last executing test programs: 111.258354ms ago: executing program 4 (id=20): fsetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 111.107774ms ago: executing program 3 (id=22): read(0xffffffffffffffff, &(0x7f0000000000), 0x0) 110.898444ms ago: executing program 1 (id=23): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 83.953936ms ago: executing program 1 (id=25): socket$inet6_tcp(0xa, 0x1, 0x0) 83.895885ms ago: executing program 4 (id=26): syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x800) 83.706285ms ago: executing program 2 (id=27): clone3(&(0x7f0000000000), 0x0) exit(0x0) 83.571675ms ago: executing program 3 (id=29): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access', 0x2, 0x0) 83.365125ms ago: executing program 0 (id=30): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nmem0', 0x800, 0x0) 82.946905ms ago: executing program 4 (id=31): socket$netlink(0x10, 0x3, 0x0) 60.929416ms ago: executing program 1 (id=32): sched_getaffinity(0x0, 0x0, &(0x7f0000000000)) 60.811336ms ago: executing program 2 (id=33): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles', 0x800, 0x0) 60.679287ms ago: executing program 0 (id=34): syncfs(0xffffffffffffffff) 60.557997ms ago: executing program 3 (id=35): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 60.509067ms ago: executing program 0 (id=36): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current', 0x2, 0x0) 60.480597ms ago: executing program 1 (id=37): readlinkat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 60.403986ms ago: executing program 2 (id=38): socket$inet_udp(0x2, 0x2, 0x0) 60.235947ms ago: executing program 4 (id=39): syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sg(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$sg(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$sg(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$sg(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$sg(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$sg(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$sg(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$sg(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$sg(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$sg(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$sg(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$sg(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$sg(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$sg(&(0x7f0000000500), 0x4, 0x800) 35.797438ms ago: executing program 2 (id=40): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 35.663848ms ago: executing program 3 (id=41): cachestat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 35.507408ms ago: executing program 0 (id=42): preadv(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 35.453278ms ago: executing program 1 (id=43): eventfd2(0x0, 0x0) 35.387518ms ago: executing program 2 (id=44): mmap(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 35.284198ms ago: executing program 4 (id=45): bind(0xffffffffffffffff, &(0x7f0000000000), 0x0) 851.35µs ago: executing program 0 (id=46): map_shadow_stack(0x0, 0x0, 0x0) 659.51µs ago: executing program 3 (id=47): getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 606.39µs ago: executing program 1 (id=48): linkat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 415.97µs ago: executing program 0 (id=49): lsm_set_self_attr(0x0, &(0x7f0000000000), 0x0, 0x0) 242.43µs ago: executing program 2 (id=50): statfs(&(0x7f0000000000), &(0x7f0000000000)) 177.16µs ago: executing program 4 (id=51): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse', 0x800, 0x0) 0s ago: executing program 3 (id=52): io_pgetevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.207' (ED25519) to the list of known hosts. [ 27.317190][ T4028] cgroup: Unknown subsys name 'net' [ 27.588021][ T4028] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 27.880793][ T4028] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 28.846463][ T4098] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 28.847763][ T4098] Modules linked in: [ 28.848374][ T4098] CPU: 1 PID: 4098 Comm: syz.3.52 Not tainted syzkaller #0 [ 28.849508][ T4098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 28.851108][ T4098] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 28.852356][ T4098] pc : lookup_ioctx+0x108/0x7c8 [ 28.853130][ T4098] lr : lookup_ioctx+0xe4/0x7c8 [ 28.853899][ T4098] sp : ffff80001f277ac0 [ 28.854555][ T4098] x29: ffff80001f277ac0 x28: dfff800000000000 x27: dfff800000000000 [ 28.855795][ T4098] x26: ffff80001f277b20 x25: ffff700003e4ef64 x24: ffff0000c9653980 [ 28.857057][ T4098] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 28.858454][ T4098] x20: ffff0000cad6d1c0 x19: 0000000000000000 x18: 0000000000000000 [ 28.859851][ T4098] x17: 0000000000000000 x16: ffff800008a22ca0 x15: 0000000000000000 [ 28.861254][ T4098] x14: 0000000000000002 x13: 1ffff0000285402b x12: 0000000000ff0100 [ 28.862547][ T4098] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 28.863940][ T4098] x8 : 0000000000000000 x7 : ffff8000087585b4 x6 : 0000000000000000 [ 28.865220][ T4098] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 28.866473][ T4098] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 28.867670][ T4098] Call trace: [ 28.868145][ T4098] lookup_ioctx+0x108/0x7c8 [ 28.868834][ T4098] do_io_getevents+0x12c/0x3c8 [ 28.869645][ T4098] __arm64_sys_io_pgetevents+0x2f8/0x508 [ 28.870550][ T4098] invoke_syscall+0x98/0x2b0 [ 28.871332][ T4098] el0_svc_common+0x138/0x258 [ 28.872090][ T4098] do_el0_svc+0x58/0x13c [ 28.872784][ T4098] el0_svc+0x78/0x1d0 [ 28.873436][ T4098] el0t_64_sync_handler+0xcc/0xe4 [ 28.874278][ T4098] el0t_64_sync+0x1a0/0x1a4 [ 28.875030][ T4098] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 28.876170][ T4098] ---[ end trace d670f730fa75c64f ]--- [ 29.048487][ T4098] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 29.049615][ T4098] SMP: stopping secondary CPUs [ 29.050427][ T4098] Kernel Offset: disabled [ 29.051127][ T4098] CPU features: 0x8,000003c1,7d33ffd9 [ 29.051981][ T4098] Memory Limit: none [ 29.228694][ T4098] Rebooting in 86400 seconds..