last executing test programs: 574.142174ms ago: executing program 0 (id=50): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 513.760499ms ago: executing program 0 (id=68): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 513.641269ms ago: executing program 0 (id=69): socket$qrtr(0x2a, 0x2, 0x0) 513.462359ms ago: executing program 0 (id=71): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 458.844215ms ago: executing program 4 (id=78): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 458.753245ms ago: executing program 4 (id=79): socket$inet6_dccp(0xa, 0x6, 0x0) 458.431855ms ago: executing program 4 (id=83): fchown(0xffffffffffffffff, 0x0, 0x0) 430.835718ms ago: executing program 4 (id=92): munlock(0x0, 0x0) 406.50402ms ago: executing program 4 (id=95): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0) 406.00771ms ago: executing program 4 (id=98): rt_sigreturn() 97.759361ms ago: executing program 1 (id=153): mq_unlink(&(0x7f0000000000)) 97.582761ms ago: executing program 3 (id=154): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/btf/vmlinux', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/btf/vmlinux', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/btf/vmlinux', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/btf/vmlinux', 0x800, 0x0) 96.356421ms ago: executing program 3 (id=156): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 52.467896ms ago: executing program 1 (id=157): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio', 0x800, 0x0) 52.248235ms ago: executing program 3 (id=158): readlinkat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 51.876295ms ago: executing program 2 (id=159): set_tid_address(&(0x7f0000000000)) 51.819186ms ago: executing program 3 (id=160): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bifrost', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bifrost', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bifrost', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bifrost', 0x800, 0x0) 51.701276ms ago: executing program 1 (id=161): socket$nl_xfrm(0x10, 0x3, 0x6) 51.645236ms ago: executing program 2 (id=162): splice(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 51.591336ms ago: executing program 1 (id=163): close(0xffffffffffffffff) 51.434946ms ago: executing program 2 (id=164): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 51.390476ms ago: executing program 3 (id=165): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 1.10404ms ago: executing program 2 (id=166): socket$can_raw(0x1d, 0x3, 0x1) 865.07µs ago: executing program 3 (id=167): socket$caif_seqpacket(0x25, 0x5, 0x0) 549.821µs ago: executing program 1 (id=168): fsopen(&(0x7f0000000000), 0x0) 452.461µs ago: executing program 2 (id=169): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0) 255.411µs ago: executing program 0 (id=170): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control', 0x800, 0x0) 162.43µs ago: executing program 0 (id=171): getitimer(0x0, &(0x7f0000000000)) 117.73µs ago: executing program 1 (id=172): getrlimit(0x0, &(0x7f0000000000)) 0s ago: executing program 2 (id=173): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sr0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sr0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sr0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sr0', 0x800, 0x0) 0s ago: executing program 2 (id=174): io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.189' (ED25519) to the list of known hosts. [ 26.638019][ T4031] cgroup: Unknown subsys name 'net' [ 26.950583][ T4031] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 27.230129][ T4031] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 28.124868][ T4105] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 28.697124][ T4225] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 28.698417][ T4225] Modules linked in: [ 28.699027][ T4225] CPU: 0 PID: 4225 Comm: syz.2.174 Not tainted syzkaller #0 [ 28.700178][ T4225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 28.701728][ T4225] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 28.702897][ T4225] pc : lookup_ioctx+0x108/0x7d0 [ 28.703641][ T4225] lr : lookup_ioctx+0xe4/0x7d0 [ 28.704350][ T4225] sp : ffff80001f337b20 [ 28.704954][ T4225] x29: ffff80001f337b20 x28: ffff0000cd231b40 x27: dfff800000000000 [ 28.706128][ T4225] x26: ffff80001f337b80 x25: ffff700003e66f70 x24: ffff0000cfcba280 [ 28.707366][ T4225] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 28.708552][ T4225] x20: ffff0000cd231b40 x19: 0000000000000000 x18: 0000000000000000 [ 28.709729][ T4225] x17: 0000000000000000 x16: ffff800008a19d20 x15: 0000000000000000 [ 28.710949][ T4225] x14: 0000000000000000 x13: 1ffff0000283006b x12: 0000000000ff0100 [ 28.712152][ T4225] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 28.713445][ T4225] x8 : 0000000000000000 x7 : ffff800008750ff8 x6 : 0000000000000000 [ 28.714792][ T4225] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 28.716060][ T4225] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 28.717307][ T4225] Call trace: [ 28.717837][ T4225] lookup_ioctx+0x108/0x7d0 [ 28.718474][ T4225] do_io_getevents+0x120/0x394 [ 28.719166][ T4225] __arm64_sys_io_getevents+0x160/0x23c [ 28.720021][ T4225] invoke_syscall+0x98/0x2b8 [ 28.720749][ T4225] el0_svc_common+0x138/0x258 [ 28.721566][ T4225] do_el0_svc+0x58/0x14c [ 28.722218][ T4225] el0_svc+0x78/0x1e0 [ 28.722838][ T4225] el0t_64_sync_handler+0xcc/0xe4 [ 28.723640][ T4225] el0t_64_sync+0x1a0/0x1a4 [ 28.724410][ T4225] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 28.725533][ T4225] ---[ end trace 578b485f1e50eeee ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 28.920320][ T4225] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 28.921406][ T4225] SMP: stopping secondary CPUs [ 28.922123][ T4225] Kernel Offset: disabled [ 28.922753][ T4225] CPU features: 0x8,000003c1,7d33ffd9 [ 28.923577][ T4225] Memory Limit: none [ 29.111008][ T4225] Rebooting in 86400 seconds..