last executing test programs: 1.525107464s ago: executing program 1 (id=283): uname(&(0x7f0000000000)) 1.524112538s ago: executing program 1 (id=288): socket$inet(0x2, 0x1, 0x0) 1.503706815s ago: executing program 1 (id=290): socket$isdn(0x22, 0x3, 0x0) 1.436984592s ago: executing program 1 (id=295): setns(0xffffffffffffffff, 0x0) 1.436545897s ago: executing program 1 (id=299): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 1.36506989s ago: executing program 1 (id=303): pause() 316.272781ms ago: executing program 2 (id=420): newfstatat(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000000), 0x0) 303.990263ms ago: executing program 2 (id=424): socket$inet6_tcp(0xa, 0x1, 0x0) 233.259263ms ago: executing program 2 (id=426): socket$phonet(0x23, 0x2, 0x1) 232.78158ms ago: executing program 2 (id=430): socket$hf(0x13, 0x2, 0x0) 214.139382ms ago: executing program 3 (id=433): socket$igmp(0x2, 0x3, 0x2) 207.326214ms ago: executing program 4 (id=434): map_shadow_stack(0x0, 0x0, 0x0) 141.035504ms ago: executing program 0 (id=435): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x28, 0x800) 140.82983ms ago: executing program 3 (id=436): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock', 0x800, 0x0) 140.654012ms ago: executing program 4 (id=437): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter', 0x800, 0x0) 140.552465ms ago: executing program 3 (id=438): setresgid(0x0, 0x0, 0x0) 135.156777ms ago: executing program 4 (id=439): shmdt(0x0) 131.751183ms ago: executing program 0 (id=440): rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000000)) 73.004205ms ago: executing program 3 (id=441): fsmount(0xffffffffffffffff, 0x0, 0x0) 72.925783ms ago: executing program 4 (id=442): writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) 72.847637ms ago: executing program 0 (id=443): syz_open_dev$media(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$media(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$media(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$media(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$media(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$media(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$media(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$media(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$media(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$media(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$media(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$media(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$media(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$media(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$media(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$media(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$media(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$media(&(0x7f0000000500), 0x4, 0x800) 72.701069ms ago: executing program 3 (id=444): clock_nanosleep(0x0, 0x0, &(0x7f0000000000), 0x0) 72.633789ms ago: executing program 4 (id=445): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/revoke-subject', 0x2, 0x0) 71.460816ms ago: executing program 2 (id=446): exit(0x0) 59.940775ms ago: executing program 3 (id=447): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot', 0x800, 0x0) 54.914126ms ago: executing program 0 (id=448): syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsa(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsa(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsa(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsa(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsa(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsa(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsa(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsa(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsa(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsa(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsa(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsa(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsa(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsa(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsa(&(0x7f0000000500), 0x4, 0x800) 5.14493ms ago: executing program 4 (id=449): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0) 4.92668ms ago: executing program 2 (id=450): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa', 0x800, 0x0) 4.798719ms ago: executing program 0 (id=451): socket$nl_netfilter(0x10, 0x3, 0xc) 0s ago: executing program 0 (id=452): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x14) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. [ 65.798613][ T5824] cgroup: Unknown subsys name 'net' [ 65.888398][ T5824] cgroup: Unknown subsys name 'cpuset' [ 65.896707][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.272738][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.509443][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.521928][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.693046][ T6247] mmap: syz.4.388 (6247) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 73.358577][ T6310] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000046: 0000 [#1] SMP KASAN PTI [ 73.371150][ T6310] KASAN: null-ptr-deref in range [0x0000000000000230-0x0000000000000237] [ 73.379861][ T6310] CPU: 1 UID: 0 PID: 6310 Comm: syz.4.449 Not tainted syzkaller #0 PREEMPT(full) [ 73.389333][ T6310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 73.400365][ T6310] RIP: 0010:fuse_dev_alloc_install+0x39/0x80 [ 73.407166][ T6310] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 8f 2a 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 3c 75 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30 [ 73.427838][ T6310] RSP: 0018:ffffc90004ef7710 EFLAGS: 00010202 [ 73.434438][ T6310] RAX: 0000000000000046 RBX: ffff88807629be00 RCX: dffffc0000000000 [ 73.443909][ T6310] RDX: 0000000000000000 RSI: ffffffff8dfd4824 RDI: 0000000000000230 [ 73.452082][ T6310] RBP: ffff88802908ce90 R08: ffffffff90333df7 R09: 1ffffffff20667be [ 73.460414][ T6310] R10: dffffc0000000000 R11: fffffbfff20667bf R12: ffff88802bfa7040 [ 73.468794][ T6310] R13: ffff88802bfa7010 R14: 0000000000000000 R15: ffff88802bfa7000 [ 73.477038][ T6310] FS: 0000555557aa8500(0000) GS:ffff888125321000(0000) knlGS:0000000000000000 [ 73.487201][ T6310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.494056][ T6310] CR2: 00007fe1b2f81ff8 CR3: 000000007d4cc000 CR4: 00000000003526f0 [ 73.502401][ T6310] Call Trace: [ 73.506128][ T6310] [ 73.509649][ T6310] cuse_channel_open+0x107/0x7c0 [ 73.514698][ T6310] ? __pfx_cuse_channel_open+0x10/0x10 [ 73.520555][ T6310] misc_open+0x2d5/0x350 [ 73.525015][ T6310] chrdev_open+0x4cd/0x5e0 [ 73.529544][ T6310] ? __pfx_chrdev_open+0x10/0x10 [ 73.534585][ T6310] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 73.541195][ T6310] ? __pfx_chrdev_open+0x10/0x10 [ 73.546510][ T6310] do_dentry_open+0x785/0x14e0 [ 73.551822][ T6310] vfs_open+0x3b/0x340 [ 73.556091][ T6310] ? path_openat+0x2df0/0x3860 [ 73.561045][ T6310] path_openat+0x2e08/0x3860 [ 73.565873][ T6310] ? __pfx_stack_trace_save+0x10/0x10 [ 73.571530][ T6310] ? stack_depot_save_flags+0x33/0x810 [ 73.577107][ T6310] ? __pfx_path_openat+0x10/0x10 [ 73.582080][ T6310] ? __x64_sys_openat+0x138/0x170 [ 73.587231][ T6310] ? __lock_acquire+0x6b5/0x2cf0 [ 73.592191][ T6310] do_file_open+0x23e/0x4a0 [ 73.597076][ T6310] ? __pfx_do_file_open+0x10/0x10 [ 73.602386][ T6310] ? _raw_spin_unlock+0x28/0x50 [ 73.607256][ T6310] ? alloc_fd+0x64b/0x6c0 [ 73.611611][ T6310] do_sys_openat2+0x113/0x200 [ 73.616307][ T6310] ? __pfx_do_sys_openat2+0x10/0x10 [ 73.621612][ T6310] ? exc_page_fault+0x6a/0xc0 [ 73.626840][ T6310] ? do_user_addr_fault+0xc6f/0x1340 [ 73.632232][ T6310] __x64_sys_openat+0x138/0x170 [ 73.637224][ T6310] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.643575][ T6310] do_syscall_64+0x15f/0xf80 [ 73.648357][ T6310] ? trace_irq_disable+0x3b/0x140 [ 73.653577][ T6310] ? clear_bhb_loop+0x40/0x90 [ 73.658544][ T6310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.664799][ T6310] RIP: 0033:0x7f2d65d9c819 [ 73.669431][ T6310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 73.690267][ T6310] RSP: 002b:00007ffd875eab48 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 73.698872][ T6310] RAX: ffffffffffffffda RBX: 00007f2d66015fa0 RCX: 00007f2d65d9c819 [ 73.707462][ T6310] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 73.715427][ T6310] RBP: 00007f2d65e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 73.723733][ T6310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.732133][ T6310] R13: 00007f2d66015fac R14: 00007f2d66015fa0 R15: 00007f2d66015fa0 [ 73.740396][ T6310] [ 73.743582][ T6310] Modules linked in: [ 73.747781][ T6310] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 73.949432][ T6310] RIP: 0010:fuse_dev_alloc_install+0x39/0x80 [ 73.955657][ T6310] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 8f 2a 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 3c 75 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30 [ 73.977012][ T6310] RSP: 0018:ffffc90004ef7710 EFLAGS: 00010202 [ 73.983316][ T6310] RAX: 0000000000000046 RBX: ffff88807629be00 RCX: dffffc0000000000 [ 74.017740][ T6310] RDX: 0000000000000000 RSI: ffffffff8dfd4824 RDI: 0000000000000230 [ 74.026581][ T6310] RBP: ffff88802908ce90 R08: ffffffff90333df7 R09: 1ffffffff20667be [ 74.035231][ T6310] R10: dffffc0000000000 R11: fffffbfff20667bf R12: ffff88802bfa7040 [ 74.044018][ T6310] R13: ffff88802bfa7010 R14: 0000000000000000 R15: ffff88802bfa7000 [ 74.052411][ T6310] FS: 0000555557aa8500(0000) GS:ffff888125221000(0000) knlGS:0000000000000000 [ 74.064862][ T6310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.092584][ T6310] CR2: 000055e71222fee8 CR3: 000000007d4cc000 CR4: 00000000003526f0 [ 74.110906][ T6310] Kernel panic - not syncing: Fatal exception [ 74.117933][ T6310] Kernel Offset: disabled [ 74.122265][ T6310] Rebooting in 86400 seconds..