last executing test programs:

1.343402069s ago: executing program 0 (id=111):
signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

1.258413123s ago: executing program 0 (id=115):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa', 0x800, 0x0)

1.150990925s ago: executing program 0 (id=120):
socket$inet6_dccp(0xa, 0x6, 0x0)

620.577546ms ago: executing program 1 (id=140):
socket$inet6_mptcp(0xa, 0x1, 0x106)

617.885857ms ago: executing program 2 (id=141):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3', 0x800, 0x0)

559.735868ms ago: executing program 3 (id=142):
unlink(&(0x7f0000000000))

559.257226ms ago: executing program 4 (id=143):
execveat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

542.609234ms ago: executing program 3 (id=144):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/register', 0x1, 0x0)

507.922114ms ago: executing program 1 (id=145):
readahead(0xffffffffffffffff, 0x0, 0x0)

447.767344ms ago: executing program 4 (id=146):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/load', 0x2, 0x0)

447.381303ms ago: executing program 2 (id=147):
socket$can_bcm(0x1d, 0x2, 0x2)

447.184244ms ago: executing program 3 (id=148):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current', 0x2, 0x0)

426.744831ms ago: executing program 1 (id=149):
inotify_rm_watch(0xffffffffffffffff, 0x0)

410.191889ms ago: executing program 4 (id=150):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/userio', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio', 0x800, 0x0)

316.460516ms ago: executing program 2 (id=151):
syz_init_net_socket$ax25(0x3, 0x2, 0x0)

316.19563ms ago: executing program 3 (id=152):
socket$can_j1939(0x1d, 0x2, 0x7)

315.970555ms ago: executing program 0 (id=153):
syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$mouse(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$mouse(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$mouse(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$mouse(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$mouse(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$mouse(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$mouse(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$mouse(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$mouse(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$mouse(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$mouse(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$mouse(&(0x7f0000000500), 0x4, 0x800)

315.741819ms ago: executing program 1 (id=154):
syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000140), 0xa, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000180), 0xa, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xa, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0xa, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000240), 0x14, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000280), 0x14, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x14, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x14, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1e, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1e, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1e, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1e, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x28, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000480), 0x28, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x28, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000500), 0x28, 0x800)

292.569292ms ago: executing program 4 (id=155):
socket$caif_stream(0x25, 0x1, 0x0)

259.727195ms ago: executing program 2 (id=156):
syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x800)

167.216488ms ago: executing program 3 (id=157):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0)

167.041468ms ago: executing program 4 (id=158):
socket$vsock_dgram(0x28, 0x2, 0x0)

166.845548ms ago: executing program 1 (id=159):
shmget(0xffffffffffffffff, 0x0, 0x0, 0x0)

153.792136ms ago: executing program 0 (id=160):
setgroups(0x0, &(0x7f0000000000))

126.944031ms ago: executing program 2 (id=161):
syz_open_dev$hiddev(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$hiddev(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$hiddev(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$hiddev(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$hiddev(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$hiddev(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$hiddev(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$hiddev(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$hiddev(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$hiddev(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$hiddev(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$hiddev(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$hiddev(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$hiddev(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$hiddev(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$hiddev(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$hiddev(&(0x7f0000000500), 0x4, 0x800)

32.028954ms ago: executing program 3 (id=162):
recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0)

31.795377ms ago: executing program 4 (id=163):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0)

31.706601ms ago: executing program 1 (id=164):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/random', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/random', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/random', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/random', 0x800, 0x0)

26.360366ms ago: executing program 0 (id=165):
umount2(&(0x7f0000000000), 0x0)

0s ago: executing program 2 (id=166):
socket$key(0xf, 0x3, 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.48' (ED25519) to the list of known hosts.
[  171.511307][ T5793] cgroup: Unknown subsys name 'net'
[  171.656778][ T5793] cgroup: Unknown subsys name 'cpuset'
[  171.673045][ T5793] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  177.377953][ T5793] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  184.397418][ T5985] Oops: general protection fault, probably for non-canonical address 0x1ffec53b4233be8: 0000 [#1] SMP PTI
[  184.409100][ T5985] CPU: 1 UID: 0 PID: 5985 Comm: syz.4.163 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(none) 
[  184.420889][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  184.431236][ T5985] RIP: 0010:kfree+0xf2/0xec0
[  184.436134][ T5985] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89
[  184.456055][ T5985] RSP: 0018:ffff88812ed3fa68 EFLAGS: 00010246
[  184.462392][ T5985] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  184.470535][ T5985] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 01ffec53b4233be8
[  184.478674][ T5985] RBP: ffff88812ed3fb10 R08: ffffea000000000f R09: 0000000000000000
[  184.486812][ T5985] R10: ffff88811a942c20 R11: 0000000000000000 R12: 0000000000000000
[  184.494947][ T5985] R13: 0000000000000000 R14: 0000000000000000 R15: 02000253b4233be0
[  184.503084][ T5985] FS:  0000000000000000(0000) GS:ffff8881aa9a1000(0000) knlGS:0000000000000000
[  184.512186][ T5985] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.519023][ T5985] CR2: 0000001b2ea5ffff CR3: 0000000125fea000 CR4: 00000000003526f0
[  184.527333][ T5985] Call Trace:
[  184.530723][ T5985]  <TASK>
[  184.533777][ T5985]  ? vhost_dev_cleanup+0x74d/0xf20
[  184.539155][ T5985]  ? kmsan_get_metadata+0xfb/0x160
[  184.544492][ T5985]  vhost_dev_cleanup+0x74d/0xf20
[  184.549691][ T5985]  ? __pfx_vhost_net_release+0x10/0x10
[  184.555341][ T5985]  vhost_net_release+0x18f/0x930
[  184.560486][ T5985]  ? __pfx_vhost_net_release+0x10/0x10
[  184.566156][ T5985]  __fput+0x608/0x1040
[  184.570471][ T5985]  ? __pfx_____fput+0x10/0x10
[  184.575349][ T5985]  ____fput+0x25/0x30
[  184.579510][ T5985]  task_work_run+0x209/0x2b0
[  184.584320][ T5985]  do_exit+0x99d/0x3d50
[  184.588693][ T5985]  ? kmsan_get_metadata+0xfb/0x160
[  184.594056][ T5985]  do_group_exit+0x259/0x390
[  184.598896][ T5985]  __x64_sys_exit_group+0x35/0x40
[  184.604162][ T5985]  x64_sys_call+0x3e1a/0x3e20
[  184.609163][ T5985]  do_syscall_64+0xd9/0x210
[  184.613856][ T5985]  ? irqentry_exit+0x16/0x60
[  184.618682][ T5985]  ? clear_bhb_loop+0x40/0x90
[  184.623566][ T5985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.629659][ T5985] RIP: 0033:0x7f69e0b8eb69
[  184.634288][ T5985] Code: Unable to access opcode bytes at 0x7f69e0b8eb3f.
[  184.641434][ T5985] RSP: 002b:00007ffecd15da48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  184.650072][ T5985] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f69e0b8eb69
[  184.658201][ T5985] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: 0000000000000000
[  184.666352][ T5985] RBP: 00007ffecd15daac R08: 0000000000000001 R09: 00000000000927c0
[  184.674476][ T5985] R10: 00007f69e0a00000 R11: 0000000000000246 R12: 000000000000001f
[  184.682603][ T5985] R13: 00000000000927c0 R14: 000000000002cfa7 R15: 00007ffecd15db00
[  184.690763][ T5985]  </TASK>
[  184.693893][ T5985] Modules linked in:
[  184.699953][ T5985] ---[ end trace 0000000000000000 ]---
[  184.705576][ T5985] RIP: 0010:kfree+0xf2/0xec0
[  184.713464][ T5985] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89
[  184.733910][ T5985] RSP: 0018:ffff88812ed3fa68 EFLAGS: 00010246
[  184.740429][ T5985] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  184.748746][ T5985] RDX: ffff888220112408 RSI: 0000000000000000 RDI: 01ffec53b4233be8
[  184.757203][ T5985] RBP: ffff88812ed3fb10 R08: ffffea000000000f R09: 0000000000000000
[  184.765372][ T5985] R10: ffff88811a942c20 R11: 0000000000000000 R12: 0000000000000000
[  184.773673][ T5985] R13: 0000000000000000 R14: 0000000000000000 R15: 02000253b4233be0
[  184.781957][ T5985] FS:  0000000000000000(0000) GS:ffff8881aa9a1000(0000) knlGS:0000000000000000
[  184.791250][ T5985] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.798200][ T5985] CR2: 0000001b2ea5ffff CR3: 0000000125fea000 CR4: 00000000003526f0
[  184.806508][ T5985] Kernel panic - not syncing: Fatal exception
[  184.813055][ T5985] Kernel Offset: disabled
[  184.817570][ T5985] Rebooting in 86400 seconds..