last executing test programs: 322.133983ms ago: executing program 4 (id=97): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 301.404584ms ago: executing program 4 (id=101): mremap(0x0, 0x0, 0x0, 0x0, 0x0) 300.907043ms ago: executing program 4 (id=106): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/kdamond_pid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/kdamond_pid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/kdamond_pid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/kdamond_pid', 0x800, 0x0) 277.741284ms ago: executing program 4 (id=108): capget(&(0x7f0000000000), &(0x7f0000000000)) 277.244994ms ago: executing program 4 (id=113): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/target_ids', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/target_ids', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/target_ids', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/target_ids', 0x800, 0x0) 249.484935ms ago: executing program 4 (id=117): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 79.865608ms ago: executing program 1 (id=151): msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) 79.357338ms ago: executing program 1 (id=154): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/i915', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/i915', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/i915', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/i915', 0x800, 0x0) 78.897638ms ago: executing program 3 (id=157): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 52.259039ms ago: executing program 2 (id=159): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy', 0x0, 0x0) 52.169959ms ago: executing program 1 (id=160): socket$phonet(0x23, 0x2, 0x1) 52.019369ms ago: executing program 0 (id=161): mq_unlink(&(0x7f0000000000)) 51.949169ms ago: executing program 2 (id=162): recvmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 51.881449ms ago: executing program 3 (id=163): close(0xffffffffffffffff) 51.760769ms ago: executing program 0 (id=164): unlinkat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 51.590529ms ago: executing program 2 (id=165): syncfs(0xffffffffffffffff) 26.557009ms ago: executing program 0 (id=166): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 26.414819ms ago: executing program 0 (id=167): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/load', 0x2, 0x0) 26.127019ms ago: executing program 2 (id=168): socket$rxrpc(0x21, 0x2, 0x0) 25.983529ms ago: executing program 3 (id=169): fchownat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 25.832509ms ago: executing program 1 (id=170): syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$MSR(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$MSR(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$MSR(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$MSR(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$MSR(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$MSR(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$MSR(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$MSR(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$MSR(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$MSR(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$MSR(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$MSR(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$MSR(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$MSR(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$MSR(&(0x7f0000000500), 0x4, 0x800) 25.738089ms ago: executing program 2 (id=171): sigaltstack(&(0x7f0000000000), 0x0) 25.651969ms ago: executing program 0 (id=172): getrlimit(0x0, &(0x7f0000000000)) 25.567959ms ago: executing program 3 (id=173): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bifrost', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bifrost', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bifrost', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bifrost', 0x800, 0x0) 661.459µs ago: executing program 0 (id=174): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0) 506.339µs ago: executing program 1 (id=175): process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 333.499µs ago: executing program 2 (id=176): io_submit(0x0, 0x0, &(0x7f0000000000)) 268.97µs ago: executing program 3 (id=177): mlock2(0x0, 0x0, 0x0) 184.9µs ago: executing program 1 (id=178): socket$nl_sock_diag(0x10, 0x3, 0x4) 0s ago: executing program 3 (id=179): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/context', 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.46' (ED25519) to the list of known hosts. syzkaller login: [ 34.902370][ T4032] cgroup: Unknown subsys name 'net' [ 35.138498][ T4032] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 35.462665][ T4032] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 36.867510][ T4224] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 36.868699][ T4224] Modules linked in: [ 36.869264][ T4224] CPU: 0 PID: 4224 Comm: syz.2.176 Not tainted syzkaller #0 [ 36.870331][ T4224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 36.871834][ T4224] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 36.873074][ T4224] pc : lookup_ioctx+0x108/0x7d0 [ 36.873804][ T4224] lr : lookup_ioctx+0xe4/0x7d0 [ 36.874548][ T4224] sp : ffff80001f717c20 [ 36.875200][ T4224] x29: ffff80001f717c20 x28: ffff0000c230d1c0 x27: 0000000020000000 [ 36.876564][ T4224] x26: 1fffe00018461a38 x25: 1ffff00003ee2fd6 x24: ffff0000d3d7ed40 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 36.877874][ T4224] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 36.879061][ T4224] x20: ffff0000c230d1c0 x19: 0000000000000000 x18: 0000000000000000 [ 36.880298][ T4224] x17: 0000000000000000 x16: ffff800008a1a0d8 x15: 0000000000000000 [ 36.881644][ T4224] x14: 0000000000000000 x13: 1ffff0000283006b x12: 0000000000ff0100 [ 36.882982][ T4224] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 36.884329][ T4224] x8 : 0000000000000000 x7 : ffff800008751314 x6 : 0000000000000000 [ 36.885552][ T4224] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 36.886838][ T4224] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 36.888147][ T4224] Call trace: [ 36.888612][ T4224] lookup_ioctx+0x108/0x7d0 [ 36.889342][ T4224] __arm64_sys_io_submit+0x110/0x40c [ 36.890163][ T4224] invoke_syscall+0x98/0x2b8 [ 36.890897][ T4224] el0_svc_common+0x138/0x258 [ 36.891616][ T4224] do_el0_svc+0x58/0x14c [ 36.892225][ T4224] el0_svc+0x78/0x1e0 [ 36.892819][ T4224] el0t_64_sync_handler+0xcc/0xe4 [ 36.893517][ T4224] el0t_64_sync+0x1a0/0x1a4 [ 36.894183][ T4224] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 36.895259][ T4224] ---[ end trace 77b402799d12e794 ]--- [ 37.064979][ T4224] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 37.066077][ T4224] SMP: stopping secondary CPUs [ 37.066784][ T4224] Kernel Offset: disabled [ 37.067417][ T4224] CPU features: 0x8,000003c1,7d33ffd9 [ 37.068222][ T4224] Memory Limit: none [ 37.230468][ T4224] Rebooting in 86400 seconds..