000000000131 RBX: ffffffff818e8499 RCX: ffff88810d1ad700 [ 74.682660][ T5952] RDX: 0000000000000000 RSI: 7fffffffffffffff RDI: 0000000000000131 [ 74.685683][ T5952] RBP: 0000000000000001 R08: ffffffff8dfef75f R09: 1ffffffff1bfdeeb [ 74.688761][ T5952] R10: dffffc0000000000 R11: fffffbfff1bfdeec R12: dffffc0000000000 [ 74.691860][ T5952] R13: 0000000000010000 R14: ffffffff8dfef6c0 R15: 1ffff110216064bd [ 74.694646][ T5952] FS: 000055558d65c500(0000) GS:ffff8882a9d02000(0000) knlGS:0000000000000000 [ 74.698034][ T5952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.700458][ T5952] CR2: 00007fd1e15c36f0 CR3: 000000011b786000 CR4: 00000000000006f0 [ 74.703639][ T5952] Call Trace: [ 74.704972][ T5952] [ 74.706060][ T5952] copy_process+0x964/0x3c00 [ 74.707530][ T5952] ? __might_fault+0xb0/0x130 [ 74.709247][ T5952] ? __pfx_copy_process+0x10/0x10 [ 74.710996][ T5952] kernel_clone+0x21e/0x840 [ 74.712578][ T5952] ? __pfx_kernel_clone+0x10/0x10 [ 74.714564][ T5952] ? __handle_mm_fault+0x37b8/0x5400 [ 74.716667][ T5952] ? css_rstat_updated+0x23a/0x4f0 [ 74.718315][ T5952] __se_sys_clone3+0x256/0x2d0 [ 74.719785][ T5952] ? __pfx___se_sys_clone3+0x10/0x10 [ 74.721435][ T5952] ? count_memcg_event_mm+0x21/0x260 [ 74.723180][ T5952] ? do_user_addr_fault+0xc85/0x1380 [ 74.724944][ T5952] ? do_syscall_64+0xbe/0xfa0 [ 74.726618][ T5952] do_syscall_64+0xfa/0xfa0 [ 74.728240][ T5952] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.729694][ T5952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.731510][ T5952] ? exc_page_fault+0xab/0x100 [ 74.733309][ T5952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.735472][ T5952] RIP: 0033:0x7fd1e15c3709 [ 74.737190][ T5952] Code: d6 08 00 48 8d 3d bc d6 08 00 e8 02 29 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 74.743932][ T5952] RSP: 002b:00007fff0ae99118 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 74.746991][ T5952] RAX: ffffffffffffffda RBX: 00007fd1e1545b10 RCX: 00007fd1e15c3709 [ 74.750458][ T5952] RDX: 00007fd1e1545b10 RSI: 0000000000000058 RDI: 00007fff0ae99160 [ 74.753597][ T5952] RBP: 00007fd1e13ff6c0 R08: 00007fd1e13ff6c0 R09: 00007fff0ae99247 [ 74.756711][ T5952] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffa8 [ 74.759865][ T5952] R13: 0000000000000009 R14: 00007fff0ae99160 R15: 00007fff0ae99248 [ 74.762973][ T5952] [ 74.764213][ T5952] Modules linked in: [ 74.766019][ T5952] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 74.815893][ T5952] RIP: 0010:copy_creds+0x473/0xd10 [ 74.817948][ T5952] Code: 6a 8b e8 a0 76 0f 00 48 c7 c7 e0 cd 13 8e 48 89 de e8 81 5c 0f 00 e8 6c 01 19 00 ba 01 00 00 00 4c 89 f7 31 f6 e8 6d 99 00 00 <41> 80 7c 24 12 00 74 0a bf 90 00 00 00 e8 eb bc 97 00 4c 8b 34 25 [ 74.825864][ T5952] RSP: 0018:ffffc900045d7938 EFLAGS: 00010286 [ 74.828267][ T5952] RAX: 0000000000000131 RBX: ffffffff818e8499 RCX: ffff88810d1ad700 [ 74.832695][ T5952] RDX: 0000000000000000 RSI: 7fffffffffffffff RDI: 0000000000000131 [ 74.835977][ T5952] RBP: 0000000000000001 R08: ffffffff8dfef75f R09: 1ffffffff1bfdeeb [ 74.839004][ T5952] R10: dffffc0000000000 R11: fffffbfff1bfdeec R12: dffffc0000000000 [ 74.842925][ T5952] R13: 0000000000010000 R14: ffffffff8dfef6c0 R15: 1ffff110216064bd [ 74.846137][ T5952] FS: 000055558d65c500(0000) GS:ffff8882a9d02000(0000) knlGS:0000000000000000 [ 74.849528][ T5952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.852319][ T5952] CR2: 00007fed5f717d60 CR3: 000000011b786000 CR4: 00000000000006f0 [ 74.856788][ T5952] Kernel panic - not syncing: Fatal exception [ 74.859900][ T5952] Kernel Offset: disabled [ 74.861635][ T5952] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:11:24 Registers: info registers vcpu 0 CPU#0 RAX=1ffffffff1b41bba RBX=0000000000000000 RCX=78257833e6d95100 RDX=0000000000000000 RSI=ffffffff8bc072c0 RDI=ffffffff8bc07280 RBP=ffffffff8173cd25 RSP=ffffc900000075f8 R8 =0000000000000000 R9 =0000000000000000 R10=ffffc900000077d8 R11=ffffffff81acade0 R12=0000000000000002 R13=ffffffff8e13cde0 R14=ffffffff8da0ddd0 R15=dffffc0000000000 RIP=ffffffff81a6cf1a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f47e3fcac80 ffffffff 00c00000 GS =0000 ffff88818e702000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055e3cd78f958 CR3=0000000113c9c000 CR4=000006f0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000 XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000 XMM04=0000ffff000000ff 0000000000000000 XMM05=0000000000000021 0000000000005f66 XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000 XMM08=ffffffffffffff00 ffffffffffff0000 XMM09=6174735f64616f6c 66666f5f74665f66 XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000 XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000 XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=1ffffffff33a4c60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=0000000000000000 RDI=0000000000000020 RBP=ffffffff99d26290 RSP=ffffc900045d7070 R8 =ffff888169f80237 R9 =1ffff1102d3f0046 R10=dffffc0000000000 R11=ffffffff851c89c0 R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99d26000 R15=0000000000000000 RIP=ffffffff851c8a37 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055558d65c500 ffffffff 00c00000 GS =0000 ffff8882a9d02000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd1e15c36f0 CR3=000000011b786000 CR4=000006f0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000 XMM02=00007fd1e17b7498 00007fd1e17b7470 XMM03=00007fd1e17b74a8 00007fd1e17b74a0 XMM04=00007fd1e231d100 00007fd1e17b7460 XMM05=00007fd1e17b7478 00007fd1e17b74c0 XMM06=00007fd1e17b74b8 00007fd1e17b74b0 XMM07=00007fd1e17b74a8 00007fd1e17b74a0 XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000 XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000 XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000 XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000