last executing test programs: 518.379848ms ago: executing program 3 (id=151): socket$packet(0x11, 0x2, 0x300) 509.162952ms ago: executing program 0 (id=153): fchownat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 479.905519ms ago: executing program 2 (id=154): fdatasync(0xffffffffffffffff) 418.955436ms ago: executing program 1 (id=155): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock', 0x800, 0x0) 418.738763ms ago: executing program 3 (id=156): epoll_create1(0x0) 418.607133ms ago: executing program 0 (id=157): sched_setparam(0x0, &(0x7f0000000000)) 418.504648ms ago: executing program 4 (id=158): socket$xdp(0x2c, 0x3, 0x0) 379.381736ms ago: executing program 3 (id=159): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/iommu', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/iommu', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/iommu', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/iommu', 0x800, 0x0) 375.069061ms ago: executing program 2 (id=160): brk(0x0) 313.896191ms ago: executing program 0 (id=161): getrlimit(0x0, &(0x7f0000000000)) 313.69686ms ago: executing program 1 (id=162): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/uverbs0', 0x2, 0x0) 313.574426ms ago: executing program 4 (id=163): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/target_ids', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/target_ids', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/target_ids', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/target_ids', 0x800, 0x0) 289.857176ms ago: executing program 1 (id=164): stat(&(0x7f0000000000), &(0x7f0000000000)) 289.729991ms ago: executing program 2 (id=165): shmget(0xffffffffffffffff, 0x0, 0x0, 0x0) 274.089312ms ago: executing program 4 (id=166): io_uring_setup(0x0, &(0x7f0000000000)) 214.23916ms ago: executing program 0 (id=167): mq_notify(0xffffffffffffffff, &(0x7f0000000000)) 214.074579ms ago: executing program 3 (id=168): rename(&(0x7f0000000000), &(0x7f0000000000)) 213.949192ms ago: executing program 1 (id=169): socket$nl_xfrm(0x10, 0x3, 0x6) 205.953229ms ago: executing program 2 (id=170): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 186.538389ms ago: executing program 4 (id=171): mbind(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) 138.311857ms ago: executing program 0 (id=172): flistxattr(0xffffffffffffffff, &(0x7f0000000000), 0x0) 138.12437ms ago: executing program 3 (id=173): socket$inet6(0xa, 0x1, 0x0) 137.988966ms ago: executing program 1 (id=174): socket$inet_udplite(0x2, 0x2, 0x88) 117.663945ms ago: executing program 2 (id=175): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ptrace', 0x2, 0x0) 97.016373ms ago: executing program 0 (id=176): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 50.347414ms ago: executing program 4 (id=177): finit_module(0xffffffffffffffff, &(0x7f0000000000), 0x0) 50.023094ms ago: executing program 3 (id=178): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0) 49.944975ms ago: executing program 2 (id=179): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/keychord', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/keychord', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/keychord', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/keychord', 0x800, 0x0) 12.575849ms ago: executing program 1 (id=180): nanosleep(&(0x7f0000000000), 0x0) 0s ago: executing program 4 (id=181): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.253' (ED25519) to the list of known hosts. [ 162.473368][ T5786] cgroup: Unknown subsys name 'net' [ 162.605947][ T5786] cgroup: Unknown subsys name 'cpuset' [ 162.619943][ T5786] cgroup: Unknown subsys name 'rlimit' [ 163.144786][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 163.151763][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 Setting up swapspace version 1, size = 127995904 bytes [ 168.222043][ T5786] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 172.772644][ T5877] mmap: syz.0.62 (5877) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 175.031132][ T5993] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 175.095503][ T5995] Oops: general protection fault, probably for non-canonical address 0x1eafb5b7519ffe8: 0000 [#1] SMP PTI [ 175.107241][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: syz.0.176 Not tainted 6.16.0-syzkaller-11743-g6bcdbd62bd56 #0 PREEMPT(none) [ 175.119423][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 175.129921][ T5995] RIP: 0010:kfree+0xf2/0xec0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 175.134860][ T5995] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 175.155117][ T5995] RSP: 0018:ffff88812e17fa38 EFLAGS: 00010246 [ 175.161508][ T5995] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 175.169842][ T5995] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01eafb5b7519ffe8 [ 175.178010][ T5995] RBP: ffff88812e17fae0 R08: ffffea000000000f R09: 0000000000000000 [ 175.186512][ T5995] R10: ffff88810a1f4ce0 R11: 0000000000000000 R12: 0000000000000000 [ 175.194929][ T5995] R13: 0000000000000000 R14: 0000000000000000 R15: 01eb115b7519ffe0 [ 175.203282][ T5995] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 175.212660][ T5995] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 175.219503][ T5995] CR2: 00000000f7f255c0 CR3: 0000000102a0a000 CR4: 00000000003526f0 [ 175.227673][ T5995] Call Trace: [ 175.231165][ T5995] [ 175.234320][ T5995] ? vhost_dev_cleanup+0x74d/0xf20 [ 175.239750][ T5995] ? kmsan_get_metadata+0xfb/0x160 [ 175.245286][ T5995] vhost_dev_cleanup+0x74d/0xf20 [ 175.250455][ T5995] ? __pfx_vhost_net_release+0x10/0x10 [ 175.256739][ T5995] vhost_net_release+0x18f/0x930 [ 175.261904][ T5995] ? __pfx_vhost_net_release+0x10/0x10 [ 175.267729][ T5995] __fput+0x608/0x1040 [ 175.271999][ T5995] ? __pfx_____fput+0x10/0x10 [ 175.278581][ T5995] ____fput+0x25/0x30 [ 175.282816][ T5995] task_work_run+0x209/0x2b0 [ 175.287771][ T5995] do_exit+0x99d/0x3d50 [ 175.292107][ T5995] ? kmsan_get_metadata+0xfb/0x160 [ 175.297513][ T5995] do_group_exit+0x259/0x390 [ 175.302405][ T5995] __ia32_sys_exit_group+0x35/0x40 [ 175.307912][ T5995] ia32_sys_call+0x4302/0x4310 [ 175.313207][ T5995] __do_fast_syscall_32+0xb0/0x150 [ 175.318606][ T5995] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 175.324499][ T5995] do_fast_syscall_32+0x38/0x80 [ 175.329609][ T5995] do_SYSENTER_32+0x1f/0x30 [ 175.334468][ T5995] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.341172][ T5995] RIP: 0023:0xf7f02539 [ 175.345387][ T5995] Code: Unable to access opcode bytes at 0xf7f0250f. [ 175.352277][ T5995] RSP: 002b:00000000ffe31ecc EFLAGS: 00000206 ORIG_RAX: 00000000000000fc [ 175.360963][ T5995] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000 [ 175.369446][ T5995] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7394ff4 [ 175.377759][ T5995] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000 [ 175.385857][ T5995] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 175.394237][ T5995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.402553][ T5995] [ 175.405683][ T5995] Modules linked in: [ 175.412130][ T5995] ---[ end trace 0000000000000000 ]--- [ 175.418459][ T5995] RIP: 0010:kfree+0xf2/0xec0 [ 175.423300][ T5995] Code: ef 0c 48 3d 00 10 00 00 41 0f 42 f6 89 75 d0 4f 8d 3c bf 49 c1 e7 04 48 09 4d b0 48 8b 45 80 4a 8d 7c 38 08 0f 85 70 05 00 00 <4c> 8b 27 e8 06 61 14 00 4c 8b 28 44 8b 32 44 89 e8 83 e0 01 44 89 [ 175.443373][ T5995] RSP: 0018:ffff88812e17fa38 EFLAGS: 00010246 [ 175.449985][ T5995] RAX: ffffea0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 175.458494][ T5995] RDX: ffff88821ff13408 RSI: 0000000000000000 RDI: 01eafb5b7519ffe8 [ 175.467230][ T5995] RBP: ffff88812e17fae0 R08: ffffea000000000f R09: 0000000000000000 [ 175.475551][ T5995] R10: ffff88810a1f4ce0 R11: 0000000000000000 R12: 0000000000000000 [ 175.483896][ T5995] R13: 0000000000000000 R14: 0000000000000000 R15: 01eb115b7519ffe0 [ 175.492201][ T5995] FS: 0000000000000000(0000) GS:ffff8881aa69a000(0000) knlGS:0000000000000000 [ 175.501793][ T5995] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 175.508712][ T5995] CR2: 00000000f7f255c0 CR3: 0000000102a0a000 CR4: 00000000003526f0 [ 175.517091][ T5995] Kernel panic - not syncing: Fatal exception [ 175.534266][ T5995] Kernel Offset: disabled [ 175.538890][ T5995] Rebooting in 86400 seconds..