last executing test programs: 3.802971986s ago: executing program 4 (id=5): rt_sigreturn() 2.443765481s ago: executing program 0 (id=70): lsetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 2.353357539s ago: executing program 0 (id=73): read(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.25933133s ago: executing program 0 (id=77): syz_init_net_socket$netrom(0x6, 0x5, 0x0) 2.13866596s ago: executing program 0 (id=82): lgetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.030205271s ago: executing program 0 (id=85): process_mrelease(0xffffffffffffffff, 0x0) 1.960870279s ago: executing program 0 (id=89): pause() 680.303859ms ago: executing program 4 (id=132): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 435.833879ms ago: executing program 1 (id=139): exit_group(0x0) 435.2855ms ago: executing program 3 (id=141): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 409.4618ms ago: executing program 1 (id=142): getresgid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 375.3858ms ago: executing program 3 (id=144): kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 291.492157ms ago: executing program 1 (id=145): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/checkreqprot', 0x800, 0x0) 291.294008ms ago: executing program 2 (id=146): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self', 0x800, 0x0) 291.234874ms ago: executing program 3 (id=147): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/unconfined', 0x2, 0x0) 265.287874ms ago: executing program 2 (id=148): pkey_mprotect(0x0, 0x0, 0x0, 0xffffffffffffffff) 218.893486ms ago: executing program 1 (id=149): prlimit64(0x0, 0x0, 0x0, 0x0) 171.183441ms ago: executing program 3 (id=150): socket$inet(0x2, 0x1, 0x0) 171.081679ms ago: executing program 2 (id=151): socket$inet_icmp(0x2, 0x2, 0x1) 149.704609ms ago: executing program 2 (id=152): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmci', 0x2, 0x0) 149.481822ms ago: executing program 3 (id=153): lstat(&(0x7f0000000000), &(0x7f0000000000)) 114.829126ms ago: executing program 1 (id=154): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tlk_device', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tlk_device', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tlk_device', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tlk_device', 0x800, 0x0) 23.739454ms ago: executing program 2 (id=155): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/img-rogue', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/img-rogue', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/img-rogue', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/img-rogue', 0x800, 0x0) 23.404247ms ago: executing program 3 (id=156): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hpet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hpet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hpet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hpet', 0x800, 0x0) 23.259232ms ago: executing program 1 (id=157): socket$inet_dccp(0x2, 0x6, 0x0) 0s ago: executing program 2 (id=158): accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.34' (ED25519) to the list of known hosts. [ 165.570667][ T5788] cgroup: Unknown subsys name 'net' [ 165.685583][ T5788] cgroup: Unknown subsys name 'cpuset' [ 165.699825][ T5788] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 171.213733][ T5788] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 177.502146][ T5929] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 178.654462][ T5974] Oops: general protection fault, probably for non-canonical address 0x1dd4655b1dcdba8: 0000 [#1] SMP PTI [ 178.666070][ T5974] CPU: 0 UID: 0 PID: 5974 Comm: syz.4.132 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(none) [ 178.677850][ T5974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 178.688201][ T5974] RIP: 0010:kfree+0xf2/0xec0 [ 178.693073][ T5974] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 178.712910][ T5974] RSP: 0000:ffff8881190dfa68 EFLAGS: 00010246 [ 178.719276][ T5974] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 178.727418][ T5974] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01dd4655b1dcdba8 [ 178.735639][ T5974] RBP: ffff8881190dfb10 R08: ffffea000000000f R09: 0000000000000000 [ 178.743765][ T5974] R10: ffff88812f898b60 R11: 0000000000000000 R12: 0000000000000000 [ 178.751893][ T5974] R13: 0000000000000000 R14: 0000000000000000 R15: 01dd5c55b1dcdba0 [ 178.760009][ T5974] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 178.769110][ T5974] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.775881][ T5974] CR2: 00007f3f54a3a6cc CR3: 000000012f92e000 CR4: 00000000003526f0 [ 178.784015][ T5974] Call Trace: [ 178.787415][ T5974] [ 178.790456][ T5974] ? vhost_dev_cleanup+0x74d/0xf20 [ 178.795784][ T5974] ? kmsan_get_metadata+0xfb/0x160 [ 178.801112][ T5974] vhost_dev_cleanup+0x74d/0xf20 [ 178.806264][ T5974] ? __pfx_vhost_net_release+0x10/0x10 [ 178.811922][ T5974] vhost_net_release+0x18f/0x930 [ 178.817086][ T5974] ? __pfx_vhost_net_release+0x10/0x10 [ 178.822745][ T5974] __fput+0x60b/0x1040 [ 178.827021][ T5974] ? __pfx_____fput+0x10/0x10 [ 178.831883][ T5974] ____fput+0x25/0x30 [ 178.836044][ T5974] task_work_run+0x209/0x2b0 [ 178.840849][ T5974] do_exit+0x99d/0x3d50 [ 178.845212][ T5974] ? kmsan_get_metadata+0xfb/0x160 [ 178.850556][ T5974] do_group_exit+0x259/0x390 [ 178.855380][ T5974] __x64_sys_exit_group+0x35/0x40 [ 178.860634][ T5974] x64_sys_call+0x3e1a/0x3e20 [ 178.865543][ T5974] do_syscall_64+0xd9/0x210 [ 178.870244][ T5974] ? irqentry_exit+0x16/0x60 [ 178.875008][ T5974] ? clear_bhb_loop+0x40/0x90 [ 178.879888][ T5974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.885971][ T5974] RIP: 0033:0x7f04f478eb69 [ 178.890729][ T5974] Code: Unable to access opcode bytes at 0x7f04f478eb3f. [ 178.897868][ T5974] RSP: 002b:00007ffd07a7acc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 178.906493][ T5974] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f04f478eb69 [ 178.914620][ T5974] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: 0000000000000000 [ 178.922741][ T5974] RBP: 00007ffd07a7ad2c R08: 0000000000000001 R09: 000000000000004a [ 178.930854][ T5974] R10: 00007f04f4600000 R11: 0000000000000246 R12: 0000000000000001 [ 178.938983][ T5974] R13: 000000000000004a R14: 000000000002ab02 R15: 00007ffd07a7ad80 [ 178.947147][ T5974] [ 178.950276][ T5974] Modules linked in: [ 178.956909][ T5974] ---[ end trace 0000000000000000 ]--- [ 178.964076][ T5974] RIP: 0010:kfree+0xf2/0xec0 [ 178.968992][ T5974] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 178.989263][ T5974] RSP: 0000:ffff8881190dfa68 EFLAGS: 00010246 [ 178.995739][ T5974] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 179.004018][ T5974] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01dd4655b1dcdba8 [ 179.012309][ T5974] RBP: ffff8881190dfb10 R08: ffffea000000000f R09: 0000000000000000 [ 179.020461][ T5974] R10: ffff88812f898b60 R11: 0000000000000000 R12: 0000000000000000 [ 179.028721][ T5974] R13: 0000000000000000 R14: 0000000000000000 R15: 01dd5c55b1dcdba0 [ 179.037010][ T5974] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 179.046825][ T5974] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.053656][ T5974] CR2: 00007f3f54a3a6cc CR3: 000000012f92e000 CR4: 00000000003526f0 [ 179.061919][ T5974] Kernel panic - not syncing: Fatal exception [ 179.068447][ T5974] Kernel Offset: disabled [ 179.072864][ T5974] Rebooting in 86400 seconds..