last executing test programs: 173.474624ms ago: executing program 4 (id=11): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse', 0x800, 0x0) 145.287767ms ago: executing program 4 (id=19): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card0/oss_mixer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/oss_mixer', 0x800, 0x0) 117.861869ms ago: executing program 4 (id=27): syz_open_dev$midi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$midi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$midi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$midi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$midi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$midi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$midi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$midi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$midi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$midi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$midi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$midi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$midi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$midi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$midi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$midi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$midi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$midi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$midi(&(0x7f0000000500), 0x4, 0x800) 117.673899ms ago: executing program 1 (id=29): syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$mouse(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$mouse(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$mouse(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$mouse(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$mouse(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$mouse(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$mouse(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$mouse(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$mouse(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$mouse(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$mouse(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$mouse(&(0x7f0000000500), 0x4, 0x800) 90.539752ms ago: executing program 2 (id=31): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ndctl0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ndctl0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ndctl0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ndctl0', 0x800, 0x0) 90.343032ms ago: executing program 1 (id=32): socket$phonet(0x23, 0x2, 0x1) 90.076892ms ago: executing program 2 (id=33): sysinfo(&(0x7f0000000000)) 89.816822ms ago: executing program 2 (id=36): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 58.828015ms ago: executing program 0 (id=38): recvmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 58.639865ms ago: executing program 3 (id=39): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qrtr-tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qrtr-tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qrtr-tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qrtr-tun', 0x800, 0x0) 58.560425ms ago: executing program 2 (id=40): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 58.356034ms ago: executing program 1 (id=41): pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 58.228165ms ago: executing program 3 (id=42): ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 58.148545ms ago: executing program 0 (id=43): mprotect(0x0, 0x0, 0x0) 58.089145ms ago: executing program 2 (id=44): lsetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 57.821704ms ago: executing program 3 (id=45): process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 33.526357ms ago: executing program 1 (id=46): keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000), 0x0) 33.178137ms ago: executing program 2 (id=47): rt_sigreturn() 33.047707ms ago: executing program 0 (id=48): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0) 32.847597ms ago: executing program 4 (id=49): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/uverbs0', 0x2, 0x0) 32.729137ms ago: executing program 3 (id=50): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 32.613297ms ago: executing program 4 (id=51): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio', 0x800, 0x0) 1.62819ms ago: executing program 0 (id=52): pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 1.51065ms ago: executing program 1 (id=53): prctl$0(0x0, 0x0, 0x0, 0x0, 0x0) 1.37571ms ago: executing program 3 (id=54): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/init_regions', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/init_regions', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/init_regions', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/init_regions', 0x800, 0x0) 1.16965ms ago: executing program 0 (id=55): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb1', 0x800, 0x0) 988.34µs ago: executing program 1 (id=56): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current', 0x2, 0x0) 824.76µs ago: executing program 0 (id=57): ioprio_get$auto(0x0, 0x0) 644.23µs ago: executing program 3 (id=58): ptrace(0x0, 0x0) 0s ago: executing program 4 (id=59): recvfrom(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 4 (id=62): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. [ 26.763336][ T4032] cgroup: Unknown subsys name 'net' [ 27.019660][ T4032] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 27.301496][ T4032] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 28.229066][ T4112] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 28.230313][ T4112] Modules linked in: [ 28.230922][ T4112] CPU: 1 PID: 4112 Comm: syz.4.62 Not tainted syzkaller #0 [ 28.232153][ T4112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 28.233770][ T4112] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 28.235012][ T4112] pc : lookup_ioctx+0x108/0x7c8 [ 28.235712][ T4112] lr : lookup_ioctx+0xe4/0x7c8 [ 28.236533][ T4112] sp : ffff80001f897cf0 [ 28.237124][ T4112] x29: ffff80001f897cf0 x28: ffff0000c21cd1c0 x27: 0000000000000000 [ 28.238287][ T4112] x26: 1fffe00018439a38 x25: 0000000000400040 x24: ffff0000d360e1c0 [ 28.239683][ T4112] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 28.240837][ T4112] x20: ffff0000c21cd1c0 x19: 0000000000000000 x18: 0000000000000000 [ 28.242119][ T4112] x17: 0000000000000000 x16: ffff800008a22da8 x15: 0000000000000000 [ 28.243455][ T4112] x14: 0000000000000003 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 28.244691][ T4112] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 28.246023][ T4112] x8 : 0000000000000000 x7 : ffff8000087586bc x6 : 0000000000000000 [ 28.247295][ T4112] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 28.248549][ T4112] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 28.249911][ T4112] Call trace: [ 28.250470][ T4112] lookup_ioctx+0x108/0x7c8 [ 28.251224][ T4112] __arm64_sys_io_cancel+0x160/0x338 [ 28.251988][ T4112] invoke_syscall+0x98/0x2b0 [ 28.252683][ T4112] el0_svc_common+0x138/0x258 [ 28.253348][ T4112] do_el0_svc+0x58/0x13c [ 28.254068][ T4112] el0_svc+0x78/0x1d0 [ 28.254709][ T4112] el0t_64_sync_handler+0xcc/0xe4 [ 28.255534][ T4112] el0t_64_sync+0x1a0/0x1a4 [ 28.256284][ T4112] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 28.257437][ T4112] ---[ end trace eb4bc90589365e7a ]--- [ 28.454436][ T4112] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 28.455614][ T4112] SMP: stopping secondary CPUs [ 28.456394][ T4112] Kernel Offset: disabled [ 28.457158][ T4112] CPU features: 0x8,000003c1,7d33ffd9 [ 28.457999][ T4112] Memory Limit: none [ 28.646730][ T4112] Rebooting in 86400 seconds..