last executing test programs: 1.33219702s ago: executing program 3 (id=57): read(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.22956943s ago: executing program 3 (id=61): close(0xffffffffffffffff) 1.067837345s ago: executing program 3 (id=66): set_thread_area(&(0x7f0000000000)) 979.572806ms ago: executing program 3 (id=71): getrusage(0x0, &(0x7f0000000000)) 883.838031ms ago: executing program 3 (id=75): quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)) 853.30705ms ago: executing program 3 (id=78): socket$inet6_dccp(0xa, 0x6, 0x0) 675.877852ms ago: executing program 0 (id=84): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/register', 0x1, 0x0) 617.727059ms ago: executing program 0 (id=86): mknodat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 571.858247ms ago: executing program 2 (id=87): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/unconfined', 0x2, 0x0) 571.584045ms ago: executing program 1 (id=88): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 571.366729ms ago: executing program 4 (id=89): listen(0xffffffffffffffff, 0x0) 517.144248ms ago: executing program 0 (id=90): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37', 0x2, 0x0) 508.147447ms ago: executing program 2 (id=91): migrate_pages(0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 447.982853ms ago: executing program 1 (id=92): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/target_ids', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/target_ids', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/target_ids', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/target_ids', 0x800, 0x0) 447.818713ms ago: executing program 4 (id=93): mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000), 0x0) 432.220813ms ago: executing program 0 (id=94): setpriority(0x0, 0x0, 0x0) 404.445971ms ago: executing program 2 (id=95): socket$key(0xf, 0x3, 0x2) 351.666571ms ago: executing program 4 (id=96): io_setup(0x0, &(0x7f0000000000)) 351.387488ms ago: executing program 1 (id=97): select(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 338.467578ms ago: executing program 0 (id=98): syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$video4linux(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$video4linux(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$video4linux(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$video4linux(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$video4linux(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$video4linux(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$video4linux(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$video4linux(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$video4linux(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$video4linux(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$video4linux(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$video4linux(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$video4linux(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$video4linux(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$video4linux(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$video4linux(&(0x7f0000000500), 0x4, 0x800) 310.066973ms ago: executing program 4 (id=99): socket$inet6(0xa, 0x1, 0x0) 252.007328ms ago: executing program 2 (id=100): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 236.259596ms ago: executing program 4 (id=101): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 231.845383ms ago: executing program 1 (id=102): syz_open_dev$vivid(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vivid(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vivid(&(0x7f0000000100), 0x0, 0x800) 148.170616ms ago: executing program 2 (id=103): personality(0x0) 147.806336ms ago: executing program 0 (id=104): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 147.61208ms ago: executing program 1 (id=105): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ptrace', 0x2, 0x0) 127.295378ms ago: executing program 4 (id=106): signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 62.119563ms ago: executing program 2 (id=107): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/relabel-self', 0x2, 0x0) 0s ago: executing program 1 (id=108): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.178' (ED25519) to the list of known hosts. [ 163.457042][ T5777] cgroup: Unknown subsys name 'net' [ 163.660688][ T5777] cgroup: Unknown subsys name 'cpuset' [ 163.675928][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 169.402794][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 175.252364][ T5913] Oops: general protection fault, probably for non-canonical address 0x1ffec557fffffe8: 0000 [#1] SMP PTI [ 175.264275][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: syz.0.104 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(none) [ 175.276428][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 175.287255][ T5913] RIP: 0010:kfree+0xf2/0xec0 [ 175.292496][ T5913] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 175.313712][ T5913] RSP: 0018:ffff8881178039f8 EFLAGS: 00010246 [ 175.320201][ T5913] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 175.328751][ T5913] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01ffec557fffffe8 [ 175.337768][ T5913] RBP: ffff888117803aa0 R08: ffffea000000000f R09: 0000000000000000 [ 175.346548][ T5913] R10: ffff888119f22c20 R11: 0000000000000000 R12: 0000000000000000 [ 175.355299][ T5913] R13: 0000000000000000 R14: 0000000000000000 R15: 020002557fffffe0 [ 175.363645][ T5913] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 175.372743][ T5913] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 175.380024][ T5913] CR2: 00000000ffcd6f3c CR3: 000000012e054000 CR4: 00000000003526f0 [ 175.388434][ T5913] Call Trace: [ 175.391985][ T5913] [ 175.395496][ T5913] ? vhost_dev_cleanup+0x74d/0xf20 [ 175.401141][ T5913] ? kmsan_get_metadata+0xfb/0x160 [ 175.406498][ T5913] vhost_dev_cleanup+0x74d/0xf20 [ 175.411688][ T5913] vhost_vsock_dev_release+0x789/0x850 [ 175.417637][ T5913] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 175.424006][ T5913] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 175.430072][ T5913] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 175.436390][ T5913] __fput+0x60b/0x1040 [ 175.441047][ T5913] ? __pfx_____fput+0x10/0x10 [ 175.445994][ T5913] ____fput+0x25/0x30 [ 175.450320][ T5913] task_work_run+0x209/0x2b0 [ 175.455324][ T5913] do_exit+0x99d/0x3d50 [ 175.460173][ T5913] ? kmsan_get_metadata+0xfb/0x160 [ 175.465674][ T5913] do_group_exit+0x259/0x390 [ 175.471033][ T5913] __ia32_sys_exit_group+0x35/0x40 [ 175.476394][ T5913] ia32_sys_call+0x4302/0x4310 [ 175.481372][ T5913] __do_fast_syscall_32+0xb0/0x150 [ 175.487076][ T5913] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 175.493029][ T5913] do_fast_syscall_32+0x38/0x80 [ 175.498134][ T5913] do_SYSENTER_32+0x1f/0x30 [ 175.502943][ T5913] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.509485][ T5913] RIP: 0023:0xf7ff5539 [ 175.513868][ T5913] Code: Unable to access opcode bytes at 0xf7ff550f. [ 175.521366][ T5913] RSP: 002b:00000000ff86da4c EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 175.530346][ T5913] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 175.538647][ T5913] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7484ff4 [ 175.546902][ T5913] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 175.555576][ T5913] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 175.564361][ T5913] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.572625][ T5913] [ 175.575777][ T5913] Modules linked in: [ 175.582241][ T5913] ---[ end trace 0000000000000000 ]--- [ 175.588016][ T5913] RIP: 0010:kfree+0xf2/0xec0 [ 175.593094][ T5913] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 175.613323][ T5913] RSP: 0018:ffff8881178039f8 EFLAGS: 00010246 [ 175.619980][ T5913] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 175.629059][ T5913] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01ffec557fffffe8 [ 175.637770][ T5913] RBP: ffff888117803aa0 R08: ffffea000000000f R09: 0000000000000000 SYZFAIL: failed to send rpc fd=3 want=160 sent=0 n=-1 (errno 32: Broken pipe) [ 175.648396][ T5913] R10: ffff888119f22c20 R11: 0000000000000000 R12: 0000000000000000 [ 175.659302][ T5913] R13: 0000000000000000 R14: 0000000000000000 R15: 020002557fffffe0 [ 175.668087][ T5913] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 175.678169][ T5913] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 175.685554][ T5913] CR2: 00000000ffcd6f3c CR3: 000000012e054000 CR4: 00000000003526f0 [ 175.701090][ T5913] Kernel panic - not syncing: Fatal exception [ 175.707883][ T5913] Kernel Offset: disabled [ 175.712435][ T5913] Rebooting in 86400 seconds..