last executing test programs: 465.665883ms ago: executing program 2 (id=120): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/change-rule', 0x2, 0x0) 464.433844ms ago: executing program 2 (id=125): msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 436.461155ms ago: executing program 2 (id=133): execve(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 403.329867ms ago: executing program 2 (id=139): fgetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 375.869589ms ago: executing program 2 (id=144): socket$inet6_tcp(0xa, 0x1, 0x0) 375.397709ms ago: executing program 2 (id=148): msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) 148.824812ms ago: executing program 0 (id=202): copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 118.099003ms ago: executing program 0 (id=205): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/attach', 0x1, 0x0) 117.548463ms ago: executing program 4 (id=208): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls', 0x0, 0x0) 117.321753ms ago: executing program 0 (id=210): madvise(0x0, 0x0, 0x0) 117.196783ms ago: executing program 3 (id=211): mremap(0x0, 0x0, 0x0, 0x0, 0x0) 116.903394ms ago: executing program 4 (id=212): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 91.914865ms ago: executing program 0 (id=213): chdir(&(0x7f0000000000)) 91.608645ms ago: executing program 3 (id=214): syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x28, 0x800) 91.506005ms ago: executing program 4 (id=215): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng', 0x800, 0x0) 91.323705ms ago: executing program 0 (id=216): syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x800) 91.252425ms ago: executing program 4 (id=217): socket$key(0xf, 0x3, 0x2) 90.955235ms ago: executing program 3 (id=219): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/unconfined', 0x2, 0x0) 35.754938ms ago: executing program 0 (id=220): sync() 35.060728ms ago: executing program 3 (id=222): socket$can_bcm(0x1d, 0x2, 0x2) 34.739069ms ago: executing program 1 (id=224): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey', 0x800, 0x0) 34.651109ms ago: executing program 1 (id=225): getrusage(0x0, &(0x7f0000000000)) 1.03757ms ago: executing program 1 (id=226): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec', 0x2, 0x0) 841.27µs ago: executing program 3 (id=227): socket$rxrpc(0x21, 0x2, 0x0) 737.5µs ago: executing program 4 (id=228): socket$netlink(0x10, 0x3, 0x0) 580.77µs ago: executing program 1 (id=229): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/schemes', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/schemes', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/schemes', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/schemes', 0x800, 0x0) 516.81µs ago: executing program 1 (id=230): writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) 427.55µs ago: executing program 4 (id=231): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 152.95µs ago: executing program 3 (id=232): getrlimit(0x0, &(0x7f0000000000)) 0s ago: executing program 1 (id=233): fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=238): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.225' (ED25519) to the list of known hosts. syzkaller login: [ 27.150289][ T4032] cgroup: Unknown subsys name 'net' [ 27.407438][ T4032] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 27.701154][ T4032] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 29.403201][ T4288] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 29.404441][ T4288] Modules linked in: [ 29.404990][ T4288] CPU: 1 PID: 4288 Comm: syz.0.238 Not tainted syzkaller #0 [ 29.406021][ T4288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 29.407469][ T4288] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 29.408577][ T4288] pc : lookup_ioctx+0x108/0x7c8 [ 29.409274][ T4288] lr : lookup_ioctx+0xe4/0x7c8 [ 29.409920][ T4288] sp : ffff80001fbd7cf0 [ 29.410484][ T4288] x29: ffff80001fbd7cf0 x28: ffff0000d858b680 x27: 0000000000000000 [ 29.411647][ T4288] x26: 1fffe0001b0b16d0 x25: 0000000000400040 x24: ffff0000d6220b80 [ 29.412913][ T4288] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 29.414024][ T4288] x20: ffff0000d858b680 x19: 0000000000000000 x18: 0000000000000000 [ 29.415229][ T4288] x17: 0000000000000000 x16: ffff800008a220d8 x15: 0000000000000000 [ 29.416381][ T4288] x14: 0000000000000003 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 29.417616][ T4288] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 29.418834][ T4288] x8 : 0000000000000000 x7 : ffff800008758124 x6 : 0000000000000000 [ 29.419985][ T4288] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 29.421218][ T4288] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 29.422397][ T4288] Call trace: [ 29.422907][ T4288] lookup_ioctx+0x108/0x7c8 [ 29.423586][ T4288] __arm64_sys_io_cancel+0x160/0x338 [ 29.424381][ T4288] invoke_syscall+0x98/0x2b0 [ 29.425006][ T4288] el0_svc_common+0x138/0x258 [ 29.425679][ T4288] do_el0_svc+0x58/0x13c [ 29.426244][ T4288] el0_svc+0x78/0x1d0 [ 29.426812][ T4288] el0t_64_sync_handler+0xcc/0xe4 [ 29.427538][ T4288] el0t_64_sync+0x1a0/0x1a4 [ 29.428207][ T4288] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 29.429185][ T4288] ---[ end trace 6b463d1e8ded2760 ]--- [ 29.605378][ T4288] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 29.606385][ T4288] SMP: stopping secondary CPUs [ 29.607080][ T4288] Kernel Offset: disabled [ 29.607700][ T4288] CPU features: 0x8,000003c1,7d33ffd9 [ 29.608460][ T4288] Memory Limit: none [ 29.788025][ T4288] Rebooting in 86400 seconds..