last executing test programs: 558.999623ms ago: executing program 0 (id=39): syz_open_dev$dmmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$dmmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$dmmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$dmmidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$dmmidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$dmmidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$dmmidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$dmmidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$dmmidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$dmmidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$dmmidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$dmmidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$dmmidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$dmmidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$dmmidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$dmmidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$dmmidi(&(0x7f0000000500), 0x4, 0x800) 554.30234ms ago: executing program 2 (id=41): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/user', 0x2, 0x0) 541.071734ms ago: executing program 3 (id=42): fstatat64(0xffffff9c, &(0x7f0000000000), &(0x7f0000000000), 0x0) 450.792014ms ago: executing program 1 (id=43): read(0xffffffffffffffff, &(0x7f0000000000), 0x0) 450.502482ms ago: executing program 2 (id=45): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero', 0x800, 0x0) 450.297179ms ago: executing program 0 (id=46): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) 450.2329ms ago: executing program 3 (id=47): sysfs$1(0x1, &(0x7f0000000000)) 426.700588ms ago: executing program 4 (id=48): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full', 0x800, 0x0) 399.778327ms ago: executing program 1 (id=49): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 334.896049ms ago: executing program 2 (id=50): syz_open_dev$usbfs(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x28, 0x800) 334.64598ms ago: executing program 3 (id=51): init_module(&(0x7f0000000000), 0x0, &(0x7f0000000000)) 334.556056ms ago: executing program 1 (id=52): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/renderD128', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128', 0x800, 0x0) 334.370369ms ago: executing program 0 (id=53): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tlk_device', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tlk_device', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tlk_device', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tlk_device', 0x800, 0x0) 317.805527ms ago: executing program 4 (id=54): socket$nl_generic(0x10, 0x3, 0x10) 276.05213ms ago: executing program 3 (id=55): socket$can_bcm(0x1d, 0x2, 0x2) 211.162404ms ago: executing program 2 (id=56): getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 210.948529ms ago: executing program 0 (id=57): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 210.701305ms ago: executing program 4 (id=58): faccessat2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 182.488301ms ago: executing program 1 (id=59): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0) 177.431316ms ago: executing program 3 (id=60): socket$caif_stream(0x25, 0x1, 0x0) 114.848824ms ago: executing program 2 (id=61): socket$inet6_udplite(0xa, 0x2, 0x88) 114.670302ms ago: executing program 0 (id=62): uname(&(0x7f0000000000)) 114.512231ms ago: executing program 4 (id=63): fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000000)) 97.794576ms ago: executing program 1 (id=64): shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 87.130585ms ago: executing program 4 (id=65): pwrite64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 23.275951ms ago: executing program 0 (id=66): semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000000)) 23.027385ms ago: executing program 3 (id=67): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 22.923139ms ago: executing program 1 (id=68): stat(&(0x7f0000000000), &(0x7f0000000000)) 13.206419ms ago: executing program 2 (id=69): close(0xffffffffffffffff) 0s ago: executing program 4 (id=70): socket$alg(0x26, 0x5, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts. [ 162.899746][ T5796] cgroup: Unknown subsys name 'net' [ 163.057520][ T5796] cgroup: Unknown subsys name 'cpuset' [ 163.072185][ T5796] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 168.724135][ T5796] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 173.534800][ T5885] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 173.680182][ T5890] Oops: general protection fault, probably for non-canonical address 0x1ef8e9a20f113f8: 0000 [#1] SMP PTI [ 173.692020][ T5890] CPU: 1 UID: 0 PID: 5890 Comm: syz.3.67 Not tainted 6.16.0-syzkaller-11752-g7881cd6886a8 #0 PREEMPT(none) [ 173.717429][ T5890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 173.728038][ T5890] RIP: 0010:kfree+0xf2/0xec0 [ 173.733261][ T5890] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 173.753186][ T5890] RSP: 0018:ffff88812e0aba38 EFLAGS: 00010246 [ 173.759511][ T5890] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 173.767666][ T5890] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01ef8e9a20f113f8 [ 173.775918][ T5890] RBP: ffff88812e0abae0 R08: ffffea000000000f R09: 0000000000000000 [ 173.784076][ T5890] R10: ffff888115442c20 R11: 0000000000000000 R12: 0000000000000000 [ 173.792236][ T5890] R13: 0000000000000000 R14: 0000000000000000 R15: 01efa49a20f113f0 [ 173.800394][ T5890] FS: 0000000000000000(0000) GS:ffff8881aa79a000(0000) knlGS:0000000000000000 [ 173.809614][ T5890] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 173.816373][ T5890] CR2: 00000000ffd3fc64 CR3: 0000000116124000 CR4: 00000000003526f0 [ 173.824545][ T5890] Call Trace: [ 173.827970][ T5890] [ 173.831048][ T5890] ? vhost_dev_cleanup+0x74d/0xf20 [ 173.836411][ T5890] ? kmsan_get_metadata+0xfb/0x160 [ 173.841784][ T5890] vhost_dev_cleanup+0x74d/0xf20 [ 173.846939][ T5890] ? __pfx_vhost_net_release+0x10/0x10 [ 173.852675][ T5890] vhost_net_release+0x18f/0x930 [ 173.857815][ T5890] ? __pfx_vhost_net_release+0x10/0x10 [ 173.863501][ T5890] __fput+0x60b/0x1040 [ 173.867777][ T5890] ? __pfx_____fput+0x10/0x10 [ 173.872650][ T5890] ____fput+0x25/0x30 [ 173.876793][ T5890] task_work_run+0x209/0x2b0 [ 173.881600][ T5890] do_exit+0x99d/0x3d50 [ 173.885963][ T5890] ? kmsan_get_metadata+0xfb/0x160 [ 173.891307][ T5890] do_group_exit+0x259/0x390 [ 173.896123][ T5890] __ia32_sys_exit_group+0x35/0x40 [ 173.901441][ T5890] ia32_sys_call+0x4302/0x4310 [ 173.906380][ T5890] __do_fast_syscall_32+0xb0/0x150 [ 173.911690][ T5890] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 173.917595][ T5890] do_fast_syscall_32+0x38/0x80 [ 173.922723][ T5890] do_SYSENTER_32+0x1f/0x30 [ 173.927425][ T5890] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 173.934054][ T5890] RIP: 0023:0xf7fe7539 [ 173.938278][ T5890] Code: Unable to access opcode bytes at 0xf7fe750f. [ 173.945067][ T5890] RSP: 002b:00000000ff89e07c EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 173.953694][ T5890] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 173.961813][ T5890] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7474ff4 [ 173.969936][ T5890] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 173.978261][ T5890] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 173.986388][ T5890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.994633][ T5890] [ 173.997773][ T5890] Modules linked in: [ 174.004223][ T5890] ---[ end trace 0000000000000000 ]--- [ 174.017187][ T5890] RIP: 0010:kfree+0xf2/0xec0 [ 174.022235][ T5890] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 174.042501][ T5890] RSP: 0018:ffff88812e0aba38 EFLAGS: 00010246 [ 174.048959][ T5890] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 174.057218][ T5890] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01ef8e9a20f113f8 [ 174.065646][ T5890] RBP: ffff88812e0abae0 R08: ffffea000000000f R09: 0000000000000000 [ 174.074030][ T5890] R10: ffff888115442c20 R11: 0000000000000000 R12: 0000000000000000 [ 174.082342][ T5890] R13: 0000000000000000 R14: 0000000000000000 R15: 01efa49a20f113f0 [ 174.090623][ T5890] FS: 0000000000000000(0000) GS:ffff8881aa79a000(0000) knlGS:0000000000000000 [ 174.100216][ T5890] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 174.106996][ T5890] CR2: 00000000ffd3fc64 CR3: 0000000012666000 CR4: 00000000003526f0 [ 174.115393][ T5890] Kernel panic - not syncing: Fatal exception [ 174.121933][ T5890] Kernel Offset: disabled [ 174.126442][ T5890] Rebooting in 86400 seconds..