last executing test programs: 551.546068ms ago: executing program 4 (id=48): capset(&(0x7f0000000000), &(0x7f0000000000)) 551.049169ms ago: executing program 3 (id=50): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 519.170484ms ago: executing program 2 (id=52): open(&(0x7f0000000000), 0x0, 0x0) 501.527334ms ago: executing program 0 (id=53): read(0xffffffffffffffff, &(0x7f0000000000), 0x0) 447.994373ms ago: executing program 3 (id=54): connect(0xffffffffffffffff, &(0x7f0000000000), 0x0) 447.787885ms ago: executing program 4 (id=55): mq_notify(0xffffffffffffffff, &(0x7f0000000000)) 447.637287ms ago: executing program 1 (id=56): getrlimit(0x0, &(0x7f0000000000)) 435.305464ms ago: executing program 2 (id=57): io_uring_setup(0x0, &(0x7f0000000000)) 419.112777ms ago: executing program 0 (id=58): keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000), 0x0) 360.042921ms ago: executing program 1 (id=59): add_key(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x0) 352.018954ms ago: executing program 3 (id=60): fsetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 349.472915ms ago: executing program 4 (id=61): getxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 287.665132ms ago: executing program 1 (id=62): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/schemes', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/schemes', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/schemes', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/schemes', 0x800, 0x0) 287.396947ms ago: executing program 0 (id=63): mq_unlink(&(0x7f0000000000)) 287.281802ms ago: executing program 2 (id=64): getdents(0xffffffffffffffff, &(0x7f0000000000), 0x0) 265.932988ms ago: executing program 1 (id=65): landlock_create_ruleset(&(0x7f0000000000), 0x0, 0x0) 262.914614ms ago: executing program 2 (id=66): shmget(0xffffffffffffffff, 0x0, 0x0, 0x0) 262.467262ms ago: executing program 4 (id=67): syz_open_dev$dmmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$dmmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$dmmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$dmmidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$dmmidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$dmmidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$dmmidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$dmmidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$dmmidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$dmmidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$dmmidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$dmmidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$dmmidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$dmmidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$dmmidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$dmmidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$dmmidi(&(0x7f0000000500), 0x4, 0x800) 231.47961ms ago: executing program 3 (id=68): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 179.82119ms ago: executing program 0 (id=69): syz_open_dev$rtc(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$rtc(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$rtc(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$rtc(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$rtc(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$rtc(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$rtc(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$rtc(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$rtc(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$rtc(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$rtc(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$rtc(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$rtc(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$rtc(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$rtc(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$rtc(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$rtc(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$rtc(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$rtc(&(0x7f0000000500), 0x4, 0x800) 179.556414ms ago: executing program 2 (id=70): get_thread_area(&(0x7f0000000000)) 161.125855ms ago: executing program 1 (id=71): dup(0xffffffffffffffff) 148.069569ms ago: executing program 4 (id=72): setregid(0x0, 0x0) 88.222299ms ago: executing program 0 (id=73): membarrier(0x0, 0x0) 87.990145ms ago: executing program 3 (id=74): timer_gettime(0x0, &(0x7f0000000000)) 79.038815ms ago: executing program 2 (id=75): socket$inet_dccp(0x2, 0x6, 0x0) 75.072516ms ago: executing program 4 (id=76): renameat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000)) 336.881µs ago: executing program 0 (id=77): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock', 0x800, 0x0) 50.83µs ago: executing program 1 (id=78): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/raw-gadget', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/raw-gadget', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/raw-gadget', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/raw-gadget', 0x800, 0x0) 0s ago: executing program 3 (id=79): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.233' (ED25519) to the list of known hosts. [ 162.662997][ T5793] cgroup: Unknown subsys name 'net' [ 162.794873][ T5793] cgroup: Unknown subsys name 'cpuset' [ 162.808996][ T5793] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 168.433511][ T5793] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 173.456759][ T5901] Oops: general protection fault, probably for non-canonical address 0x119ec557fffffe8: 0000 [#1] SMP PTI [ 173.468333][ T5901] CPU: 1 UID: 0 PID: 5901 Comm: syz.3.79 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(none) [ 173.480025][ T5901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 173.490275][ T5901] RIP: 0010:kfree+0xf2/0xec0 [ 173.495152][ T5901] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 173.514984][ T5901] RSP: 0018:ffff88812d673a28 EFLAGS: 00010246 [ 173.521302][ T5901] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 173.529461][ T5901] RDX: ffff888220111408 RSI: 0000000000000000 RDI: 0119ec557fffffe8 [ 173.537716][ T5901] RBP: ffff88812d673ad0 R08: ffffea000000000f R09: 0000000000000000 [ 173.545893][ T5901] R10: ffff8881156eac20 R11: 0000000000000000 R12: 0000000000000000 [ 173.554036][ T5901] R13: 0000000000000000 R14: 0000000000000000 R15: 011a02557fffffe0 [ 173.562161][ T5901] FS: 0000000000000000(0000) GS:ffff8881aa9a0000(0000) knlGS:0000000000000000 [ 173.571258][ T5901] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 173.577985][ T5901] CR2: 000055557b5454a8 CR3: 00000001191ce000 CR4: 00000000003526f0 [ 173.586204][ T5901] Call Trace: [ 173.589625][ T5901] [ 173.592666][ T5901] ? vhost_dev_cleanup+0x74d/0xf20 [ 173.598040][ T5901] ? kmsan_get_metadata+0xfb/0x160 [ 173.603363][ T5901] vhost_dev_cleanup+0x74d/0xf20 [ 173.608548][ T5901] vhost_vsock_dev_release+0x789/0x850 [ 173.614212][ T5901] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 173.620386][ T5901] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 173.626410][ T5901] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 173.632589][ T5901] __fput+0x60b/0x1040 [ 173.636861][ T5901] ? __pfx_____fput+0x10/0x10 [ 173.641712][ T5901] ____fput+0x25/0x30 [ 173.645865][ T5901] task_work_run+0x209/0x2b0 [ 173.650661][ T5901] do_exit+0x99d/0x3d50 [ 173.655108][ T5901] ? kmsan_get_metadata+0xfb/0x160 [ 173.660446][ T5901] do_group_exit+0x259/0x390 [ 173.665267][ T5901] __x64_sys_exit_group+0x35/0x40 [ 173.670497][ T5901] x64_sys_call+0x3e1a/0x3e20 [ 173.675417][ T5901] do_syscall_64+0xd9/0x210 [ 173.680096][ T5901] ? irqentry_exit+0x16/0x60 [ 173.684904][ T5901] ? clear_bhb_loop+0x40/0x90 [ 173.689775][ T5901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.695867][ T5901] RIP: 0033:0x7fd19ad8eb69 [ 173.700455][ T5901] Code: Unable to access opcode bytes at 0x7fd19ad8eb3f. [ 173.707611][ T5901] RSP: 002b:00007ffe80eecdc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 173.716236][ T5901] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd19ad8eb69 [ 173.724398][ T5901] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: 0000000000000000 [ 173.732533][ T5901] RBP: 00007ffe80eece2c R08: 0000000000000001 R09: 00000000000927c0 [ 173.740650][ T5901] R10: 00007fd19ac00000 R11: 0000000000000246 R12: 0000000000000008 [ 173.748764][ T5901] R13: 00000000000927c0 R14: 000000000002a513 R15: 00007ffe80eece80 [ 173.756914][ T5901] [ 173.760042][ T5901] Modules linked in: [ 173.765281][ T5901] ---[ end trace 0000000000000000 ]--- [ 173.773822][ T5901] RIP: 0010:kfree+0xf2/0xec0 [ 173.778711][ T5901] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 173.798737][ T5901] RSP: 0018:ffff88812d673a28 EFLAGS: 00010246 [ 173.805150][ T5901] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 173.813408][ T5901] RDX: ffff888220111408 RSI: 0000000000000000 RDI: 0119ec557fffffe8 [ 173.821699][ T5901] RBP: ffff88812d673ad0 R08: ffffea000000000f R09: 0000000000000000 [ 173.829966][ T5901] R10: ffff8881156eac20 R11: 0000000000000000 R12: 0000000000000000 [ 173.838143][ T5901] R13: 0000000000000000 R14: 0000000000000000 R15: 011a02557fffffe0 [ 173.846436][ T5901] FS: 0000000000000000(0000) GS:ffff8881aa9a0000(0000) knlGS:0000000000000000 [ 173.856104][ T5901] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 173.862990][ T5901] CR2: 000055557b5454a8 CR3: 00000001191ce000 CR4: 00000000003526f0 [ 173.871300][ T5901] Kernel panic - not syncing: Fatal exception [ 173.881648][ T5901] Kernel Offset: disabled [ 173.886087][ T5901] Rebooting in 86400 seconds..