last executing test programs: 1.995850248s ago: executing program 2 (id=34): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 1.980023775s ago: executing program 2 (id=39): socket$inet_icmp(0x2, 0x2, 0x1) 1.927916022s ago: executing program 2 (id=43): signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 1.919197627s ago: executing program 2 (id=46): landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000000), 0x0) 1.864121135s ago: executing program 2 (id=49): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.863733549s ago: executing program 2 (id=52): pause() 135.897876ms ago: executing program 3 (id=227): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36', 0x2, 0x0) 135.3945ms ago: executing program 0 (id=229): recvmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 135.104634ms ago: executing program 3 (id=231): fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)) 135.023845ms ago: executing program 0 (id=232): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/capi20', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/capi20', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20', 0x800, 0x0) 130.177952ms ago: executing program 3 (id=233): semop(0x0, &(0x7f0000000000), 0x0) 68.128676ms ago: executing program 0 (id=235): renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 67.994446ms ago: executing program 0 (id=236): setpgid(0x0, 0x0) 67.83629ms ago: executing program 3 (id=237): set_mempolicy_home_node(0x0, 0x0, 0x0, 0x0) 67.467709ms ago: executing program 3 (id=239): lookup_dcookie(0x0, &(0x7f0000000000), 0x0) 67.376859ms ago: executing program 0 (id=240): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ptrace', 0x2, 0x0) 67.1794ms ago: executing program 1 (id=241): get_thread_area(&(0x7f0000000000)) 59.079285ms ago: executing program 3 (id=242): fgetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 56.973958ms ago: executing program 0 (id=243): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0) 690.828µs ago: executing program 1 (id=244): eventfd(0x0) 560.852µs ago: executing program 1 (id=245): getpgrp(0x0) 406.592µs ago: executing program 1 (id=246): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x28, 0x800) 182.529µs ago: executing program 1 (id=247): getpriority(0x0, 0x0) 0s ago: executing program 1 (id=248): syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbmon(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbmon(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$usbmon(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$usbmon(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$usbmon(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$usbmon(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$usbmon(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$usbmon(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$usbmon(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$usbmon(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$usbmon(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$usbmon(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$usbmon(&(0x7f0000000500), 0x4, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. [ 66.305606][ T5824] cgroup: Unknown subsys name 'net' [ 66.427488][ T5824] cgroup: Unknown subsys name 'cpuset' [ 66.436045][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.837794][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.417209][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.424086][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 79.182059][ T6098] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000046: 0000 [#1] SMP KASAN PTI [ 79.194347][ T6098] KASAN: null-ptr-deref in range [0x0000000000000230-0x0000000000000237] [ 79.202794][ T6098] CPU: 0 UID: 0 PID: 6098 Comm: syz.0.243 Not tainted syzkaller #0 PREEMPT(full) [ 79.212175][ T6098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 79.222241][ T6098] RIP: 0010:fuse_dev_alloc_install+0x39/0x80 [ 79.228345][ T6098] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 7f 57 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 6c 94 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30 [ 79.247967][ T6098] RSP: 0018:ffffc90004977710 EFLAGS: 00010202 [ 79.254033][ T6098] RAX: 0000000000000046 RBX: ffff88802a4e8700 RCX: dffffc0000000000 [ 79.262093][ T6098] RDX: 0000000000000000 RSI: ffffffff8e3178fe RDI: 0000000000000230 [ 79.270145][ T6098] RBP: ffff888022375790 R08: ffffffff9074f1f7 R09: 1ffffffff20e9e3e [ 79.278430][ T6098] R10: dffffc0000000000 R11: fffffbfff20e9e3f R12: ffff888028058840 [ 79.286655][ T6098] R13: ffff888028058810 R14: 0000000000000000 R15: ffff888028058800 [ 79.294623][ T6098] FS: 0000555594717500(0000) GS:ffff888124dd9000(0000) knlGS:0000000000000000 [ 79.303651][ T6098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.310218][ T6098] CR2: 00007fcdea32ba40 CR3: 0000000030fc2000 CR4: 00000000003526f0 [ 79.318270][ T6098] Call Trace: [ 79.321546][ T6098] [ 79.324465][ T6098] cuse_channel_open+0x107/0x7c0 [ 79.329396][ T6098] ? __pfx_cuse_channel_open+0x10/0x10 [ 79.334844][ T6098] misc_open+0x2d5/0x350 [ 79.339077][ T6098] chrdev_open+0x4cd/0x5e0 [ 79.343485][ T6098] ? __pfx_chrdev_open+0x10/0x10 [ 79.348413][ T6098] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 79.354818][ T6098] ? __pfx_chrdev_open+0x10/0x10 [ 79.359751][ T6098] do_dentry_open+0x785/0x14e0 [ 79.364593][ T6098] vfs_open+0x3b/0x340 [ 79.368654][ T6098] ? path_openat+0x2df0/0x3860 [ 79.373416][ T6098] path_openat+0x2e08/0x3860 [ 79.377998][ T6098] ? __pfx_stack_trace_save+0x10/0x10 [ 79.383633][ T6098] ? stack_depot_save_flags+0x33/0x810 [ 79.389093][ T6098] ? __pfx_path_openat+0x10/0x10 [ 79.394102][ T6098] ? __x64_sys_openat+0x138/0x170 [ 79.399122][ T6098] ? __lock_acquire+0x6b5/0x2cf0 [ 79.404066][ T6098] do_file_open+0x23e/0x4a0 [ 79.408564][ T6098] ? __pfx_do_file_open+0x10/0x10 [ 79.413581][ T6098] ? _raw_spin_unlock+0x28/0x50 [ 79.418432][ T6098] ? alloc_fd+0x64b/0x6c0 [ 79.422755][ T6098] do_sys_openat2+0x113/0x200 [ 79.427433][ T6098] ? __pfx_do_sys_openat2+0x10/0x10 [ 79.432625][ T6098] ? exc_page_fault+0x6a/0xc0 [ 79.437290][ T6098] ? do_user_addr_fault+0xc6f/0x1340 [ 79.442583][ T6098] __x64_sys_openat+0x138/0x170 [ 79.447517][ T6098] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.453581][ T6098] do_syscall_64+0x15f/0xf80 [ 79.458250][ T6098] ? trace_irq_disable+0x3b/0x140 [ 79.463262][ T6098] ? clear_bhb_loop+0x40/0x90 [ 79.467926][ T6098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.473891][ T6098] RIP: 0033:0x7fcdea39c819 [ 79.478306][ T6098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 79.497895][ T6098] RSP: 002b:00007ffc7d8d7b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 79.506381][ T6098] RAX: ffffffffffffffda RBX: 00007fcdea615fa0 RCX: 00007fcdea39c819 [ 79.514427][ T6098] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 79.522393][ T6098] RBP: 00007fcdea432c91 R08: 0000000000000000 R09: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 79.530458][ T6098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.538527][ T6098] R13: 00007fcdea615fac R14: 00007fcdea615fa0 R15: 00007fcdea615fa0 [ 79.546539][ T6098] [ 79.549546][ T6098] Modules linked in: [ 79.553855][ T6098] ---[ end trace 0000000000000000 ]--- [ 79.601096][ T6098] RIP: 0010:fuse_dev_alloc_install+0x39/0x80 [ 79.623790][ T6098] Code: e8 bc f8 ff ff 48 89 c3 48 85 c0 74 47 e8 7f 57 7f fe 49 8d be 30 02 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 6c 94 e9 fe 49 8b 96 30 02 00 00 49 c7 86 30 [ 79.644151][ T6098] RSP: 0018:ffffc90004977710 EFLAGS: 00010202 [ 79.650433][ T6098] RAX: 0000000000000046 RBX: ffff88802a4e8700 RCX: dffffc0000000000 [ 79.659913][ T6098] RDX: 0000000000000000 RSI: ffffffff8e3178fe RDI: 0000000000000230 [ 79.707912][ T6098] RBP: ffff888022375790 R08: ffffffff9074f1f7 R09: 1ffffffff20e9e3e [ 79.717805][ T6098] R10: dffffc0000000000 R11: fffffbfff20e9e3f R12: ffff888028058840 [ 79.726893][ T6098] R13: ffff888028058810 R14: 0000000000000000 R15: ffff888028058800 [ 79.735274][ T6098] FS: 0000555594717500(0000) GS:ffff888124dd9000(0000) knlGS:0000000000000000 [ 79.744556][ T6098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.751270][ T6098] CR2: 000056547c6ac660 CR3: 0000000030fc2000 CR4: 00000000003526f0 [ 79.759845][ T6098] Kernel panic - not syncing: Fatal exception [ 79.766837][ T6098] Kernel Offset: disabled [ 79.771254][ T6098] Rebooting in 86400 seconds..