last executing test programs: 385.299598ms ago: executing program 0 (id=6): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/kdamond_pid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/kdamond_pid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/kdamond_pid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/kdamond_pid', 0x800, 0x0) 342.285882ms ago: executing program 0 (id=10): map_shadow_stack(0x0, 0x0, 0x0) 341.889912ms ago: executing program 0 (id=13): bind(0xffffffffffffffff, &(0x7f0000000000), 0x0) 317.391084ms ago: executing program 0 (id=19): socket$l2tp6(0xa, 0x2, 0x73) 288.768046ms ago: executing program 0 (id=24): mknodat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 261.577428ms ago: executing program 0 (id=32): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 62.502465ms ago: executing program 1 (id=88): lsm_get_self_attr(0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 62.341485ms ago: executing program 2 (id=89): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 61.903005ms ago: executing program 4 (id=91): syz_open_dev$vcsn(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsn(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsn(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsn(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsn(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsn(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsn(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsn(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsn(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsn(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsn(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsn(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsn(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsn(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsn(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsn(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsn(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsn(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsn(&(0x7f0000000500), 0x4, 0x800) 61.691465ms ago: executing program 1 (id=92): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member', 0x2, 0x0) 61.506995ms ago: executing program 2 (id=93): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current', 0x2, 0x0) 61.469935ms ago: executing program 3 (id=94): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb1', 0x800, 0x0) 32.066657ms ago: executing program 4 (id=95): pidfd_open(0x0, 0x0) 31.930587ms ago: executing program 1 (id=96): rseq(&(0x7f0000000000), 0x0, 0x0, 0x0) 31.797377ms ago: executing program 3 (id=97): syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vim2m(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vim2m(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vim2m(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vim2m(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vim2m(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vim2m(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vim2m(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vim2m(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vim2m(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vim2m(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vim2m(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vim2m(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vim2m(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vim2m(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vim2m(&(0x7f0000000500), 0x4, 0x800) 31.616157ms ago: executing program 2 (id=98): pkey_free(0xffffffffffffffff) 31.557667ms ago: executing program 4 (id=99): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tlk_device', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tlk_device', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tlk_device', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tlk_device', 0x800, 0x0) 31.496798ms ago: executing program 1 (id=100): syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$radio(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$radio(&(0x7f0000000100), 0x0, 0x800) 31.311387ms ago: executing program 2 (id=101): socket$netlink(0x10, 0x3, 0x0) 31.155857ms ago: executing program 3 (id=102): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse', 0x800, 0x0) 30.158397ms ago: executing program 4 (id=103): msgget(0xffffffffffffffff, 0x0) 1.22793ms ago: executing program 1 (id=104): fstat(0xffffffffffffffff, &(0x7f0000000000)) 983.4µs ago: executing program 3 (id=105): clock_gettime(0x0, &(0x7f0000000000)) 840.02µs ago: executing program 4 (id=106): fchmod(0xffffffffffffffff, 0x0) 699.01µs ago: executing program 4 (id=107): semget(0xffffffffffffffff, 0x0, 0x0) 648.34µs ago: executing program 1 (id=108): syslog(0x0, 0x0, 0x0) 583.5µs ago: executing program 2 (id=109): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 492.04µs ago: executing program 3 (id=110): mmap(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 414.89µs ago: executing program 3 (id=111): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl', 0x800, 0x0) 0s ago: executing program 2 (id=112): remap_file_pages(0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=117): io_submit(0x0, 0x0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.176' (ED25519) to the list of known hosts. [ 31.924245][ T4033] cgroup: Unknown subsys name 'net' [ 32.214692][ T4033] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 32.512553][ T4033] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 33.434567][ T4101] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 33.639869][ T4160] mmap: syz.2.112 (4160) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 33.657058][ T4165] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 33.658287][ T4165] Modules linked in: [ 33.658861][ T4165] CPU: 0 PID: 4165 Comm: syz.2.117 Not tainted syzkaller #0 [ 33.659985][ T4165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 33.661528][ T4165] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 33.662831][ T4165] pc : lookup_ioctx+0x108/0x7d0 [ 33.663663][ T4165] lr : lookup_ioctx+0xe4/0x7d0 [ 33.664392][ T4165] sp : ffff80001f907c20 [ 33.665010][ T4165] x29: ffff80001f907c20 x28: ffff0000c21f3680 x27: 0000000020000000 [ 33.666354][ T4165] x26: 1fffe0001843e6d0 x25: 1ffff00003f20fd6 x24: ffff0000ce53bf40 [ 33.667705][ T4165] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 33.668977][ T4165] x20: ffff0000c21f3680 x19: 0000000000000000 x18: 0000000000000000 [ 33.670211][ T4165] x17: 0000000000000000 x16: ffff800008a19ff4 x15: 0000000000000000 [ 33.671427][ T4165] x14: 0000000000000000 x13: 1ffff0000283006b x12: 0000000000ff0100 [ 33.672704][ T4165] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 33.674022][ T4165] x8 : 0000000000000000 x7 : ffff80000875120c x6 : 0000000000000000 [ 33.675320][ T4165] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 33.676632][ T4165] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 33.677987][ T4165] Call trace: [ 33.678511][ T4165] lookup_ioctx+0x108/0x7d0 [ 33.679197][ T4165] __arm64_sys_io_submit+0x110/0x40c [ 33.679997][ T4165] invoke_syscall+0x98/0x2b8 [ 33.680644][ T4165] el0_svc_common+0x138/0x258 [ 33.681437][ T4165] do_el0_svc+0x58/0x14c [ 33.682087][ T4165] el0_svc+0x78/0x1e0 [ 33.682686][ T4165] el0t_64_sync_handler+0xcc/0xe4 [ 33.683497][ T4165] el0t_64_sync+0x1a0/0x1a4 [ 33.684173][ T4165] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 33.685210][ T4165] ---[ end trace 39972d3c15d52616 ]--- [ 33.860782][ T4165] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 33.861770][ T4165] SMP: stopping secondary CPUs [ 33.862581][ T4165] Kernel Offset: disabled [ 33.863185][ T4165] CPU features: 0x8,000003c1,7d33ffd9 [ 33.864012][ T4165] Memory Limit: none [ 34.044155][ T4165] Rebooting in 86400 seconds..