last executing test programs: 665.487338ms ago: executing program 0 (id=1): ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 595.78567ms ago: executing program 0 (id=14): socket(0x10, 0x3, 0x10) 554.111502ms ago: executing program 0 (id=16): umount2(&(0x7f0000000000), 0x0) 553.699712ms ago: executing program 0 (id=19): memfd_create(&(0x7f0000000000), 0x0) 553.401442ms ago: executing program 0 (id=23): rt_sigreturn() 98.029777ms ago: executing program 1 (id=93): recvfrom(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 97.415277ms ago: executing program 1 (id=97): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0) 97.294257ms ago: executing program 4 (id=99): fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) 51.935488ms ago: executing program 1 (id=102): process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 51.833728ms ago: executing program 4 (id=103): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status', 0x0, 0x0) 51.673098ms ago: executing program 1 (id=104): syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x28, 0x800) 51.546768ms ago: executing program 2 (id=107): fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)) 51.444698ms ago: executing program 3 (id=108): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 51.356398ms ago: executing program 1 (id=109): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 51.282148ms ago: executing program 3 (id=110): timer_gettime(0x0, &(0x7f0000000000)) 23.360379ms ago: executing program 4 (id=111): capget(&(0x7f0000000000), &(0x7f0000000000)) 23.166739ms ago: executing program 2 (id=112): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 23.097729ms ago: executing program 3 (id=113): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/kdamond_pid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/kdamond_pid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/kdamond_pid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/kdamond_pid', 0x800, 0x0) 23.043499ms ago: executing program 4 (id=114): accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 22.991979ms ago: executing program 2 (id=115): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/attach', 0x1, 0x0) 22.954549ms ago: executing program 3 (id=116): msync(0x0, 0x0, 0x0) 22.784369ms ago: executing program 2 (id=117): sched_getattr(0x0, &(0x7f0000000000), 0x0, 0x0) 736.62µs ago: executing program 3 (id=118): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/load', 0x2, 0x0) 519.23µs ago: executing program 4 (id=119): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0) 407.98µs ago: executing program 2 (id=120): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 266.94µs ago: executing program 1 (id=121): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0) 162.08µs ago: executing program 3 (id=122): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0) 51.67µs ago: executing program 2 (id=123): sched_getparam(0x0, &(0x7f0000000000)) 0s ago: executing program 4 (id=124): kexec_load(0x0, 0x0, &(0x7f0000000000), 0x0) 0s ago: executing program 1 (id=126): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.156' (ED25519) to the list of known hosts. [ 29.151097][ T4036] cgroup: Unknown subsys name 'net' [ 29.414011][ T4036] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 29.699815][ T4036] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 30.752218][ T4118] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 31.073663][ T4178] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 31.074931][ T4178] Modules linked in: [ 31.075547][ T4178] CPU: 0 PID: 4178 Comm: syz.1.126 Not tainted syzkaller #0 [ 31.076767][ T4178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 [ 31.078598][ T4178] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 31.079754][ T4178] pc : lookup_ioctx+0x10c/0x7c0 [ 31.080576][ T4178] lr : lookup_ioctx+0xe8/0x7c0 [ 31.081361][ T4178] sp : ffff80001f9b7cf0 [ 31.082065][ T4178] x29: ffff80001f9b7cf0 x28: ffff0000c73b8000 x27: 0000000000000000 [ 31.083495][ T4178] x26: 1fffe00018e77000 x25: 0000000000400040 x24: ffff0000c7c65c00 [ 31.084986][ T4178] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 31.086424][ T4178] x20: ffff0000c73b8000 x19: 0000000000000000 x18: 0000000000000000 [ 31.087687][ T4178] x17: 0000000000000000 x16: ffff800008a30084 x15: 0000000000000000 [ 31.089048][ T4178] x14: 0000000000000003 x13: 1ffff0000287002b x12: 0000000097863b1e [ 31.090425][ T4178] x11: ff80800008a30060 x10: 0000000000000000 x9 : 0000ffffffffffff [ 31.091820][ T4178] x8 : 0000000000000000 x7 : ffff800008762410 x6 : 0000000000000000 [ 31.093136][ T4178] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 31.094442][ T4178] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 31.095713][ T4178] Call trace: [ 31.096289][ T4178] lookup_ioctx+0x10c/0x7c0 [ 31.097139][ T4178] __arm64_sys_io_cancel+0x160/0x33c [ 31.098108][ T4178] invoke_syscall+0x98/0x2b0 [ 31.098865][ T4178] el0_svc_common+0x13c/0x258 [ 31.099657][ T4178] do_el0_svc+0x5c/0x140 [ 31.100443][ T4178] el0_svc+0x78/0x1d0 [ 31.101125][ T4178] el0t_64_sync_handler+0xcc/0xe4 [ 31.101931][ T4178] el0t_64_sync+0x1a0/0x1a4 [ 31.102727][ T4178] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 31.103938][ T4178] ---[ end trace 4c0ce5757ff36469 ]--- [ 31.289924][ T4178] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 31.291016][ T4178] SMP: stopping secondary CPUs [ 31.291729][ T4178] Kernel Offset: disabled [ 31.292405][ T4178] CPU features: 0x8,000003c1,7d33ffd9 [ 31.293230][ T4178] Memory Limit: none [ 31.458421][ T4178] Rebooting in 86400 seconds..