last executing test programs: 529.051828ms ago: executing program 0 (id=63): lsetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 499.93938ms ago: executing program 0 (id=71): lsm_set_self_attr(0x0, &(0x7f0000000000), 0x0, 0x0) 477.032692ms ago: executing program 0 (id=76): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 100.901202ms ago: executing program 2 (id=180): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse', 0x800, 0x0) 78.156074ms ago: executing program 2 (id=185): close(0xffffffffffffffff) 77.992154ms ago: executing program 3 (id=186): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sr0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sr0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sr0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sr0', 0x800, 0x0) 77.604454ms ago: executing program 1 (id=188): sched_getaffinity(0x0, 0x0, &(0x7f0000000000)) 58.526036ms ago: executing program 2 (id=189): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0) 58.363456ms ago: executing program 4 (id=190): removexattr(&(0x7f0000000000), &(0x7f0000000000)) 58.263265ms ago: executing program 1 (id=191): restart_syscall() 58.193056ms ago: executing program 3 (id=192): userfaultfd(0x0) 58.028526ms ago: executing program 0 (id=193): semtimedop(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000)) 57.859356ms ago: executing program 1 (id=194): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/userio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio', 0x800, 0x0) 57.668806ms ago: executing program 2 (id=195): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/kdamond_pid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/kdamond_pid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/kdamond_pid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/kdamond_pid', 0x800, 0x0) 57.622236ms ago: executing program 4 (id=196): socket$inet_smc(0x2b, 0x1, 0x0) 30.868318ms ago: executing program 3 (id=197): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 30.774198ms ago: executing program 4 (id=198): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 30.597538ms ago: executing program 0 (id=199): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer', 0x800, 0x0) 30.383648ms ago: executing program 1 (id=200): pwrite64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 30.050098ms ago: executing program 2 (id=201): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) 29.876708ms ago: executing program 3 (id=202): flistxattr(0xffffffffffffffff, &(0x7f0000000000), 0x0) 29.743298ms ago: executing program 4 (id=203): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/seq', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/seq', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/seq', 0x800, 0x0) 1.308101ms ago: executing program 0 (id=204): set_mempolicy_home_node(0x0, 0x0, 0x0, 0x0) 1.15027ms ago: executing program 1 (id=205): socket$igmp6(0xa, 0x3, 0x2) 898.78µs ago: executing program 3 (id=206): socket$inet6_udplite(0xa, 0x2, 0x88) 653.61µs ago: executing program 3 (id=207): listen(0xffffffffffffffff, 0x0) 548.951µs ago: executing program 4 (id=208): renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 407.51µs ago: executing program 2 (id=209): msgget(0xffffffffffffffff, 0x0) 107.19µs ago: executing program 1 (id=210): fstat(0xffffffffffffffff, &(0x7f0000000000)) 0s ago: executing program 4 (id=211): ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 0s ago: executing program 0 (id=212): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.215' (ED25519) to the list of known hosts. [ 25.598987][ T4029] cgroup: Unknown subsys name 'net' [ 25.881566][ T4029] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 26.182831][ T4029] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 27.604038][ T4240] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 27.680878][ T4259] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 27.682127][ T4259] Modules linked in: [ 27.682733][ T4259] CPU: 0 PID: 4259 Comm: syz.0.212 Not tainted 5.15.189-syzkaller #0 [ 27.684084][ T4259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 27.685632][ T4259] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 27.686794][ T4259] pc : lookup_ioctx+0x108/0x7d0 [ 27.687589][ T4259] lr : lookup_ioctx+0xe4/0x7d0 [ 27.688383][ T4259] sp : ffff80001fae7cf0 [ 27.689053][ T4259] x29: ffff80001fae7cf0 x28: ffff0000cd5251c0 x27: 0000000000000000 [ 27.690403][ T4259] x26: 1fffe00019aa4a38 x25: 0000000000400040 x24: ffff0000c848dc00 [ 27.691608][ T4259] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 27.692812][ T4259] x20: ffff0000cd5251c0 x19: 0000000000000000 x18: 0000000000000000 [ 27.694093][ T4259] x17: 0000000000000000 x16: ffff800008a19714 x15: 0000000000000000 [ 27.695386][ T4259] x14: 0000000000000000 x13: 1ffff0000282e06b x12: 0000000000ff0100 [ 27.696682][ T4259] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 27.697982][ T4259] x8 : 0000000000000000 x7 : ffff800008750ed4 x6 : 0000000000000000 [ 27.699424][ T4259] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 27.700813][ T4259] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 27.702093][ T4259] Call trace: [ 27.702647][ T4259] lookup_ioctx+0x108/0x7d0 [ 27.703447][ T4259] __arm64_sys_io_cancel+0x160/0x338 [ 27.704366][ T4259] invoke_syscall+0x98/0x2b8 [ 27.705148][ T4259] el0_svc_common+0x138/0x258 [ 27.705864][ T4259] do_el0_svc+0x58/0x14c [ 27.706552][ T4259] el0_svc+0x78/0x1e0 [ 27.707242][ T4259] el0t_64_sync_handler+0xcc/0xe4 [ 27.708103][ T4259] el0t_64_sync+0x1a0/0x1a4 [ 27.708927][ T4259] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 27.710111][ T4259] ---[ end trace 629fddacb375841f ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 27.888887][ T4259] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 27.890018][ T4259] SMP: stopping secondary CPUs [ 27.890756][ T4259] Kernel Offset: disabled [ 27.891430][ T4259] CPU features: 0x8,000003c1,7d33ffd9 [ 27.892319][ T4259] Memory Limit: none [ 28.062536][ T4259] Rebooting in 86400 seconds..