last executing test programs: 1.032521891s ago: executing program 1 (id=294): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full', 0x800, 0x0) 840.342483ms ago: executing program 1 (id=301): unlink(&(0x7f0000000000)) 712.123206ms ago: executing program 1 (id=305): timer_create(0x0, &(0x7f0000000000), &(0x7f0000000000)) 705.472107ms ago: executing program 2 (id=308): vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 608.678223ms ago: executing program 1 (id=310): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx', 0x800, 0x0) 608.542443ms ago: executing program 0 (id=311): fstat(0xffffffffffffffff, &(0x7f0000000000)) 608.406968ms ago: executing program 4 (id=312): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37', 0x2, 0x0) 608.316467ms ago: executing program 2 (id=313): getpid() 558.679907ms ago: executing program 0 (id=314): mq_timedreceive(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 549.69696ms ago: executing program 3 (id=315): delete_module(&(0x7f0000000000), 0x0) 480.209225ms ago: executing program 4 (id=316): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0) 480.017742ms ago: executing program 1 (id=317): open(&(0x7f0000000000), 0x0, 0x0) 446.246047ms ago: executing program 0 (id=318): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_control', 0x2, 0x0) 441.446248ms ago: executing program 2 (id=319): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/netlabel', 0x2, 0x0) 374.979619ms ago: executing program 3 (id=320): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom', 0x800, 0x0) 374.757523ms ago: executing program 4 (id=321): move_mount(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 342.377426ms ago: executing program 3 (id=322): utimensat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 316.338571ms ago: executing program 1 (id=323): pause() 268.273376ms ago: executing program 0 (id=324): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem', 0x1, 0x0) 268.132571ms ago: executing program 2 (id=325): process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 240.955902ms ago: executing program 4 (id=326): tgkill(0x0, 0x0, 0x0) 224.733567ms ago: executing program 3 (id=327): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci', 0x800, 0x0) 116.64154ms ago: executing program 0 (id=328): rt_sigsuspend(&(0x7f0000000000), 0x0) 116.478893ms ago: executing program 2 (id=329): setregid(0x0, 0x0) 116.354161ms ago: executing program 4 (id=330): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 97.374626ms ago: executing program 3 (id=331): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0) 59.747522ms ago: executing program 2 (id=332): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci', 0x800, 0x0) 490.216µs ago: executing program 0 (id=333): sched_setparam(0x0, &(0x7f0000000000)) 180.219µs ago: executing program 4 (id=334): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 0s ago: executing program 3 (id=335): ioperm(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.69' (ED25519) to the list of known hosts. [ 195.746973][ T5793] cgroup: Unknown subsys name 'net' [ 195.883069][ T5793] cgroup: Unknown subsys name 'cpuset' [ 195.900164][ T5793] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 202.459151][ T5793] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 215.009839][ T6160] Oops: general protection fault, probably for non-canonical address 0xfbdc6f7fffffe8: 0000 [#1] SMP PTI [ 215.021695][ T6160] CPU: 1 UID: 0 PID: 6160 Comm: syz.4.334 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(none) [ 215.033812][ T6160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 215.044235][ T6160] RIP: 0010:kfree+0xf2/0xec0 [ 215.049164][ T6160] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 215.069473][ T6160] RSP: 0018:ffff888119cdf9f8 EFLAGS: 00010246 [ 215.075824][ T6160] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 215.084002][ T6160] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 00fbdc6f7fffffe8 [ 215.092444][ T6160] RBP: ffff888119cdfaa0 R08: ffffea000000000f R09: 0000000000000000 [ 215.100891][ T6160] R10: ffff888118444ce0 R11: 0000000000000000 R12: 0000000000000000 [ 215.109119][ T6160] R13: 0000000000000000 R14: 0000000000000000 R15: 00fbf26f7fffffe0 [ 215.117297][ T6160] FS: 0000000000000000(0000) GS:ffff8881aa79a000(0000) knlGS:0000000000000000 [ 215.126613][ T6160] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 215.133415][ T6160] CR2: 00000000ffeed4c4 CR3: 0000000119076000 CR4: 00000000003526f0 [ 215.141662][ T6160] Call Trace: [ 215.145267][ T6160] [ 215.148420][ T6160] ? vhost_dev_cleanup+0x74d/0xf20 [ 215.153780][ T6160] ? kmsan_get_metadata+0xfb/0x160 [ 215.159186][ T6160] vhost_dev_cleanup+0x74d/0xf20 [ 215.164568][ T6160] vhost_vsock_dev_release+0x789/0x850 [ 215.170330][ T6160] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 215.176649][ T6160] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 215.182733][ T6160] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 215.189221][ T6160] __fput+0x60b/0x1040 [ 215.193576][ T6160] ? __pfx_____fput+0x10/0x10 [ 215.198684][ T6160] ____fput+0x25/0x30 [ 215.202888][ T6160] task_work_run+0x209/0x2b0 [ 215.207754][ T6160] do_exit+0x99d/0x3d50 [ 215.212193][ T6160] ? kmsan_get_metadata+0xfb/0x160 [ 215.217594][ T6160] do_group_exit+0x259/0x390 [ 215.222514][ T6160] __ia32_sys_exit_group+0x35/0x40 [ 215.228165][ T6160] ia32_sys_call+0x4302/0x4310 [ 215.233324][ T6160] __do_fast_syscall_32+0xb0/0x150 [ 215.238799][ T6160] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 215.244908][ T6160] do_fast_syscall_32+0x38/0x80 [ 215.250033][ T6160] do_SYSENTER_32+0x1f/0x30 [ 215.254852][ T6160] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 215.261546][ T6160] RIP: 0023:0xf712e539 [ 215.265907][ T6160] Code: Unable to access opcode bytes at 0xf712e50f. [ 215.272821][ T6160] RSP: 002b:00000000fffb42ac EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 215.281651][ T6160] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 215.290079][ T6160] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7494ff4 [ 215.298317][ T6160] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 215.306476][ T6160] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 215.314637][ T6160] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 215.322818][ T6160] [ 215.326068][ T6160] Modules linked in: [ 215.332297][ T6160] ---[ end trace 0000000000000000 ]--- [ 215.337968][ T6160] RIP: 0010:kfree+0xf2/0xec0 [ 215.342988][ T6160] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 215.363645][ T6160] RSP: 0018:ffff888119cdf9f8 EFLAGS: 00010246 [ 215.370001][ T6160] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 215.378278][ T6160] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 00fbdc6f7fffffe8 [ 215.388817][ T6160] RBP: ffff888119cdfaa0 R08: ffffea000000000f R09: 0000000000000000 [ 215.397136][ T6160] R10: ffff888118444ce0 R11: 0000000000000000 R12: 0000000000000000 [ 215.405440][ T6160] R13: 0000000000000000 R14: 0000000000000000 R15: 00fbf26f7fffffe0 [ 215.413828][ T6160] FS: 0000000000000000(0000) GS:ffff8881aa79a000(0000) knlGS:0000000000000000 [ 215.423250][ T6160] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 215.430045][ T6160] CR2: 00000000ffeed4c4 CR3: 0000000119076000 CR4: 00000000003526f0 [ 215.438365][ T6160] Kernel panic - not syncing: Fatal exception [ 215.444959][ T6160] Kernel Offset: disabled [ 215.449523][ T6160] Rebooting in 86400 seconds..