last executing test programs: 1.007228186s ago: executing program 1 (id=86): pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 864.585039ms ago: executing program 3 (id=88): process_vm_readv(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 863.973969ms ago: executing program 1 (id=91): fsopen(&(0x7f0000000000), 0x0) 848.930912ms ago: executing program 4 (id=92): process_mrelease(0xffffffffffffffff, 0x0) 787.177574ms ago: executing program 3 (id=94): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls', 0x0, 0x0) 704.290008ms ago: executing program 4 (id=96): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey', 0x800, 0x0) 704.106846ms ago: executing program 0 (id=97): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tlk_device', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tlk_device', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tlk_device', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tlk_device', 0x800, 0x0) 662.339872ms ago: executing program 2 (id=98): uname(&(0x7f0000000000)) 646.642423ms ago: executing program 3 (id=99): socket$inet6_udplite(0xa, 0x2, 0x88) 540.488327ms ago: executing program 4 (id=100): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-monitor', 0x800, 0x0) 540.335763ms ago: executing program 0 (id=101): io_uring_setup(0x0, &(0x7f0000000000)) 540.19131ms ago: executing program 2 (id=102): quotactl$Q_GETFMT(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000)) 523.147692ms ago: executing program 3 (id=103): socket$pptp(0x18, 0x1, 0x2) 482.567163ms ago: executing program 4 (id=104): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 408.457463ms ago: executing program 2 (id=105): sigaltstack(&(0x7f0000000000), 0x0) 408.194081ms ago: executing program 0 (id=106): select(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 408.112892ms ago: executing program 1 (id=107): acct(0x0) 377.186969ms ago: executing program 3 (id=108): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 363.868266ms ago: executing program 4 (id=109): connect(0xffffffffffffffff, &(0x7f0000000000), 0x0) 280.405931ms ago: executing program 0 (id=110): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 280.286945ms ago: executing program 2 (id=111): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 280.233443ms ago: executing program 1 (id=112): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full', 0x800, 0x0) 238.876334ms ago: executing program 0 (id=113): syz_open_dev$midi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$midi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$midi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$midi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$midi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$midi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$midi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$midi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$midi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$midi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$midi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$midi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$midi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$midi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$midi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$midi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$midi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$midi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$midi(&(0x7f0000000500), 0x4, 0x800) 220.756761ms ago: executing program 4 (id=114): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0) 152.602112ms ago: executing program 2 (id=115): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hpet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hpet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hpet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hpet', 0x800, 0x0) 152.220772ms ago: executing program 3 (id=116): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 137.794018ms ago: executing program 1 (id=117): mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 100.794493ms ago: executing program 0 (id=118): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer', 0x800, 0x0) 140.943µs ago: executing program 2 (id=119): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self', 0x800, 0x0) 0s ago: executing program 1 (id=120): mknod(&(0x7f0000000000), 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.30' (ED25519) to the list of known hosts. [ 201.714149][ T5795] cgroup: Unknown subsys name 'net' [ 201.885218][ T5795] cgroup: Unknown subsys name 'cpuset' [ 201.902161][ T5795] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 208.552025][ T5795] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 214.260143][ T5889] mmap: syz.4.67 (5889) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 215.216001][ T5924] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 215.780287][ T5942] Oops: general protection fault, probably for non-canonical address 0x11df665c1324598: 0000 [#1] SMP PTI [ 215.792091][ T5942] CPU: 0 UID: 0 PID: 5942 Comm: syz.3.116 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(none) [ 215.804102][ T5942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 215.814854][ T5942] RIP: 0010:kfree+0xf2/0xec0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 215.819923][ T5942] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 215.840180][ T5942] RSP: 0018:ffff888116f43a38 EFLAGS: 00010246 [ 215.847006][ T5942] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 215.855233][ T5942] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 011df665c1324598 [ 215.863885][ T5942] RBP: ffff888116f43ae0 R08: ffffea000000000f R09: 0000000000000000 [ 215.872197][ T5942] R10: ffff8881157ecce0 R11: 0000000000000000 R12: 0000000000000000 [ 215.880484][ T5942] R13: 0000000000000000 R14: 0000000000000000 R15: 011e0c65c1324590 [ 215.888771][ T5942] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 215.898203][ T5942] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 215.905035][ T5942] CR2: 00000000f7f355c0 CR3: 000000013dc28000 CR4: 00000000003526f0 [ 215.913388][ T5942] Call Trace: [ 215.916842][ T5942] [ 215.920136][ T5942] ? vhost_dev_cleanup+0x74d/0xf20 [ 215.925654][ T5942] ? kmsan_get_metadata+0xfb/0x160 [ 215.931475][ T5942] vhost_dev_cleanup+0x74d/0xf20 [ 215.936846][ T5942] ? __pfx_vhost_net_release+0x10/0x10 [ 215.942729][ T5942] vhost_net_release+0x18f/0x930 [ 215.948101][ T5942] ? __pfx_vhost_net_release+0x10/0x10 [ 215.953973][ T5942] __fput+0x60b/0x1040 [ 215.958373][ T5942] ? __pfx_____fput+0x10/0x10 [ 215.963446][ T5942] ____fput+0x25/0x30 [ 215.967801][ T5942] task_work_run+0x209/0x2b0 [ 215.972809][ T5942] do_exit+0x99d/0x3d50 [ 215.977365][ T5942] ? kmsan_get_metadata+0xfb/0x160 [ 215.982824][ T5942] do_group_exit+0x259/0x390 [ 215.987872][ T5942] __ia32_sys_exit_group+0x35/0x40 [ 215.993423][ T5942] ia32_sys_call+0x4302/0x4310 [ 215.998466][ T5942] __do_fast_syscall_32+0xb0/0x150 [ 216.003991][ T5942] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 216.010014][ T5942] do_fast_syscall_32+0x38/0x80 [ 216.015213][ T5942] do_SYSENTER_32+0x1f/0x30 [ 216.020124][ T5942] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 216.026923][ T5942] RIP: 0023:0xf70ee539 [ 216.031255][ T5942] Code: Unable to access opcode bytes at 0xf70ee50f. [ 216.038112][ T5942] RSP: 002b:00000000ffea250c EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 216.046891][ T5942] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 216.055142][ T5942] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7454ff4 [ 216.063430][ T5942] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 216.071569][ T5942] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 216.079714][ T5942] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 216.088016][ T5942] [ 216.091308][ T5942] Modules linked in: [ 216.096293][ T5942] ---[ end trace 0000000000000000 ]--- [ 216.102205][ T5942] RIP: 0010:kfree+0xf2/0xec0 [ 216.107283][ T5942] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 66 5c 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 216.127555][ T5942] RSP: 0018:ffff888116f43a38 EFLAGS: 00010246 [ 216.135891][ T5942] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 216.144250][ T5942] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 011df665c1324598 [ 216.153090][ T5942] RBP: ffff888116f43ae0 R08: ffffea000000000f R09: 0000000000000000 [ 216.161388][ T5942] R10: ffff8881157ecce0 R11: 0000000000000000 R12: 0000000000000000 [ 216.169808][ T5942] R13: 0000000000000000 R14: 0000000000000000 R15: 011e0c65c1324590 [ 216.178270][ T5942] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 216.187868][ T5942] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 216.195006][ T5942] CR2: 00000000f7f355c0 CR3: 0000000012666000 CR4: 00000000003526f0 [ 216.203368][ T5942] Kernel panic - not syncing: Fatal exception [ 216.210093][ T5942] Kernel Offset: disabled [ 216.214758][ T5942] Rebooting in 86400 seconds..