last executing test programs: 1.533159464s ago: executing program 1 (id=49): rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000000)) 1.451046236s ago: executing program 1 (id=53): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 549.594898ms ago: executing program 3 (id=92): accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 549.460166ms ago: executing program 4 (id=93): munmap(0x0, 0x0) 518.161122ms ago: executing program 3 (id=96): brk(0x0) 438.337809ms ago: executing program 4 (id=97): fchmod(0xffffffffffffffff, 0x0) 437.764746ms ago: executing program 3 (id=99): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 431.944158ms ago: executing program 2 (id=100): add_key(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x0) 380.475684ms ago: executing program 0 (id=101): vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 330.022789ms ago: executing program 4 (id=102): pipe2(&(0x7f0000000000), 0x0) 329.750735ms ago: executing program 3 (id=103): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/irnet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/irnet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/irnet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/irnet', 0x800, 0x0) 329.507663ms ago: executing program 1 (id=104): syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$mouse(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$mouse(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$mouse(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$mouse(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$mouse(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$mouse(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$mouse(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$mouse(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$mouse(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$mouse(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$mouse(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$mouse(&(0x7f0000000500), 0x4, 0x800) 313.271968ms ago: executing program 2 (id=105): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run', 0x1, 0x0) 297.626159ms ago: executing program 3 (id=106): waitid(0x0, 0x0, 0x0, 0x0, 0x0) 213.473422ms ago: executing program 0 (id=107): kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 213.192975ms ago: executing program 4 (id=108): mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000), 0x0) 212.933879ms ago: executing program 1 (id=109): inotify_init() 212.852766ms ago: executing program 2 (id=110): openat2(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 212.538378ms ago: executing program 0 (id=111): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 160.9136ms ago: executing program 0 (id=112): syz_init_net_socket$llc(0x1a, 0x1, 0x0) 152.631336ms ago: executing program 1 (id=113): alarm(0x0) 93.945627ms ago: executing program 3 (id=114): fsopen(&(0x7f0000000000), 0x0) 93.598278ms ago: executing program 4 (id=115): fdatasync(0xffffffffffffffff) 93.446388ms ago: executing program 2 (id=116): getuid() 87.065978ms ago: executing program 1 (id=117): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 76.56735ms ago: executing program 2 (id=118): socket$vsock_stream(0x28, 0x1, 0x0) 13.741321ms ago: executing program 0 (id=119): socket$nl_rdma(0x10, 0x3, 0x14) 13.517485ms ago: executing program 4 (id=120): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb1', 0x800, 0x0) 13.435445ms ago: executing program 2 (id=121): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vndbinder', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vndbinder', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vndbinder', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vndbinder', 0x800, 0x0) 0s ago: executing program 0 (id=122): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts. [ 152.684903][ T5786] cgroup: Unknown subsys name 'net' [ 152.831524][ T5786] cgroup: Unknown subsys name 'cpuset' [ 152.846744][ T5786] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 157.958419][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 157.965152][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 158.288132][ T5786] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 162.428581][ T5867] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 163.878803][ T5933] Oops: general protection fault, probably for non-canonical address 0x245dd32da003198: 0000 [#1] SMP PTI [ 163.890442][ T5933] CPU: 1 UID: 0 PID: 5933 Comm: syz.1.117 Not tainted 6.16.0-syzkaller-11364-g3c4a063b1f8a #0 PREEMPT(none) [ 163.902481][ T5933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 163.912715][ T5933] RIP: 0010:kfree+0xf2/0xec0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 163.917553][ T5933] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 163.937492][ T5933] RSP: 0018:ffff88812e0a3a38 EFLAGS: 00010246 [ 163.943778][ T5933] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 163.952180][ T5933] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 0245dd32da003198 [ 163.960586][ T5933] RBP: ffff88812e0a3ae0 R08: ffffea000000000f R09: 0000000000000000 [ 163.968731][ T5933] R10: ffff8881313f2c20 R11: 0000000000000000 R12: 0000000000000000 [ 163.977126][ T5933] R13: 0000000000000000 R14: 0000000000000000 R15: 0245f332da003190 [ 163.985281][ T5933] FS: 0000000000000000(0000) GS:ffff8881aa9a1000(0000) knlGS:0000000000000000 [ 163.994420][ T5933] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 164.001181][ T5933] CR2: 00000000f7310b00 CR3: 0000000012466000 CR4: 00000000003526f0 [ 164.009361][ T5933] Call Trace: [ 164.012768][ T5933] [ 164.015817][ T5933] ? vhost_dev_cleanup+0x74d/0xf20 [ 164.021190][ T5933] ? kmsan_get_metadata+0xfb/0x160 [ 164.026716][ T5933] vhost_dev_cleanup+0x74d/0xf20 [ 164.031920][ T5933] ? __pfx_vhost_net_release+0x10/0x10 [ 164.037671][ T5933] vhost_net_release+0x18f/0x930 [ 164.042825][ T5933] ? __pfx_vhost_net_release+0x10/0x10 [ 164.048465][ T5933] __fput+0x608/0x1040 [ 164.052810][ T5933] ? __pfx_____fput+0x10/0x10 [ 164.057649][ T5933] ____fput+0x25/0x30 [ 164.061953][ T5933] task_work_run+0x209/0x2b0 [ 164.066723][ T5933] do_exit+0x99d/0x3d50 [ 164.071042][ T5933] ? kmsan_get_metadata+0xfb/0x160 [ 164.076358][ T5933] do_group_exit+0x259/0x390 [ 164.081140][ T5933] __ia32_sys_exit_group+0x35/0x40 [ 164.086454][ T5933] ia32_sys_call+0x4302/0x4310 [ 164.091387][ T5933] __do_fast_syscall_32+0xb0/0x150 [ 164.096922][ T5933] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 164.102850][ T5933] do_fast_syscall_32+0x38/0x80 [ 164.107941][ T5933] do_SYSENTER_32+0x1f/0x30 [ 164.112686][ T5933] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 164.119209][ T5933] RIP: 0023:0xf7f64539 [ 164.123427][ T5933] Code: Unable to access opcode bytes at 0xf7f6450f. [ 164.130200][ T5933] RSP: 002b:00000000ffcd8fcc EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 164.138979][ T5933] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 164.147082][ T5933] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f73f4ff4 [ 164.155189][ T5933] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 164.163279][ T5933] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 164.171484][ T5933] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 164.179800][ T5933] [ 164.182922][ T5933] Modules linked in: [ 164.188008][ T5933] ---[ end trace 0000000000000000 ]--- [ 164.195035][ T5933] RIP: 0010:kfree+0xf2/0xec0 [ 164.199939][ T5933] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 164.220014][ T5933] RSP: 0018:ffff88812e0a3a38 EFLAGS: 00010246 [ 164.226495][ T5933] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 164.234716][ T5933] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 0245dd32da003198 [ 164.242960][ T5933] RBP: ffff88812e0a3ae0 R08: ffffea000000000f R09: 0000000000000000 [ 164.251094][ T5933] R10: ffff8881313f2c20 R11: 0000000000000000 R12: 0000000000000000 [ 164.259392][ T5933] R13: 0000000000000000 R14: 0000000000000000 R15: 0245f332da003190 [ 164.267752][ T5933] FS: 0000000000000000(0000) GS:ffff8881aa9a1000(0000) knlGS:0000000000000000 [ 164.277251][ T5933] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 164.284089][ T5933] CR2: 00000000f7310b00 CR3: 0000000012466000 CR4: 00000000003526f0 [ 164.292496][ T5933] Kernel panic - not syncing: Fatal exception [ 164.299101][ T5933] Kernel Offset: disabled [ 164.303512][ T5933] Rebooting in 86400 seconds..