last executing test programs: 2.339232031s ago: executing program 3 (id=245): recvmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 2.152104472s ago: executing program 3 (id=251): vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 2.096777406s ago: executing program 3 (id=254): setresuid(0x0, 0x0, 0x0) 1.871198854s ago: executing program 3 (id=261): munlockall() 1.833578762s ago: executing program 3 (id=264): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2', 0x800, 0x0) 1.624284204s ago: executing program 3 (id=272): pause() 1.220488032s ago: executing program 0 (id=287): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput', 0x800, 0x0) 1.083778457s ago: executing program 0 (id=291): socket$inet_mptcp(0x2, 0x1, 0x106) 960.910809ms ago: executing program 0 (id=295): sendfile64(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 900.876081ms ago: executing program 0 (id=300): utimes(&(0x7f0000000000), &(0x7f0000000000)) 805.602057ms ago: executing program 0 (id=302): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats', 0x0, 0x0) 684.439984ms ago: executing program 0 (id=307): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1', 0x800, 0x0) 616.267854ms ago: executing program 1 (id=309): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs', 0x800, 0x0) 610.433117ms ago: executing program 2 (id=310): membarrier(0x0, 0x0) 527.556323ms ago: executing program 2 (id=311): statfs(&(0x7f0000000000), &(0x7f0000000000)) 473.076775ms ago: executing program 4 (id=312): sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) 472.567621ms ago: executing program 1 (id=313): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/md0', 0x800, 0x0) 440.058544ms ago: executing program 4 (id=314): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter', 0x800, 0x0) 402.915485ms ago: executing program 2 (id=315): setfsuid(0x0) 328.523906ms ago: executing program 1 (id=316): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/onlycap', 0x2, 0x0) 328.266252ms ago: executing program 4 (id=317): sched_rr_get_interval(0x0, &(0x7f0000000000)) 305.839532ms ago: executing program 2 (id=318): socket$can_bcm(0x1d, 0x2, 0x2) 243.248254ms ago: executing program 1 (id=319): socket$packet(0x11, 0x2, 0x300) 192.399237ms ago: executing program 4 (id=320): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userfaultfd', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userfaultfd', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/userfaultfd', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userfaultfd', 0x800, 0x0) 170.757297ms ago: executing program 2 (id=321): lsm_get_self_attr(0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 118.452402ms ago: executing program 4 (id=322): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/random', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/random', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/random', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/random', 0x800, 0x0) 56.065628ms ago: executing program 1 (id=323): socket$isdn_base(0x22, 0x3, 0x0) 55.725706ms ago: executing program 2 (id=324): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 11.266298ms ago: executing program 1 (id=325): open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0) 0s ago: executing program 4 (id=326): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.121' (ED25519) to the list of known hosts. [ 188.596858][ T5787] cgroup: Unknown subsys name 'net' [ 188.741314][ T5787] cgroup: Unknown subsys name 'cpuset' [ 188.771060][ T5787] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 195.443551][ T5787] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 206.620497][ T6066] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 208.917766][ T6144] Oops: general protection fault, probably for non-canonical address 0x1dcc932da003198: 0000 [#1] SMP PTI [ 208.929375][ T6144] CPU: 0 UID: 0 PID: 6144 Comm: syz.2.324 Not tainted 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(none) [ 208.941162][ T6144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 208.951440][ T6144] RIP: 0010:kfree+0xf2/0xec0 [ 208.956343][ T6144] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 208.976366][ T6144] RSP: 0018:ffff88802249ba38 EFLAGS: 00010246 [ 208.983040][ T6144] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 208.991184][ T6144] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01dcc932da003198 [ 208.999426][ T6144] RBP: ffff88802249bae0 R08: ffffea000000000f R09: 0000000000000000 [ 209.007574][ T6144] R10: ffff88812ec9cce0 R11: 0000000000000000 R12: 0000000000000000 [ 209.015723][ T6144] R13: 0000000000000000 R14: 0000000000000000 R15: 01dcdf32da003190 [ 209.023865][ T6144] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 209.033114][ T6144] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 209.039911][ T6144] CR2: 00000000f7ef55c0 CR3: 00000001190d2000 CR4: 00000000003526f0 [ 209.048099][ T6144] Call Trace: [ 209.051805][ T6144] [ 209.054873][ T6144] ? vhost_dev_cleanup+0x74d/0xf20 [ 209.060240][ T6144] ? kmsan_get_metadata+0xfb/0x160 [ 209.065611][ T6144] vhost_dev_cleanup+0x74d/0xf20 [ 209.070833][ T6144] ? __pfx_vhost_net_release+0x10/0x10 [ 209.076526][ T6144] vhost_net_release+0x18f/0x930 [ 209.081709][ T6144] ? __pfx_vhost_net_release+0x10/0x10 [ 209.087418][ T6144] __fput+0x608/0x1040 [ 209.091720][ T6144] ? __pfx_____fput+0x10/0x10 [ 209.096705][ T6144] ____fput+0x25/0x30 [ 209.100909][ T6144] task_work_run+0x209/0x2b0 [ 209.105756][ T6144] do_exit+0x99d/0x3d50 [ 209.110245][ T6144] ? kmsan_get_metadata+0xfb/0x160 [ 209.115624][ T6144] do_group_exit+0x259/0x390 [ 209.120488][ T6144] __ia32_sys_exit_group+0x35/0x40 [ 209.125852][ T6144] ia32_sys_call+0x4302/0x4310 [ 209.130985][ T6144] __do_fast_syscall_32+0xb0/0x150 [ 209.136331][ T6144] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 209.142463][ T6144] do_fast_syscall_32+0x38/0x80 [ 209.147929][ T6144] do_SYSENTER_32+0x1f/0x30 [ 209.152704][ T6144] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 209.159378][ T6144] RIP: 0023:0xf705e539 [ 209.163656][ T6144] Code: Unable to access opcode bytes at 0xf705e50f. [ 209.170591][ T6144] RSP: 002b:00000000ffcff97c EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 209.179374][ T6144] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 209.187622][ T6144] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f73c4ff4 [ 209.195809][ T6144] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 209.204174][ T6144] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 209.212314][ T6144] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 209.220575][ T6144] [ 209.223726][ T6144] Modules linked in: [ 209.230769][ T6144] ---[ end trace 0000000000000000 ]--- [ 209.241698][ T6144] RIP: 0010:kfree+0xf2/0xec0 [ 209.246715][ T6144] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 209.267026][ T6144] RSP: 0018:ffff88802249ba38 EFLAGS: 00010246 [ 209.273363][ T6144] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 209.281734][ T6144] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01dcc932da003198 [ 209.290151][ T6144] RBP: ffff88802249bae0 R08: ffffea000000000f R09: 0000000000000000 [ 209.298493][ T6144] R10: ffff88812ec9cce0 R11: 0000000000000000 R12: 0000000000000000 [ 209.306806][ T6144] R13: 0000000000000000 R14: 0000000000000000 R15: 01dcdf32da003190 [ 209.315101][ T6144] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 209.324483][ T6144] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 209.331568][ T6144] CR2: 00000000f7ef55c0 CR3: 00000001190d2000 CR4: 00000000003526f0 [ 209.339977][ T6144] Kernel panic - not syncing: Fatal exception [ 209.346611][ T6144] Kernel Offset: disabled [ 209.351143][ T6144] Rebooting in 86400 seconds..