last executing test programs: 126.526719ms ago: executing program 1 (id=20): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0) 126.208849ms ago: executing program 2 (id=22): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid', 0x800, 0x0) 126.012829ms ago: executing program 1 (id=24): mq_timedreceive(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 103.447661ms ago: executing program 4 (id=27): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/logging', 0x2, 0x0) 103.325372ms ago: executing program 1 (id=29): setresuid(0x0, 0x0, 0x0) 103.121161ms ago: executing program 2 (id=30): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 102.989771ms ago: executing program 4 (id=31): keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000), 0x0) 71.466194ms ago: executing program 1 (id=34): memfd_create(&(0x7f0000000000), 0x0) 71.244634ms ago: executing program 0 (id=35): getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 71.103514ms ago: executing program 4 (id=36): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3', 0x800, 0x0) 71.002424ms ago: executing program 3 (id=37): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control', 0x800, 0x0) 70.979414ms ago: executing program 0 (id=38): ptrace(0x0, 0x0) 70.843854ms ago: executing program 1 (id=39): syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbmon(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbmon(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$usbmon(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$usbmon(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$usbmon(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$usbmon(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$usbmon(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$usbmon(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$usbmon(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$usbmon(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$usbmon(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$usbmon(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$usbmon(&(0x7f0000000500), 0x4, 0x800) 70.713194ms ago: executing program 2 (id=40): socket$caif_stream(0x25, 0x1, 0x0) 70.656244ms ago: executing program 4 (id=41): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/mac80211_hwsim/', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/mac80211_hwsim/', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/mac80211_hwsim/', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/mac80211_hwsim/', 0x800, 0x0) 37.634047ms ago: executing program 3 (id=42): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/keychord', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/keychord', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/keychord', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/keychord', 0x800, 0x0) 37.496127ms ago: executing program 0 (id=43): fchmod(0xffffffffffffffff, 0x0) 37.420487ms ago: executing program 3 (id=44): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse', 0x800, 0x0) 37.318137ms ago: executing program 4 (id=45): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ipv6host', 0x2, 0x0) 37.184717ms ago: executing program 0 (id=46): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 37.115987ms ago: executing program 4 (id=47): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 37.056587ms ago: executing program 2 (id=48): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0', 0x800, 0x0) 37.021857ms ago: executing program 3 (id=49): execve(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 791.86µs ago: executing program 3 (id=50): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 639.1µs ago: executing program 0 (id=51): socket$kcm(0x29, 0x2, 0x0) 521.71µs ago: executing program 3 (id=52): syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$I2C(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$I2C(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$I2C(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$I2C(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$I2C(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$I2C(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$I2C(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$I2C(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$I2C(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$I2C(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$I2C(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$I2C(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$I2C(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$I2C(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$I2C(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$I2C(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$I2C(&(0x7f0000000500), 0x4, 0x800) 444.94µs ago: executing program 2 (id=53): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sr0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sr0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sr0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sr0', 0x800, 0x0) 292.1µs ago: executing program 1 (id=54): pkey_alloc(0x0, 0x0) 127.56µs ago: executing program 0 (id=55): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl', 0x800, 0x0) 0s ago: executing program 2 (id=56): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 0s ago: executing program 1 (id=59): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. [ 27.548155][ T4032] cgroup: Unknown subsys name 'net' [ 27.815106][ T4032] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.112583][ T4032] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 29.072747][ T4107] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 29.074089][ T4107] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 29.074658][ T4107] CPU: 1 PID: 4107 Comm: syz.1.59 Not tainted syzkaller #0 [ 29.075899][ T4107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 29.077489][ T4107] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 29.078659][ T4107] pc : lookup_ioctx+0x108/0x7c8 [ 29.079397][ T4107] lr : lookup_ioctx+0xe4/0x7c8 [ 29.080124][ T4107] sp : ffff80001f247cf0 [ 29.080814][ T4107] x29: ffff80001f247cf0 x28: ffff0000c9789b40 x27: 0000000000000000 [ 29.082122][ T4107] x26: 1fffe000192f1368 x25: 0000000000400040 x24: ffff0000c2e73980 [ 29.083476][ T4107] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 29.084804][ T4107] x20: ffff0000c9789b40 x19: 0000000000000000 x18: 0000000000000000 [ 29.086156][ T4107] x17: 0000000000000000 x16: ffff800008a22da8 x15: 0000000000000000 [ 29.087481][ T4107] x14: 0000000000000003 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 29.088848][ T4107] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 29.090108][ T4107] x8 : 0000000000000000 x7 : ffff8000087586bc x6 : 0000000000000000 [ 29.091383][ T4107] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 29.092618][ T4107] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 29.093992][ T4107] Call trace: [ 29.094540][ T4107] lookup_ioctx+0x108/0x7c8 [ 29.095293][ T4107] __arm64_sys_io_cancel+0x160/0x338 [ 29.096181][ T4107] invoke_syscall+0x98/0x2b0 [ 29.096899][ T4107] el0_svc_common+0x138/0x258 [ 29.097666][ T4107] do_el0_svc+0x58/0x13c [ 29.098338][ T4107] el0_svc+0x78/0x1d0 [ 29.098965][ T4107] el0t_64_sync_handler+0xcc/0xe4 [ 29.099777][ T4107] el0t_64_sync+0x1a0/0x1a4 [ 29.100539][ T4107] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 29.101659][ T4107] ---[ end trace 39152f0c377a99ed ]--- [ 29.281891][ T4107] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 29.283004][ T4107] SMP: stopping secondary CPUs [ 29.283664][ T4107] Kernel Offset: disabled [ 29.284442][ T4107] CPU features: 0x8,000003c1,7d33ffd9 [ 29.285364][ T4107] Memory Limit: none [ 29.456817][ T4107] Rebooting in 86400 seconds..