last executing test programs: 1.435439785s ago: executing program 4 (id=406): socket$inet_dccp(0x2, 0x6, 0x0) 1.019493014s ago: executing program 1 (id=418): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control', 0x800, 0x0) 886.939702ms ago: executing program 1 (id=421): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0) 747.70802ms ago: executing program 1 (id=425): sysfs$1(0x1, &(0x7f0000000000)) 706.268999ms ago: executing program 3 (id=427): socket$inet6(0xa, 0x1, 0x0) 619.057072ms ago: executing program 1 (id=428): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs', 0x800, 0x0) 612.394989ms ago: executing program 3 (id=429): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsu', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsu', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsu', 0x800, 0x0) 596.112691ms ago: executing program 2 (id=430): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl', 0x800, 0x0) 539.438462ms ago: executing program 4 (id=431): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/syslog', 0x2, 0x0) 538.875221ms ago: executing program 0 (id=432): syz_init_net_socket$netrom(0x6, 0x5, 0x0) 538.310679ms ago: executing program 1 (id=433): landlock_restrict_self(0xffffffffffffffff, 0x0) 478.740993ms ago: executing program 2 (id=434): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 475.98945ms ago: executing program 0 (id=435): pwritev2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 444.528009ms ago: executing program 1 (id=436): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 444.282747ms ago: executing program 3 (id=437): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0', 0x2, 0x0) 387.623061ms ago: executing program 4 (id=438): syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndctrl(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$sndctrl(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$sndctrl(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$sndctrl(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$sndctrl(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$sndctrl(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$sndctrl(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$sndctrl(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$sndctrl(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$sndctrl(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$sndctrl(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$sndctrl(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$sndctrl(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$sndctrl(&(0x7f0000000500), 0x4, 0x800) 376.48695ms ago: executing program 0 (id=439): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/md0', 0x800, 0x0) 355.53463ms ago: executing program 2 (id=440): llistxattr(&(0x7f0000000000), &(0x7f0000000000), 0x0) 290.930716ms ago: executing program 3 (id=441): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0) 285.034539ms ago: executing program 4 (id=442): newfstatat(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000000), 0x0) 263.09602ms ago: executing program 0 (id=443): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) 187.181862ms ago: executing program 2 (id=444): munmap(0x0, 0x0) 187.020609ms ago: executing program 3 (id=445): set_robust_list(&(0x7f0000000000), 0x0) 167.876655ms ago: executing program 4 (id=446): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 164.101459ms ago: executing program 0 (id=447): futex(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 59.012822ms ago: executing program 2 (id=448): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ipv6host', 0x2, 0x0) 58.805286ms ago: executing program 0 (id=449): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 58.719884ms ago: executing program 3 (id=450): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m', 0x2, 0x0) 58.612498ms ago: executing program 4 (id=451): socket(0x1e, 0x2, 0x0) 0s ago: executing program 2 (id=452): getpriority(0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts. [ 179.229546][ T5794] cgroup: Unknown subsys name 'net' [ 179.361352][ T5794] cgroup: Unknown subsys name 'cpuset' [ 179.377191][ T5794] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 185.390077][ T5794] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 190.846847][ T5903] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 192.842382][ T5984] mmap: syz.1.158 (5984) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 194.005501][ T6029] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 201.402681][ T6280] Oops: general protection fault, probably for non-canonical address 0x22cdd7d6740dc98: 0000 [#1] SMP PTI [ 201.415278][ T6280] CPU: 0 UID: 0 PID: 6280 Comm: syz.0.449 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(none) [ 201.427770][ T6280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 201.439245][ T6280] RIP: 0010:kfree+0xf2/0xec0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 201.447596][ T6280] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 201.471557][ T6280] RSP: 0018:ffff888023c87a28 EFLAGS: 00010246 [ 201.478717][ T6280] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 201.490207][ T6280] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 022cdd7d6740dc98 [ 201.499529][ T6280] RBP: ffff888023c87ad0 R08: ffffea000000000f R09: 0000000000000000 [ 201.508420][ T6280] R10: ffff88812e360b60 R11: 0000000000000000 R12: 0000000000000000 [ 201.517725][ T6280] R13: 0000000000000000 R14: 0000000000000000 R15: 022cf37d6740dc90 [ 201.526435][ T6280] FS: 0000000000000000(0000) GS:ffff8881aa8a1000(0000) knlGS:0000000000000000 [ 201.536602][ T6280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.543900][ T6280] CR2: 000055559425b4a8 CR3: 00000001252c8000 CR4: 00000000003526f0 [ 201.552677][ T6280] Call Trace: [ 201.557410][ T6280] [ 201.560673][ T6280] ? vhost_dev_cleanup+0x74d/0xf20 [ 201.567177][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 201.573666][ T6280] vhost_dev_cleanup+0x74d/0xf20 [ 201.580457][ T6280] vhost_vsock_dev_release+0x789/0x850 [ 201.586788][ T6280] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 201.593835][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 201.600706][ T6280] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 201.607115][ T6280] __fput+0x608/0x1040 [ 201.611872][ T6280] ? __pfx_____fput+0x10/0x10 [ 201.616962][ T6280] ____fput+0x25/0x30 [ 201.621557][ T6280] task_work_run+0x209/0x2b0 [ 201.626998][ T6280] do_exit+0x99d/0x3d50 [ 201.631680][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 201.637849][ T6280] do_group_exit+0x259/0x390 [ 201.642929][ T6280] __x64_sys_exit_group+0x35/0x40 [ 201.648801][ T6280] x64_sys_call+0x3e1a/0x3e20 [ 201.654294][ T6280] do_syscall_64+0xd9/0x210 [ 201.659355][ T6280] ? irqentry_exit+0x16/0x60 [ 201.664639][ T6280] ? clear_bhb_loop+0x40/0x90 [ 201.669907][ T6280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.677636][ T6280] RIP: 0033:0x7f396ef8eb69 [ 201.682538][ T6280] Code: Unable to access opcode bytes at 0x7f396ef8eb3f. [ 201.690400][ T6280] RSP: 002b:00007ffd25b42328 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 201.699314][ T6280] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f396ef8eb69 [ 201.708523][ T6280] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: 0000000000000000 [ 201.720561][ T6280] RBP: 00007ffd25b4238c R08: 0000000000000001 R09: 00000000000927c0 [ 201.729058][ T6280] R10: 00007f396ee00000 R11: 0000000000000246 R12: 0000000000000043 [ 201.737577][ T6280] R13: 00000000000927c0 R14: 0000000000031210 R15: 00007ffd25b423e0 [ 201.746540][ T6280] [ 201.750166][ T6280] Modules linked in: [ 201.755919][ T6280] ---[ end trace 0000000000000000 ]--- [ 201.763728][ T6280] RIP: 0010:kfree+0xf2/0xec0 [ 201.768646][ T6280] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 201.792762][ T6280] RSP: 0018:ffff888023c87a28 EFLAGS: 00010246 [ 201.799445][ T6280] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 201.808455][ T6280] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 022cdd7d6740dc98 [ 201.817266][ T6280] RBP: ffff888023c87ad0 R08: ffffea000000000f R09: 0000000000000000 [ 201.826691][ T6280] R10: ffff88812e360b60 R11: 0000000000000000 R12: 0000000000000000 [ 201.836141][ T6280] R13: 0000000000000000 R14: 0000000000000000 R15: 022cf37d6740dc90 [ 201.844757][ T6280] FS: 0000000000000000(0000) GS:ffff8881aa8a1000(0000) knlGS:0000000000000000 [ 201.855287][ T6280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.862599][ T6280] CR2: 000055559425b4a8 CR3: 00000001252c8000 CR4: 00000000003526f0 [ 201.872053][ T6280] Kernel panic - not syncing: Fatal exception [ 201.879225][ T6280] Kernel Offset: disabled [ 201.883794][ T6280] Rebooting in 86400 seconds..