last executing test programs: 144.256745ms ago: executing program 4 (id=20): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 114.482996ms ago: executing program 4 (id=25): socket$inet(0x2, 0x1, 0x0) 113.905756ms ago: executing program 4 (id=31): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0', 0x2, 0x0) 87.567647ms ago: executing program 4 (id=35): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/socket/zygote', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/socket/zygote', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/socket/zygote', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/socket/zygote', 0x800, 0x0) 87.309407ms ago: executing program 0 (id=37): connect(0xffffffffffffffff, &(0x7f0000000000), 0x0) 87.150717ms ago: executing program 4 (id=39): syz_open_dev$midi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$midi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$midi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$midi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$midi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$midi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$midi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$midi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$midi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$midi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$midi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$midi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$midi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$midi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$midi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$midi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$midi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$midi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$midi(&(0x7f0000000500), 0x4, 0x800) 57.818828ms ago: executing program 3 (id=41): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 57.751228ms ago: executing program 0 (id=42): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 57.634978ms ago: executing program 2 (id=43): msync(0x0, 0x0, 0x0) 57.481418ms ago: executing program 3 (id=44): socket$nl_generic(0x10, 0x3, 0x10) 57.268908ms ago: executing program 1 (id=45): prlimit64(0x0, 0x0, 0x0, 0x0) 57.089378ms ago: executing program 0 (id=46): syslog(0x0, 0x0, 0x0) 56.992068ms ago: executing program 2 (id=47): add_key(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x0) 24.577709ms ago: executing program 1 (id=48): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl', 0x800, 0x0) 24.310699ms ago: executing program 3 (id=49): mknodat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 24.196739ms ago: executing program 2 (id=50): utimensat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 24.146179ms ago: executing program 0 (id=51): mlock(0x0, 0x0) 24.046269ms ago: executing program 1 (id=52): faccessat2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 24.009699ms ago: executing program 2 (id=53): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0) 23.971579ms ago: executing program 3 (id=54): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) 22.820909ms ago: executing program 0 (id=55): semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000000)) 22.742229ms ago: executing program 1 (id=56): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 22.708399ms ago: executing program 2 (id=57): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 22.461049ms ago: executing program 3 (id=58): readlinkat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 746µs ago: executing program 2 (id=59): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/yama/ptrace_scope', 0x2, 0x0) 653.4µs ago: executing program 3 (id=60): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput', 0x800, 0x0) 597µs ago: executing program 0 (id=61): syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) 271.84µs ago: executing program 1 (id=62): read(0xffffffffffffffff, &(0x7f0000000000), 0x0) 164.14µs ago: executing program 1 (id=63): getgid() 0s ago: executing program 4 (id=64): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 0s ago: executing program 3 (id=66): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts. [ 25.881730][ T4029] cgroup: Unknown subsys name 'net' [ 26.142801][ T4029] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 26.435853][ T4029] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 27.341521][ T4112] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 27.342962][ T4112] Modules linked in: [ 27.343587][ T4112] CPU: 1 PID: 4112 Comm: syz.3.66 Not tainted syzkaller #0 [ 27.344739][ T4112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 27.346319][ T4112] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 27.347574][ T4112] pc : lookup_ioctx+0x108/0x7c8 [ 27.348326][ T4112] lr : lookup_ioctx+0xe4/0x7c8 [ 27.349074][ T4112] sp : ffff80001f497cf0 [ 27.349713][ T4112] x29: ffff80001f497cf0 x28: ffff0000c2243680 x27: 0000000000000000 [ 27.350962][ T4112] x26: 1fffe000184486d0 x25: 0000000000400040 x24: ffff0000c9236d40 [ 27.352329][ T4112] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 27.353617][ T4112] x20: ffff0000c2243680 x19: 0000000000000000 x18: 0000000000000000 [ 27.354975][ T4112] x17: 0000000000000000 x16: ffff800008a22ca0 x15: 0000000000000000 [ 27.356345][ T4112] x14: 0000000000000003 x13: 1ffff0000285402b x12: 0000000000ff0100 [ 27.357637][ T4112] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 27.358883][ T4112] x8 : 0000000000000000 x7 : ffff8000087585b4 x6 : 0000000000000000 [ 27.360147][ T4112] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 27.361449][ T4112] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 27.362811][ T4112] Call trace: [ 27.363366][ T4112] lookup_ioctx+0x108/0x7c8 [ 27.364139][ T4112] __arm64_sys_io_cancel+0x160/0x338 [ 27.365076][ T4112] invoke_syscall+0x98/0x2b0 [ 27.365810][ T4112] el0_svc_common+0x138/0x258 [ 27.366551][ T4112] do_el0_svc+0x58/0x13c [ 27.367226][ T4112] el0_svc+0x78/0x1d0 [ 27.367873][ T4112] el0t_64_sync_handler+0xcc/0xe4 [ 27.368679][ T4112] el0t_64_sync+0x1a0/0x1a4 [ 27.369445][ T4112] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 27.370624][ T4112] ---[ end trace 3845a3c47b55e272 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 27.480636][ T4116] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 27.532594][ T4112] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 27.533602][ T4112] SMP: stopping secondary CPUs [ 27.534262][ T4112] Kernel Offset: disabled [ 27.534870][ T4112] CPU features: 0x8,000003c1,7d33ffd9 [ 27.535632][ T4112] Memory Limit: none [ 27.686122][ T4112] Rebooting in 86400 seconds..