last executing test programs: 1.812271756s ago: executing program 1 (id=146): personality(0x0) 1.776832766s ago: executing program 1 (id=147): socket$inet_icmp_raw(0x2, 0x3, 0x1) 1.69462768s ago: executing program 1 (id=151): madvise(0x0, 0x0, 0x0) 1.571054754s ago: executing program 1 (id=156): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0) 1.473879848s ago: executing program 1 (id=160): utimensat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 1.271943824s ago: executing program 1 (id=166): rt_sigreturn() 687.600943ms ago: executing program 2 (id=188): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/random', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/random', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/random', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/random', 0x800, 0x0) 683.913326ms ago: executing program 0 (id=189): fsmount(0xffffffffffffffff, 0x0, 0x0) 655.317952ms ago: executing program 3 (id=190): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/attach', 0x1, 0x0) 579.75139ms ago: executing program 4 (id=191): seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000)) 579.379962ms ago: executing program 2 (id=192): mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 564.824995ms ago: executing program 0 (id=193): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hpet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hpet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hpet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hpet', 0x800, 0x0) 540.654252ms ago: executing program 4 (id=194): sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 464.505471ms ago: executing program 3 (id=195): remap_file_pages(0x0, 0x0, 0x0, 0x0, 0x0) 426.639622ms ago: executing program 2 (id=196): geteuid() 409.898487ms ago: executing program 4 (id=197): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bifrost', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bifrost', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bifrost', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bifrost', 0x800, 0x0) 352.273651ms ago: executing program 0 (id=198): inotify_init() 352.063595ms ago: executing program 3 (id=199): setgroups(0x0, &(0x7f0000000000)) 319.521328ms ago: executing program 2 (id=200): unlink(&(0x7f0000000000)) 257.752738ms ago: executing program 0 (id=201): statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 204.579065ms ago: executing program 3 (id=202): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max', 0x2, 0x0) 204.383231ms ago: executing program 4 (id=203): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) 188.920132ms ago: executing program 2 (id=204): sched_getscheduler(0x0) 165.971597ms ago: executing program 0 (id=205): renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 108.81327ms ago: executing program 4 (id=206): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 108.477052ms ago: executing program 3 (id=207): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/relabel', 0x2, 0x0) 78.501999ms ago: executing program 2 (id=208): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 47.484537ms ago: executing program 0 (id=209): listen(0xffffffffffffffff, 0x0) 150.903µs ago: executing program 4 (id=210): lookup_dcookie(0x0, &(0x7f0000000000), 0x0) 0s ago: executing program 3 (id=211): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dma_heap/system', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dma_heap/system', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dma_heap/system', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dma_heap/system', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.14' (ED25519) to the list of known hosts. [ 193.197000][ T5794] cgroup: Unknown subsys name 'net' [ 193.329807][ T5794] cgroup: Unknown subsys name 'cpuset' [ 193.346360][ T5794] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 200.136094][ T5794] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 209.529352][ T6019] mmap: syz.3.195 (6019) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 209.981171][ T6032] Oops: general protection fault, probably for non-canonical address 0x119ec557fffffe8: 0000 [#1] SMP PTI [ 209.992798][ T6032] CPU: 1 UID: 0 PID: 6032 Comm: syz.2.208 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(none) [ 210.004629][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 210.014939][ T6032] RIP: 0010:kfree+0xf2/0xec0 [ 210.019969][ T6032] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 210.039858][ T6032] RSP: 0018:ffff88812ed1f9f8 EFLAGS: 00010246 [ 210.046235][ T6032] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 210.054439][ T6032] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 0119ec557fffffe8 [ 210.062669][ T6032] RBP: ffff88812ed1faa0 R08: ffffea000000000f R09: 0000000000000000 [ 210.070955][ T6032] R10: ffff888114a8cce0 R11: 0000000000000000 R12: 0000000000000000 [ 210.079149][ T6032] R13: 0000000000000000 R14: 0000000000000000 R15: 011a02557fffffe0 [ 210.087356][ T6032] FS: 0000000000000000(0000) GS:ffff8881aa9a1000(0000) knlGS:0000000000000000 [ 210.096631][ T6032] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 210.103446][ T6032] CR2: 00000000f7208fb0 CR3: 000000011c032000 CR4: 00000000003526f0 [ 210.111679][ T6032] Call Trace: [ 210.115133][ T6032] [ 210.118312][ T6032] ? vhost_dev_cleanup+0x74d/0xf20 [ 210.123781][ T6032] ? kmsan_get_metadata+0xfb/0x160 [ 210.129291][ T6032] vhost_dev_cleanup+0x74d/0xf20 [ 210.134590][ T6032] vhost_vsock_dev_release+0x789/0x850 [ 210.140333][ T6032] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 210.146617][ T6032] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.152738][ T6032] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 210.159006][ T6032] __fput+0x608/0x1040 [ 210.163371][ T6032] ? __pfx_____fput+0x10/0x10 [ 210.168366][ T6032] ____fput+0x25/0x30 [ 210.172615][ T6032] task_work_run+0x209/0x2b0 [ 210.177608][ T6032] do_exit+0x99d/0x3d50 [ 210.182022][ T6032] ? kmsan_get_metadata+0xfb/0x160 [ 210.187410][ T6032] do_group_exit+0x259/0x390 [ 210.192284][ T6032] __ia32_sys_exit_group+0x35/0x40 [ 210.197661][ T6032] ia32_sys_call+0x4302/0x4310 [ 210.202648][ T6032] __do_fast_syscall_32+0xb0/0x150 [ 210.207989][ T6032] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 210.214347][ T6032] do_fast_syscall_32+0x38/0x80 [ 210.219436][ T6032] do_SYSENTER_32+0x1f/0x30 [ 210.224252][ T6032] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.230845][ T6032] RIP: 0023:0xf709e539 [ 210.235121][ T6032] Code: Unable to access opcode bytes at 0xf709e50f. [ 210.241945][ T6032] RSP: 002b:00000000ffa8cddc EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 210.250800][ T6032] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 210.258984][ T6032] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7404ff4 [ 210.267167][ T6032] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 SYZFAIL: failed to recv rpc [ 210.275325][ T6032] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 210.283478][ T6032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.291665][ T6032] [ 210.294823][ T6032] Modules linked in: [ 210.301692][ T6032] ---[ end trace 0000000000000000 ]--- [ 210.307376][ T6032] RIP: 0010:kfree+0xf2/0xec0 [ 210.315121][ T6032] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 210.335190][ T6032] RSP: 0018:ffff88812ed1f9f8 EFLAGS: 00010246 [ 210.341628][ T6032] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 210.351099][ T6032] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 0119ec557fffffe8 [ 210.359413][ T6032] RBP: ffff88812ed1faa0 R08: ffffea000000000f R09: 0000000000000000 [ 210.367622][ T6032] R10: ffff888114a8cce0 R11: 0000000000000000 R12: 0000000000000000 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 210.375942][ T6032] R13: 0000000000000000 R14: 0000000000000000 R15: 011a02557fffffe0 [ 210.384229][ T6032] FS: 0000000000000000(0000) GS:ffff8881aa9a1000(0000) knlGS:0000000000000000 [ 210.393603][ T6032] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 210.400672][ T6032] CR2: 00000000f7208fb0 CR3: 000000011c032000 CR4: 00000000003526f0 [ 210.409292][ T6032] Kernel panic - not syncing: Fatal exception [ 210.415971][ T6032] Kernel Offset: disabled [ 210.420441][ T6032] Rebooting in 86400 seconds..