last executing test programs: 2.324249061s ago: executing program 2 (id=93): socket$vsock_stream(0x28, 0x1, 0x0) 2.253648724s ago: executing program 1 (id=95): lsm_get_self_attr(0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.19652146s ago: executing program 2 (id=97): get_thread_area(&(0x7f0000000000)) 2.150867363s ago: executing program 1 (id=100): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy', 0x0, 0x0) 2.029157661s ago: executing program 2 (id=102): mknod(&(0x7f0000000000), 0x0, 0x0) 2.028908058s ago: executing program 1 (id=103): request_key(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 1.98975936s ago: executing program 2 (id=107): setgid(0x0) 1.871264793s ago: executing program 1 (id=109): getpgid(0x0) 1.789048374s ago: executing program 2 (id=112): chown(&(0x7f0000000000), 0x0, 0x0) 1.788798342s ago: executing program 1 (id=114): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1', 0x800, 0x0) 1.704550737s ago: executing program 2 (id=116): syz_open_dev$audion(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$audion(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$audion(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$audion(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$audion(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$audion(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$audion(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$audion(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$audion(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$audion(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$audion(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$audion(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$audion(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$audion(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$audion(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$audion(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$audion(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$audion(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$audion(&(0x7f0000000500), 0x4, 0x800) 839.846398ms ago: executing program 3 (id=141): mremap(0x0, 0x0, 0x0, 0x0, 0x0) 794.256948ms ago: executing program 3 (id=143): sched_setaffinity(0x0, 0x0, &(0x7f0000000000)) 710.037178ms ago: executing program 3 (id=145): socket$hf(0x13, 0x2, 0x0) 688.032429ms ago: executing program 0 (id=146): socket$inet_tcp(0x2, 0x1, 0x0) 624.676113ms ago: executing program 4 (id=147): kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 595.567398ms ago: executing program 0 (id=148): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/onlycap', 0x2, 0x0) 584.34114ms ago: executing program 4 (id=149): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats', 0x0, 0x0) 423.910664ms ago: executing program 4 (id=150): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mali0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mali0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mali0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mali0', 0x800, 0x0) 423.770602ms ago: executing program 0 (id=151): tgkill(0x0, 0x0, 0x0) 379.668236ms ago: executing program 3 (id=152): socket$inet_udplite(0x2, 0x2, 0x88) 326.935831ms ago: executing program 0 (id=153): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l/by-path/platform-soc@0:qcom_cam-req-mgr-video-index0', 0x2, 0x0) 259.520271ms ago: executing program 4 (id=154): prlimit64(0x0, 0x0, 0x0, 0x0) 223.472307ms ago: executing program 3 (id=155): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control', 0x800, 0x0) 208.018137ms ago: executing program 0 (id=156): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/socket/zygote', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/socket/zygote', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/socket/zygote', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/socket/zygote', 0x800, 0x0) 148.108782ms ago: executing program 4 (id=157): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/mac80211_hwsim/', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/mac80211_hwsim/', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/mac80211_hwsim/', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/mac80211_hwsim/', 0x800, 0x0) 84.192064ms ago: executing program 4 (id=158): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 56.76758ms ago: executing program 3 (id=159): getpgrp(0x0) 318.539µs ago: executing program 0 (id=160): pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=161): removexattr(&(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. [ 198.426318][ T5794] cgroup: Unknown subsys name 'net' [ 198.559864][ T5794] cgroup: Unknown subsys name 'cpuset' [ 198.580129][ T5794] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 205.180785][ T5794] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 209.050362][ T5822] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 213.233769][ T5973] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 213.562049][ T5979] Oops: general protection fault, probably for non-canonical address 0x1fe2050e40f4098: 0000 [#1] SMP PTI [ 213.573671][ T5979] CPU: 0 UID: 0 PID: 5979 Comm: syz.4.158 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(none) [ 213.585494][ T5979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 213.595786][ T5979] RIP: 0010:kfree+0xf2/0xec0 [ 213.600730][ T5979] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 213.620627][ T5979] RSP: 0018:ffff88812e2979f8 EFLAGS: 00010246 [ 213.627000][ T5979] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 213.635279][ T5979] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01fe2050e40f4098 [ 213.643463][ T5979] RBP: ffff88812e297aa0 R08: ffffea000000000f R09: 0000000000000000 [ 213.651657][ T5979] R10: ffff888117a64ce0 R11: 0000000000000000 R12: 0000000000000000 [ 213.659838][ T5979] R13: 0000000000000000 R14: 0000000000000000 R15: 01fe3650e40f4090 [ 213.668027][ T5979] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 213.677200][ T5979] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 213.683975][ T5979] CR2: 00000000f73e2000 CR3: 0000000118564000 CR4: 00000000003526f0 [ 213.692145][ T5979] Call Trace: [ 213.695558][ T5979] [ 213.698631][ T5979] ? vhost_dev_cleanup+0x74d/0xf20 [ 213.703996][ T5979] ? kmsan_get_metadata+0xfb/0x160 [ 213.709367][ T5979] vhost_dev_cleanup+0x74d/0xf20 [ 213.714547][ T5979] vhost_vsock_dev_release+0x789/0x850 [ 213.720350][ T5979] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 213.726584][ T5979] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 213.732638][ T5979] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 213.738875][ T5979] __fput+0x60b/0x1040 [ 213.743190][ T5979] ? __pfx_____fput+0x10/0x10 [ 213.748093][ T5979] ____fput+0x25/0x30 [ 213.752279][ T5979] task_work_run+0x209/0x2b0 [ 213.757117][ T5979] do_exit+0x99d/0x3d50 [ 213.761548][ T5979] ? kmsan_get_metadata+0xfb/0x160 [ 213.766934][ T5979] do_group_exit+0x259/0x390 [ 213.771797][ T5979] __ia32_sys_exit_group+0x35/0x40 [ 213.777183][ T5979] ia32_sys_call+0x4302/0x4310 [ 213.782249][ T5979] __do_fast_syscall_32+0xb0/0x150 [ 213.787627][ T5979] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 213.793613][ T5979] do_fast_syscall_32+0x38/0x80 [ 213.798705][ T5979] do_SYSENTER_32+0x1f/0x30 [ 213.803437][ T5979] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.810038][ T5979] RIP: 0023:0xf710e539 [ 213.814445][ T5979] Code: Unable to access opcode bytes at 0xf710e50f. [ 213.821361][ T5979] RSP: 002b:00000000ffdf049c EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 213.830018][ T5979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 213.838201][ T5979] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7474ff4 [ 213.846462][ T5979] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 213.854786][ T5979] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 213.862928][ T5979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 213.871285][ T5979] [ 213.874462][ T5979] Modules linked in: [ 213.881696][ T5979] ---[ end trace 0000000000000000 ]--- [ 213.887406][ T5979] RIP: 0010:kfree+0xf2/0xec0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 213.895472][ T5979] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 213.915720][ T5979] RSP: 0018:ffff88812e2979f8 EFLAGS: 00010246 [ 213.922198][ T5979] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 213.930501][ T5979] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01fe2050e40f4098 [ 213.938910][ T5979] RBP: ffff88812e297aa0 R08: ffffea000000000f R09: 0000000000000000 [ 213.947170][ T5979] R10: ffff888117a64ce0 R11: 0000000000000000 R12: 0000000000000000 [ 213.955602][ T5979] R13: 0000000000000000 R14: 0000000000000000 R15: 01fe3650e40f4090 [ 213.963935][ T5979] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 213.973332][ T5979] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 213.980307][ T5979] CR2: 00000000f73e2000 CR3: 0000000012666000 CR4: 00000000003526f0 [ 213.988742][ T5979] Kernel panic - not syncing: Fatal exception [ 213.995390][ T5979] Kernel Offset: disabled [ 214.000036][ T5979] Rebooting in 86400 seconds..