last executing test programs: 138.024482ms ago: executing program 2 (id=212): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/xen/evtchn', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/xen/evtchn', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/xen/evtchn', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/xen/evtchn', 0x800, 0x0) 137.290081ms ago: executing program 2 (id=215): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0', 0x2, 0x0) 107.909303ms ago: executing program 2 (id=217): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/keychord', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/keychord', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/keychord', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/keychord', 0x800, 0x0) 104.705453ms ago: executing program 2 (id=224): waitid(0x0, 0x0, 0x0, 0x0, 0x0) 78.342015ms ago: executing program 3 (id=226): fsetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 77.728325ms ago: executing program 2 (id=228): fdatasync(0xffffffffffffffff) 77.070705ms ago: executing program 4 (id=230): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa', 0x800, 0x0) 57.995606ms ago: executing program 0 (id=231): syz_open_dev$ircomm(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ircomm(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ircomm(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ircomm(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$ircomm(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$ircomm(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$ircomm(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$ircomm(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$ircomm(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$ircomm(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$ircomm(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$ircomm(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$ircomm(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$ircomm(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$ircomm(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$ircomm(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$ircomm(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$ircomm(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$ircomm(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$ircomm(&(0x7f0000000500), 0x4, 0x800) 57.731756ms ago: executing program 2 (id=232): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mice', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/mice', 0x800, 0x0) 57.624336ms ago: executing program 3 (id=233): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2', 0x2, 0x0) 57.514076ms ago: executing program 0 (id=234): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold', 0x2, 0x0) 57.394536ms ago: executing program 4 (id=235): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control', 0x800, 0x0) 27.040578ms ago: executing program 4 (id=237): timer_create(0x0, &(0x7f0000000000), &(0x7f0000000000)) 26.742018ms ago: executing program 3 (id=238): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 26.467168ms ago: executing program 1 (id=239): semget(0xffffffffffffffff, 0x0, 0x0) 26.373978ms ago: executing program 0 (id=240): capset(&(0x7f0000000000), &(0x7f0000000000)) 26.221828ms ago: executing program 1 (id=241): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/btf/vmlinux', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/btf/vmlinux', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/btf/vmlinux', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/btf/vmlinux', 0x800, 0x0) 26.173388ms ago: executing program 4 (id=242): landlock_restrict_self(0xffffffffffffffff, 0x0) 26.136078ms ago: executing program 0 (id=243): socket$qrtr(0x2a, 0x2, 0x0) 26.044928ms ago: executing program 4 (id=244): eventfd2(0x0, 0x0) 26.003198ms ago: executing program 1 (id=245): fchown(0xffffffffffffffff, 0x0, 0x0) 1.89026ms ago: executing program 3 (id=246): fchdir(0xffffffffffffffff) 1.557799ms ago: executing program 3 (id=247): fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.200749ms ago: executing program 1 (id=248): getitimer(0x0, &(0x7f0000000000)) 1.0562ms ago: executing program 1 (id=249): pkey_alloc(0x0, 0x0) 964.429µs ago: executing program 0 (id=250): mlockall(0x0) 683.97µs ago: executing program 0 (id=251): vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 570.739µs ago: executing program 3 (id=252): syz_init_net_socket$rose(0xb, 0x5, 0x0) 196.03µs ago: executing program 4 (id=253): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 0s ago: executing program 1 (id=254): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current', 0x2, 0x0) 0s ago: executing program 0 (id=258): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts. [ 25.618079][ T4017] cgroup: Unknown subsys name 'net' [ 25.886460][ T4017] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 26.158032][ T4017] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 27.215069][ T4159] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 27.559266][ T4247] mmap: syz.1.198 (4247) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 27.759894][ T4306] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 27.761189][ T4306] Modules linked in: [ 27.761830][ T4306] CPU: 0 PID: 4306 Comm: syz.0.258 Not tainted syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 27.763030][ T4306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 27.764618][ T4306] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 27.765943][ T4306] pc : lookup_ioctx+0x108/0x7c8 [ 27.766702][ T4306] lr : lookup_ioctx+0xe4/0x7c8 [ 27.767422][ T4306] sp : ffff80001f9c7cf0 [ 27.768091][ T4306] x29: ffff80001f9c7cf0 x28: ffff0000d5cd3680 x27: 0000000000000000 [ 27.769388][ T4306] x26: 1fffe0001ab9a6d0 x25: 0000000000400040 x24: ffff0000d35c4ac0 [ 27.770695][ T4306] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 27.771881][ T4306] x20: ffff0000d5cd3680 x19: 0000000000000000 x18: 0000000000000000 [ 27.773134][ T4306] x17: 0000000000000000 x16: ffff800008a220d8 x15: 0000000000000000 [ 27.774294][ T4306] x14: 0000000000000003 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 27.775473][ T4306] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 27.776651][ T4306] x8 : 0000000000000000 x7 : ffff800008758124 x6 : 0000000000000000 [ 27.777774][ T4306] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 27.778968][ T4306] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 27.780129][ T4306] Call trace: [ 27.780600][ T4306] lookup_ioctx+0x108/0x7c8 [ 27.781222][ T4306] __arm64_sys_io_cancel+0x160/0x338 [ 27.781991][ T4306] invoke_syscall+0x98/0x2b0 [ 27.782597][ T4306] el0_svc_common+0x138/0x258 [ 27.783282][ T4306] do_el0_svc+0x58/0x13c [ 27.783941][ T4306] el0_svc+0x78/0x1d0 [ 27.784513][ T4306] el0t_64_sync_handler+0xcc/0xe4 [ 27.785227][ T4306] el0t_64_sync+0x1a0/0x1a4 [ 27.785848][ T4306] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 27.786876][ T4306] ---[ end trace e96de13c23823967 ]--- [ 27.962403][ T4306] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 27.963434][ T4306] SMP: stopping secondary CPUs [ 27.964146][ T4306] Kernel Offset: disabled [ 27.964711][ T4306] CPU features: 0x8,000003c1,7d33ffd9 [ 27.965493][ T4306] Memory Limit: none [ 28.138000][ T4306] Rebooting in 86400 seconds..