10-Apr-2026 20:40:47: starting attempt #0
10-Apr-2026 20:42:07: attempt failed: "general protection fault in fuse_dev_alloc_install"
10-Apr-2026 20:42:07: starting attempt #1
10-Apr-2026 20:43:35: attempt failed: "general protection fault in fuse_dev_alloc_install"
10-Apr-2026 20:43:35: starting attempt #2
10-Apr-2026 20:45:01: attempt failed: "general protection fault in fuse_dev_alloc_install"
10-Apr-2026 20:45:01: report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000046: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000230-0x0000000000000237]
CPU: 0 UID: 0 PID: 5909 Comm: syz.0.73 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:fuse_dev_alloc_install+0x39/0x80
Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 8f 2a 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 3c 75 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30
RSP: 0018:ffffc90004c27710 EFLAGS: 00010202
RAX: 0000000000000046 RBX: ffff888105300e00 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffffff8dfd4824 RDI: 0000000000000230
RBP: ffff8881013c1790 R08: ffffffff90333df7 R09: 1ffffffff20667be
R10: dffffc0000000000 R11: fffffbfff20667bf R12: ffff8881136fc840
R13: ffff8881136fc810 R14: 0000000000000000 R15: ffff8881136fc800
FS:  000055556d4bc500(0000) GS:ffff88818dc21000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f79e152ba40 CR3: 0000000113784000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 cuse_channel_open+0x107/0x7c0
 misc_open+0x2d5/0x350
 chrdev_open+0x4cd/0x5e0
 do_dentry_open+0x785/0x14e0
 vfs_open+0x3b/0x340
 path_openat+0x2e08/0x3860
 do_file_open+0x23e/0x4a0
 do_sys_openat2+0x113/0x200
 __x64_sys_openat+0x138/0x170
 do_syscall_64+0x15f/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f79e159c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe8918b278 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f79e1815fa0 RCX: 00007f79e159c819
RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
RBP: 00007f79e1632c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f79e1815fac R14: 00007f79e1815fa0 R15: 00007f79e1815fa0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:fuse_dev_alloc_install+0x39/0x80
Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 8f 2a 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 3c 75 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30
RSP: 0018:ffffc90004c27710 EFLAGS: 00010202
RAX: 0000000000000046 RBX: ffff888105300e00 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffffff8dfd4824 RDI: 0000000000000230
RBP: ffff8881013c1790 R08: ffffffff90333df7 R09: 1ffffffff20667be
R10: dffffc0000000000 R11: fffffbfff20667bf R12: ffff8881136fc840
R13: ffff8881136fc810 R14: 0000000000000000 R15: ffff8881136fc800
FS:  000055556d4bc500(0000) GS:ffff88818dc21000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564547608ca8 CR3: 0000000113784000 CR4: 00000000000006f0

10-Apr-2026 20:45:01: output:
last executing test programs:

71.074133ms ago: executing program 0 (id=50):
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000), 0x0)

70.582304ms ago: executing program 1 (id=51):
fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0)

70.371607ms ago: executing program 2 (id=52):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/mac80211_hwsim/', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/mac80211_hwsim/', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/mac80211_hwsim/', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/mac80211_hwsim/', 0x800, 0x0)

70.241274ms ago: executing program 0 (id=53):
fsopen(&(0x7f0000000000), 0x0)

70.049ms ago: executing program 2 (id=54):
memfd_create(&(0x7f0000000000), 0x0)

69.914969ms ago: executing program 1 (id=55):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmci', 0x2, 0x0)

64.683434ms ago: executing program 0 (id=56):
connect(0xffffffffffffffff, &(0x7f0000000000), 0x0)

63.487667ms ago: executing program 1 (id=57):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0)

63.243573ms ago: executing program 2 (id=58):
socket$inet6_icmp(0xa, 0x2, 0x3a)

8.437461ms ago: executing program 1 (id=59):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats', 0x0, 0x0)

8.14717ms ago: executing program 0 (id=60):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x14)

8.003946ms ago: executing program 2 (id=61):
acct(0x0)

7.871567ms ago: executing program 2 (id=62):
epoll_wait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

7.679223ms ago: executing program 1 (id=63):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp1', 0x800, 0x0)

7.542145ms ago: executing program 0 (id=64):
arch_prctl$ARCH_ENABLE_TAGGED_ADDR(0x4002, 0x0)

5.145736ms ago: executing program 0 (id=65):
recvfrom(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)

182.161µs ago: executing program 1 (id=66):
open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0)

0s ago: executing program 2 (id=67):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid', 0x800, 0x0)

0s ago: executing program 0 (id=73):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:42589' (ED25519) to the list of known hosts.
syzkaller login: [   62.923087][ T5814] cgroup: Unknown subsys name 'net'
[   63.052986][ T5814] cgroup: Unknown subsys name 'cpuset'
[   63.058036][ T5814] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   65.110213][ T5814] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.268835][ T5909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000046: 0000 [#1] SMP KASAN PTI
[   71.272477][ T5909] KASAN: null-ptr-deref in range [0x0000000000000230-0x0000000000000237]
[   71.274979][ T5909] CPU: 0 UID: 0 PID: 5909 Comm: syz.0.73 Not tainted syzkaller #0 PREEMPT(full) 
[   71.277918][ T5909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   71.281520][ T5909] RIP: 0010:fuse_dev_alloc_install+0x39/0x80
[   71.283782][ T5909] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 8f 2a 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 3c 75 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30
[   71.290882][ T5909] RSP: 0018:ffffc90004c27710 EFLAGS: 00010202
[   71.293137][ T5909] RAX: 0000000000000046 RBX: ffff888105300e00 RCX: dffffc0000000000
[   71.295828][ T5909] RDX: 0000000000000000 RSI: ffffffff8dfd4824 RDI: 0000000000000230
[   71.298308][ T5909] RBP: ffff8881013c1790 R08: ffffffff90333df7 R09: 1ffffffff20667be
[   71.300839][ T5909] R10: dffffc0000000000 R11: fffffbfff20667bf R12: ffff8881136fc840
[   71.303161][ T5909] R13: ffff8881136fc810 R14: 0000000000000000 R15: ffff8881136fc800
[   71.305898][ T5909] FS:  000055556d4bc500(0000) GS:ffff88818dc21000(0000) knlGS:0000000000000000
[   71.308575][ T5909] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.310580][ T5909] CR2: 00007f79e152ba40 CR3: 0000000113784000 CR4: 00000000000006f0
[   71.312900][ T5909] Call Trace:
[   71.314090][ T5909]  <TASK>
[   71.315246][ T5909]  cuse_channel_open+0x107/0x7c0
[   71.317162][ T5909]  ? __pfx_cuse_channel_open+0x10/0x10
[   71.319225][ T5909]  misc_open+0x2d5/0x350
[   71.320862][ T5909]  chrdev_open+0x4cd/0x5e0
[   71.322637][ T5909]  ? __pfx_chrdev_open+0x10/0x10
[   71.324543][ T5909]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[   71.326968][ T5909]  ? __pfx_chrdev_open+0x10/0x10
[   71.328868][ T5909]  do_dentry_open+0x785/0x14e0
[   71.330704][ T5909]  vfs_open+0x3b/0x340
[   71.332300][ T5909]  ? path_openat+0x2df0/0x3860
[   71.334118][ T5909]  path_openat+0x2e08/0x3860
[   71.335905][ T5909]  ? __pfx_stack_trace_save+0x10/0x10
[   71.337929][ T5909]  ? stack_depot_save_flags+0x33/0x810
[   71.339982][ T5909]  ? __pfx_path_openat+0x10/0x10
[   71.341854][ T5909]  ? __x64_sys_openat+0x138/0x170
[   71.343776][ T5909]  ? __lock_acquire+0x6b5/0x2cf0
[   71.345667][ T5909]  do_file_open+0x23e/0x4a0
[   71.347404][ T5909]  ? __pfx_do_file_open+0x10/0x10
[   71.349300][ T5909]  ? _raw_spin_unlock+0x28/0x50
[   71.351103][ T5909]  ? alloc_fd+0x64b/0x6c0
[   71.352717][ T5909]  do_sys_openat2+0x113/0x200
[   71.354499][ T5909]  ? __pfx_do_sys_openat2+0x10/0x10
[   71.356504][ T5909]  ? exc_page_fault+0x6a/0xc0
[   71.358318][ T5909]  ? do_user_addr_fault+0xc6f/0x1340
[   71.360323][ T5909]  __x64_sys_openat+0x138/0x170
[   71.362179][ T5909]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.364395][ T5909]  do_syscall_64+0x15f/0xf80
[   71.366127][ T5909]  ? trace_irq_disable+0x3b/0x140
[   71.368003][ T5909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.370224][ T5909] RIP: 0033:0x7f79e159c819
[   71.371903][ T5909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   71.379124][ T5909] RSP: 002b:00007ffe8918b278 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   71.382280][ T5909] RAX: ffffffffffffffda RBX: 00007f79e1815fa0 RCX: 00007f79e159c819
[   71.385273][ T5909] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   71.388274][ T5909] RBP: 00007f79e1632c91 R08: 0000000000000000 R09: 0000000000000000
[   71.391262][ T5909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.394279][ T5909] R13: 00007f79e1815fac R14: 00007f79e1815fa0 R15: 00007f79e1815fa0
[   71.397294][ T5909]  </TASK>
[   71.398486][ T5909] Modules linked in:
[   71.400432][ T5909] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   71.406866][ T5909] RIP: 0010:fuse_dev_alloc_install+0x39/0x80
[   71.419729][ T5909] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 8f 2a 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 3c 75 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30
[   71.454990][ T5909] RSP: 0018:ffffc90004c27710 EFLAGS: 00010202
[   71.462749][ T5909] RAX: 0000000000000046 RBX: ffff888105300e00 RCX: dffffc0000000000
[   71.473398][ T5909] RDX: 0000000000000000 RSI: ffffffff8dfd4824 RDI: 0000000000000230
[   71.483528][ T5909] RBP: ffff8881013c1790 R08: ffffffff90333df7 R09: 1ffffffff20667be
[   71.498286][ T5909] R10: dffffc0000000000 R11: fffffbfff20667bf R12: ffff8881136fc840
[   71.508908][ T5909] R13: ffff8881136fc810 R14: 0000000000000000 R15: ffff8881136fc800
[   71.521038][ T5909] FS:  000055556d4bc500(0000) GS:ffff88818dc21000(0000) knlGS:0000000000000000
[   71.529710][ T5909] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.536398][ T5909] CR2: 0000564547608ca8 CR3: 0000000113784000 CR4: 00000000000006f0
[   71.545824][ T5909] Kernel panic - not syncing: Fatal exception
[   71.548848][ T5909] Kernel Offset: disabled
[   71.550510][ T5909] Rebooting in 86400 seconds..