last executing test programs: 491.758707ms ago: executing program 3 (id=157): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 105.041945ms ago: executing program 1 (id=244): mq_notify(0xffffffffffffffff, &(0x7f0000000000)) 104.864115ms ago: executing program 2 (id=247): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/context', 0x2, 0x0) 104.705215ms ago: executing program 4 (id=248): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 104.473915ms ago: executing program 1 (id=249): syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x800) 104.252755ms ago: executing program 0 (id=250): mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 68.430097ms ago: executing program 2 (id=251): readlinkat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 68.207457ms ago: executing program 3 (id=252): munmap(0x0, 0x0) 68.141807ms ago: executing program 3 (id=253): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1', 0x800, 0x0) 68.076038ms ago: executing program 4 (id=254): getpid() 68.033098ms ago: executing program 0 (id=255): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 67.957198ms ago: executing program 2 (id=256): chroot(&(0x7f0000000000)) 28.662829ms ago: executing program 0 (id=257): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 28.523149ms ago: executing program 4 (id=258): getresgid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 28.122939ms ago: executing program 1 (id=259): renameat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000)) 28.037869ms ago: executing program 0 (id=260): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 27.958699ms ago: executing program 2 (id=261): clock_adjtime(0x0, &(0x7f0000000000)) 27.819299ms ago: executing program 4 (id=262): socket$inet6_dccp(0xa, 0x6, 0x0) 27.743149ms ago: executing program 1 (id=263): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0) 27.707649ms ago: executing program 2 (id=264): unlinkat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 27.610809ms ago: executing program 3 (id=265): fchmod(0xffffffffffffffff, 0x0) 27.436019ms ago: executing program 4 (id=266): set_mempolicy(0x0, &(0x7f0000000000), 0x0) 1.05258ms ago: executing program 0 (id=267): uname(&(0x7f0000000000)) 922.62µs ago: executing program 1 (id=268): epoll_pwait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 805.93µs ago: executing program 3 (id=269): file_setattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 701.77µs ago: executing program 4 (id=270): process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 557.861µs ago: executing program 0 (id=271): io_destroy(0x0) 350.22µs ago: executing program 1 (id=272): rt_sigprocmask(0x0, &(0x7f0000000000), 0x0, 0x0) 132.911µs ago: executing program 2 (id=273): setfsgid(0x0) 0s ago: executing program 3 (id=274): socket$can_j1939(0x1d, 0x2, 0x7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.24' (ED25519) to the list of known hosts. [ 29.945882][ T4030] cgroup: Unknown subsys name 'net' [ 30.193136][ T4030] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 30.462879][ T4030] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 31.793172][ T4219] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 32.255023][ T4323] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 32.256287][ T4323] Modules linked in: [ 32.257465][ T4323] CPU: 1 PID: 4323 Comm: syz.0.271 Not tainted syzkaller #0 [ 32.258682][ T4323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 32.260364][ T4323] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 32.261654][ T4323] pc : lookup_ioctx+0x108/0x7c8 [ 32.262440][ T4323] lr : lookup_ioctx+0xe4/0x7c8 [ 32.263364][ T4323] sp : ffff80001fba7c40 [ 32.264142][ T4323] x29: ffff80001fba7c40 x28: ffff0000d0a1b680 x27: 0000000000000000 [ 32.265436][ T4323] x26: 1fffe0001a1436d0 x25: 1ffff00003f74fd6 x24: ffff0000d94abf40 [ 32.266801][ T4323] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 32.268142][ T4323] x20: ffff0000d0a1b680 x19: 0000000000000000 x18: 0000000000000000 [ 32.269408][ T4323] x17: 0000000000000000 x16: ffff800008a22ca0 x15: 0000000000000000 [ 32.270751][ T4323] x14: 0000000000000003 x13: 1ffff0000285402b x12: 0000000000ff0100 [ 32.272029][ T4323] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 32.273325][ T4323] x8 : 0000000000000000 x7 : ffff8000087585b4 x6 : 0000000000000000 [ 32.274707][ T4323] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 32.276079][ T4323] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 32.277444][ T4323] Call trace: [ 32.277982][ T4323] lookup_ioctx+0x108/0x7c8 [ 32.278690][ T4323] __arm64_sys_io_destroy+0x9c/0x1d8 [ 32.279517][ T4323] invoke_syscall+0x98/0x2b0 [ 32.280273][ T4323] el0_svc_common+0x138/0x258 [ 32.281085][ T4323] do_el0_svc+0x58/0x13c [ 32.281765][ T4323] el0_svc+0x78/0x1d0 [ 32.282402][ T4323] el0t_64_sync_handler+0xcc/0xe4 [ 32.283209][ T4323] el0t_64_sync+0x1a0/0x1a4 [ 32.283929][ T4323] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 32.285066][ T4323] ---[ end trace edf19c79d43e79f0 ]--- [ 32.468769][ T4323] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 32.469869][ T4323] SMP: stopping secondary CPUs [ 32.470643][ T4323] Kernel Offset: disabled [ 32.471453][ T4323] CPU features: 0x8,000003c1,7d33ffd9 [ 32.472348][ T4323] Memory Limit: none [ 32.630225][ T4323] Rebooting in 86400 seconds..