last executing test programs: 139.743449ms ago: executing program 1 (id=210): syz_open_dev$floppy(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$floppy(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$floppy(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$floppy(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$floppy(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$floppy(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$floppy(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$floppy(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$floppy(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$floppy(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$floppy(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$floppy(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$floppy(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$floppy(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$floppy(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$floppy(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$floppy(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$floppy(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$floppy(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$floppy(&(0x7f0000000500), 0x4, 0x800) 99.656952ms ago: executing program 0 (id=218): userfaultfd(0x0) 58.969726ms ago: executing program 0 (id=224): mlockall(0x0) 58.772946ms ago: executing program 3 (id=225): sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) 58.611415ms ago: executing program 4 (id=226): move_pages(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0) 58.578445ms ago: executing program 0 (id=227): ioprio_set$auto(0x0, 0x0, 0x0) 58.503786ms ago: executing program 2 (id=228): syz_init_net_socket$rose(0xb, 0x5, 0x0) 58.415976ms ago: executing program 3 (id=229): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/direct', 0x2, 0x0) 58.320866ms ago: executing program 4 (id=230): syz_open_dev$usbfs(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x28, 0x800) 58.251366ms ago: executing program 2 (id=231): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem', 0x1, 0x0) 44.068566ms ago: executing program 0 (id=232): syz_open_dev$hidraw(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$hidraw(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$hidraw(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$hidraw(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$hidraw(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$hidraw(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$hidraw(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$hidraw(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$hidraw(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$hidraw(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$hidraw(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$hidraw(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$hidraw(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$hidraw(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$hidraw(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$hidraw(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$hidraw(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$hidraw(&(0x7f0000000500), 0x4, 0x800) 43.933716ms ago: executing program 3 (id=233): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 43.859927ms ago: executing program 2 (id=234): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rnullb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rnullb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rnullb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rnullb0', 0x800, 0x0) 43.712957ms ago: executing program 4 (id=235): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0) 43.597026ms ago: executing program 1 (id=236): inotify_init1(0x0) 27.576168ms ago: executing program 2 (id=237): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp', 0x800, 0x0) 27.247068ms ago: executing program 0 (id=238): syslog(0x0, 0x0, 0x0) 27.127088ms ago: executing program 1 (id=239): readahead(0xffffffffffffffff, 0x0, 0x0) 26.970728ms ago: executing program 2 (id=240): rt_sigaction(0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 26.922468ms ago: executing program 3 (id=241): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create', 0x2, 0x0) 26.838028ms ago: executing program 4 (id=242): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty', 0x800, 0x0) 1.12345ms ago: executing program 3 (id=243): semget(0xffffffffffffffff, 0x0, 0x0) 779.53µs ago: executing program 0 (id=244): socket$inet_sctp(0x2, 0x1, 0x84) 644.26µs ago: executing program 1 (id=245): clone3(&(0x7f0000000000), 0x0) exit(0x0) 523.64µs ago: executing program 4 (id=246): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0) 460.88µs ago: executing program 1 (id=247): msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) 376.89µs ago: executing program 2 (id=248): io_submit(0x0, 0x0, &(0x7f0000000000)) 345.71µs ago: executing program 3 (id=249): landlock_create_ruleset(&(0x7f0000000000), 0x0, 0x0) 303.36µs ago: executing program 1 (id=250): msync(0x0, 0x0, 0x0) 0s ago: executing program 4 (id=251): setresgid(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts. syzkaller login: [ 26.299073][ T4031] cgroup: Unknown subsys name 'net' [ 26.558212][ T4031] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 26.880036][ T4031] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 28.530952][ T4267] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 28.639443][ T4298] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 28.640589][ T4298] Modules linked in: [ 28.641221][ T4298] CPU: 1 PID: 4298 Comm: syz.2.248 Not tainted syzkaller #0 [ 28.642413][ T4298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 28.644215][ T4298] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 28.645503][ T4298] pc : lookup_ioctx+0x108/0x7d0 [ 28.646308][ T4298] lr : lookup_ioctx+0xe4/0x7d0 [ 28.647064][ T4298] sp : ffff8000201f7c20 [ 28.647768][ T4298] x29: ffff8000201f7c20 x28: ffff0000d3a73680 x27: 0000000020000000 [ 28.649029][ T4298] x26: 1fffe0001a74e6d0 x25: 1ffff0000403efd6 x24: ffff0000d36ab3c0 [ 28.650291][ T4298] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 28.651641][ T4298] x20: ffff0000d3a73680 x19: 0000000000000000 x18: 0000000000000000 SYZFAIL: failed to recv rpc [ 28.652895][ T4298] x17: 0000000000000000 x16: ffff800008a19ff4 x15: 0000000000000000 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 28.654179][ T4298] x14: 0000000000000000 x13: 1ffff0000283006b x12: 0000000000ff0100 [ 28.655440][ T4298] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 28.656670][ T4298] x8 : 0000000000000000 x7 : ffff80000875120c x6 : 0000000000000000 [ 28.657931][ T4298] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 28.659244][ T4298] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 28.660609][ T4298] Call trace: [ 28.661120][ T4298] lookup_ioctx+0x108/0x7d0 [ 28.661853][ T4298] __arm64_sys_io_submit+0x110/0x40c [ 28.662692][ T4298] invoke_syscall+0x98/0x2b8 [ 28.663371][ T4298] el0_svc_common+0x138/0x258 [ 28.664134][ T4298] do_el0_svc+0x58/0x14c [ 28.664718][ T4298] el0_svc+0x78/0x1e0 [ 28.665312][ T4298] el0t_64_sync_handler+0xcc/0xe4 [ 28.666112][ T4298] el0t_64_sync+0x1a0/0x1a4 [ 28.666823][ T4298] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 28.667775][ T4298] ---[ end trace acbd3ec4700d6e37 ]--- [ 28.852090][ T4298] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 28.853208][ T4298] SMP: stopping secondary CPUs [ 28.853992][ T4298] Kernel Offset: disabled [ 28.854680][ T4298] CPU features: 0x8,000003c1,7d33ffd9 [ 28.855574][ T4298] Memory Limit: none [ 29.043916][ T4298] Rebooting in 86400 seconds..