last executing test programs: 264.321268ms ago: executing program 1 (id=164): socket$caif_stream(0x25, 0x1, 0x0) 238.260976ms ago: executing program 1 (id=168): sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 188.639615ms ago: executing program 0 (id=170): inotify_rm_watch(0xffffffffffffffff, 0x0) 188.53682ms ago: executing program 3 (id=171): pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 188.481413ms ago: executing program 1 (id=172): socket$isdn_base(0x22, 0x3, 0x0) 188.36376ms ago: executing program 2 (id=173): fgetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 188.119871ms ago: executing program 4 (id=174): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current', 0x2, 0x0) 175.220558ms ago: executing program 3 (id=175): landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000000), 0x0) 170.383552ms ago: executing program 2 (id=176): renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 124.631517ms ago: executing program 0 (id=177): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats', 0x0, 0x0) 124.381891ms ago: executing program 1 (id=178): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mice', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/mice', 0x800, 0x0) 124.336884ms ago: executing program 3 (id=179): link(&(0x7f0000000000), &(0x7f0000000000)) 124.219284ms ago: executing program 2 (id=180): chroot(&(0x7f0000000000)) 124.175192ms ago: executing program 4 (id=181): sysfs$1(0x1, &(0x7f0000000000)) 120.629008ms ago: executing program 3 (id=182): socket$igmp(0x2, 0x3, 0x2) 111.013557ms ago: executing program 2 (id=183): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 64.003936ms ago: executing program 0 (id=184): setregid(0x0, 0x0) 63.868815ms ago: executing program 4 (id=185): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 63.567052ms ago: executing program 3 (id=186): socket$phonet_pipe(0x23, 0x5, 0x2) 63.104648ms ago: executing program 2 (id=187): fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000000)) 63.021697ms ago: executing program 0 (id=188): exit_group(0x0) 62.947498ms ago: executing program 4 (id=189): setitimer(0x0, &(0x7f0000000000), 0x0) 56.371555ms ago: executing program 0 (id=190): fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)) 45.873676ms ago: executing program 3 (id=191): socket$inet(0x2, 0x1, 0x0) 818.364µs ago: executing program 1 (id=192): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/reclaim', 0x1, 0x0) 692.975µs ago: executing program 4 (id=193): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/load', 0x2, 0x0) 524.518µs ago: executing program 2 (id=194): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0) 336.776µs ago: executing program 0 (id=195): socket$inet6_sctp(0xa, 0x1, 0x84) 181.77µs ago: executing program 1 (id=196): lstat(&(0x7f0000000000), &(0x7f0000000000)) 0s ago: executing program 4 (id=197): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.10' (ED25519) to the list of known hosts. [ 65.470178][ T5828] cgroup: Unknown subsys name 'net' [ 65.566628][ T5828] cgroup: Unknown subsys name 'cpuset' [ 65.576156][ T5828] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.948692][ T5828] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.042143][ T5968] mmap: syz.3.116 (5968) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 70.754622][ T6049] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000046: 0000 [#1] SMP KASAN PTI [ 70.766900][ T6049] KASAN: null-ptr-deref in range [0x0000000000000230-0x0000000000000237] [ 70.775510][ T6049] CPU: 1 UID: 0 PID: 6049 Comm: syz.2.194 Not tainted syzkaller #0 PREEMPT(full) [ 70.785147][ T6049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 70.795402][ T6049] RIP: 0010:fuse_dev_alloc_install+0x39/0x80 [ 70.801395][ T6049] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 1f 8f 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 ac b7 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30 [ 70.821002][ T6049] RSP: 0018:ffffc90004597710 EFLAGS: 00010202 [ 70.827256][ T6049] RAX: 0000000000000046 RBX: ffff8880784db000 RCX: dffffc0000000000 [ 70.835226][ T6049] RDX: 0000000000000000 RSI: ffffffff8dfcc8a2 RDI: 0000000000000230 [ 70.843471][ T6049] RBP: ffff8880261d1290 R08: ffffffff9032d7f7 R09: 1ffffffff2065afe [ 70.851530][ T6049] R10: dffffc0000000000 R11: fffffbfff2065aff R12: ffff88802ab1f040 [ 70.859840][ T6049] R13: ffff88802ab1f010 R14: 0000000000000000 R15: ffff88802ab1f000 [ 70.867912][ T6049] FS: 000055557bcb6500(0000) GS:ffff888125334000(0000) knlGS:0000000000000000 [ 70.876919][ T6049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.883581][ T6049] CR2: 00007fff96ce3fc8 CR3: 000000007af14000 CR4: 00000000003526f0 [ 70.891656][ T6049] Call Trace: [ 70.895023][ T6049] [ 70.898060][ T6049] cuse_channel_open+0x107/0x7c0 [ 70.903094][ T6049] ? __pfx_cuse_channel_open+0x10/0x10 [ 70.908833][ T6049] misc_open+0x2d5/0x350 [ 70.913091][ T6049] chrdev_open+0x4cd/0x5e0 [ 70.917942][ T6049] ? __pfx_chrdev_open+0x10/0x10 [ 70.922961][ T6049] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 70.930315][ T6049] ? __pfx_chrdev_open+0x10/0x10 [ 70.935505][ T6049] do_dentry_open+0x785/0x14e0 [ 70.940436][ T6049] vfs_open+0x3b/0x340 [ 70.944578][ T6049] ? path_openat+0x2df0/0x3860 [ 70.949326][ T6049] path_openat+0x2e08/0x3860 [ 70.953900][ T6049] ? __pfx_stack_trace_save+0x10/0x10 [ 70.959603][ T6049] ? stack_depot_save_flags+0x33/0x810 [ 70.965085][ T6049] ? __pfx_path_openat+0x10/0x10 [ 70.970019][ T6049] ? __x64_sys_openat+0x138/0x170 [ 70.975297][ T6049] ? __lock_acquire+0x6b5/0x2cf0 [ 70.980506][ T6049] do_file_open+0x23e/0x4a0 [ 70.985021][ T6049] ? __pfx_do_file_open+0x10/0x10 [ 70.990400][ T6049] ? _raw_spin_unlock+0x28/0x50 [ 70.995347][ T6049] ? alloc_fd+0x64b/0x6c0 [ 70.999673][ T6049] do_sys_openat2+0x113/0x200 [ 71.004428][ T6049] ? __pfx_do_sys_openat2+0x10/0x10 [ 71.009707][ T6049] ? exc_page_fault+0x6a/0xc0 [ 71.014457][ T6049] ? do_user_addr_fault+0xc6f/0x1340 [ 71.019737][ T6049] __x64_sys_openat+0x138/0x170 [ 71.024580][ T6049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.030891][ T6049] do_syscall_64+0x15f/0xf80 [ 71.035466][ T6049] ? trace_irq_disable+0x3b/0x140 [ 71.040479][ T6049] ? clear_bhb_loop+0x40/0x90 [ 71.045230][ T6049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.051194][ T6049] RIP: 0033:0x7ff14f79c819 [ 71.055826][ T6049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 71.075914][ T6049] RSP: 002b:00007ffc70831a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 71.084513][ T6049] RAX: ffffffffffffffda RBX: 00007ff14fa15fa0 RCX: 00007ff14f79c819 [ 71.092911][ T6049] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 71.100959][ T6049] RBP: 00007ff14f832c91 R08: 0000000000000000 R09: 0000000000000000 [ 71.109008][ T6049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 71.116972][ T6049] R13: 00007ff14fa15fac R14: 00007ff14fa15fa0 R15: 00007ff14fa15fa0 [ 71.125117][ T6049] [ 71.128256][ T6049] Modules linked in: [ 71.132651][ T6049] ---[ end trace 0000000000000000 ]--- [ 71.151386][ T6049] RIP: 0010:fuse_dev_alloc_install+0x39/0x80 [ 71.159597][ T6049] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 1f 8f 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 ac b7 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30 [ 71.220537][ T6049] RSP: 0018:ffffc90004597710 EFLAGS: 00010202 [ 71.232068][ T6049] RAX: 0000000000000046 RBX: ffff8880784db000 RCX: dffffc0000000000 [ 71.240608][ T6049] RDX: 0000000000000000 RSI: ffffffff8dfcc8a2 RDI: 0000000000000230 [ 71.248868][ T6049] RBP: ffff8880261d1290 R08: ffffffff9032d7f7 R09: 1ffffffff2065afe [ 71.257233][ T6049] R10: dffffc0000000000 R11: fffffbfff2065aff R12: ffff88802ab1f040 [ 71.265576][ T6049] R13: ffff88802ab1f010 R14: 0000000000000000 R15: ffff88802ab1f000 [ 71.278503][ T6049] FS: 000055557bcb6500(0000) GS:ffff888125334000(0000) knlGS:0000000000000000 [ 71.287768][ T6049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.295046][ T6049] CR2: 00005591825b8006 CR3: 000000007af14000 CR4: 00000000003526f0 [ 71.303473][ T6049] Kernel panic - not syncing: Fatal exception [ 71.310194][ T6049] Kernel Offset: disabled [ 71.314516][ T6049] Rebooting in 86400 seconds..