last executing test programs: 127.488626ms ago: executing program 4 (id=45): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0) 106.136077ms ago: executing program 2 (id=47): process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 105.908707ms ago: executing program 1 (id=49): syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$loop(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$loop(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$loop(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$loop(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$loop(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$loop(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$loop(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$loop(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$loop(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$loop(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$loop(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$loop(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$loop(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$loop(&(0x7f0000000500), 0x4, 0x800) 105.479897ms ago: executing program 2 (id=52): lsetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 105.286357ms ago: executing program 4 (id=53): writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) 72.222327ms ago: executing program 1 (id=55): execve(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 72.134717ms ago: executing program 4 (id=57): remap_file_pages(0x0, 0x0, 0x0, 0x0, 0x0) 72.073107ms ago: executing program 2 (id=58): set_mempolicy(0x0, &(0x7f0000000000), 0x0) 71.903377ms ago: executing program 0 (id=60): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0) 71.866117ms ago: executing program 3 (id=61): socket$kcm(0x29, 0x2, 0x0) 40.395419ms ago: executing program 1 (id=62): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0', 0x800, 0x0) 40.258459ms ago: executing program 1 (id=63): delete_module(&(0x7f0000000000), 0x0) 39.998229ms ago: executing program 2 (id=64): syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000500), 0x28, 0x800) 39.920789ms ago: executing program 4 (id=65): fchdir(0xffffffffffffffff) 39.828689ms ago: executing program 0 (id=66): syz_init_net_socket$rose(0xb, 0x5, 0x0) 39.771839ms ago: executing program 3 (id=67): fsetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 39.686529ms ago: executing program 1 (id=68): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/comedi0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/comedi0', 0x800, 0x0) 25.710609ms ago: executing program 3 (id=69): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 25.614759ms ago: executing program 4 (id=70): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 25.527559ms ago: executing program 2 (id=71): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/irnet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/irnet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/irnet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/irnet', 0x800, 0x0) 25.421869ms ago: executing program 1 (id=72): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter', 0x800, 0x0) 25.374969ms ago: executing program 0 (id=73): pwrite64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 25.300019ms ago: executing program 3 (id=74): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 533.48µs ago: executing program 3 (id=75): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0) 290.42µs ago: executing program 0 (id=76): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/msm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/msm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/msm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/msm', 0x800, 0x0) 188.08µs ago: executing program 4 (id=77): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hpet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hpet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hpet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hpet', 0x800, 0x0) 147.86µs ago: executing program 2 (id=78): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) 107.809µs ago: executing program 0 (id=79): syncfs(0xffffffffffffffff) 41.84µs ago: executing program 3 (id=80): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_control', 0x2, 0x0) 0s ago: executing program 0 (id=81): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.242' (ED25519) to the list of known hosts. [ 29.418694][ T4035] cgroup: Unknown subsys name 'net' [ 29.653656][ T4035] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 29.961735][ T4035] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 30.861734][ T4108] mmap: syz.4.57 (4108) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 30.944987][ T4132] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 30.946353][ T4132] Modules linked in: [ 30.947014][ T4132] CPU: 1 PID: 4132 Comm: syz.2.78 Not tainted syzkaller #0 [ 30.948157][ T4132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 30.949862][ T4132] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 30.951143][ T4132] pc : lookup_ioctx+0x108/0x7c8 [ 30.951959][ T4132] lr : lookup_ioctx+0xe4/0x7c8 [ 30.952758][ T4132] sp : ffff80001f8b7cf0 [ 30.953444][ T4132] x29: ffff80001f8b7cf0 x28: ffff0000d58b1b40 x27: 0000000000000000 [ 30.954781][ T4132] x26: 1fffe0001ab16368 x25: 0000000000400040 x24: ffff0000c1ef6780 [ 30.956210][ T4132] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 30.957507][ T4132] x20: ffff0000d58b1b40 x19: 0000000000000000 x18: 0000000000000000 [ 30.958843][ T4132] x17: 0000000000000000 x16: ffff800008a23b90 x15: 0000000000000000 [ 30.960313][ T4132] x14: 0000000000000003 x13: 1ffff0000285402b x12: 0000000000ff0100 [ 30.961851][ T4132] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 30.963326][ T4132] x8 : 0000000000000000 x7 : ffff800008758fbc x6 : 0000000000000000 [ 30.964742][ T4132] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 30.966161][ T4132] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 30.967504][ T4132] Call trace: [ 30.968076][ T4132] lookup_ioctx+0x108/0x7c8 [ 30.968845][ T4132] __arm64_sys_io_cancel+0x160/0x338 [ 30.969803][ T4132] invoke_syscall+0x98/0x2b0 [ 30.970642][ T4132] el0_svc_common+0x138/0x258 [ 30.971409][ T4132] do_el0_svc+0x58/0x13c [ 30.972147][ T4132] el0_svc+0x78/0x1d0 [ 30.972808][ T4132] el0t_64_sync_handler+0xcc/0xe4 [ 30.973608][ T4132] el0t_64_sync+0x1a0/0x1a4 [ 30.974373][ T4132] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 30.975524][ T4132] ---[ end trace 878b294837ad5e0b ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 31.156589][ T4132] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 31.157537][ T4132] SMP: stopping secondary CPUs [ 31.158348][ T4132] Kernel Offset: disabled [ 31.159069][ T4132] CPU features: 0x8,000003c1,7d33ffd9 [ 31.160004][ T4132] Memory Limit: none [ 31.330699][ T4132] Rebooting in 86400 seconds..