last executing test programs: 410.200096ms ago: executing program 3 (id=37): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 409.832826ms ago: executing program 3 (id=41): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 384.994326ms ago: executing program 3 (id=46): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 356.631116ms ago: executing program 3 (id=52): seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000)) 356.257046ms ago: executing program 3 (id=54): sendto(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 355.998076ms ago: executing program 3 (id=58): rt_sigreturn() 149.843939ms ago: executing program 1 (id=101): process_vm_readv(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 120.774019ms ago: executing program 1 (id=112): getpid() 90.057719ms ago: executing program 2 (id=118): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/xen/evtchn', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/xen/evtchn', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/xen/evtchn', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/xen/evtchn', 0x800, 0x0) 90.009439ms ago: executing program 1 (id=119): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/seq', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/seq', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/seq', 0x800, 0x0) 57.407419ms ago: executing program 2 (id=121): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x2, 0x0) 57.06001ms ago: executing program 4 (id=124): fstatfs(0xffffffffffffffff, &(0x7f0000000000)) 56.971299ms ago: executing program 0 (id=125): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0', 0x800, 0x0) 56.790559ms ago: executing program 0 (id=126): socket$rxrpc(0x21, 0x2, 0x0) 56.67663ms ago: executing program 4 (id=127): mknodat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 29.98884ms ago: executing program 1 (id=128): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/btf/vmlinux', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/btf/vmlinux', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/btf/vmlinux', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/btf/vmlinux', 0x800, 0x0) 29.72106ms ago: executing program 4 (id=129): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats', 0x0, 0x0) 29.56764ms ago: executing program 0 (id=130): flock(0xffffffffffffffff, 0x0) 29.50283ms ago: executing program 1 (id=131): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create', 0x2, 0x0) 29.43674ms ago: executing program 4 (id=132): execve(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 29.40119ms ago: executing program 2 (id=133): sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) 29.31048ms ago: executing program 0 (id=134): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa', 0x800, 0x0) 29.27402ms ago: executing program 2 (id=135): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 638.87µs ago: executing program 4 (id=136): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dma_heap/system', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dma_heap/system', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dma_heap/system', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dma_heap/system', 0x800, 0x0) 351.51µs ago: executing program 0 (id=137): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/comedi0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/comedi0', 0x800, 0x0) 280.57µs ago: executing program 2 (id=138): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128', 0x2, 0x0) 198.13µs ago: executing program 4 (id=139): socket$key(0xf, 0x3, 0x2) 107.65µs ago: executing program 0 (id=140): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/logging', 0x2, 0x0) 79.15µs ago: executing program 2 (id=141): socket$igmp(0x2, 0x3, 0x2) 0s ago: executing program 1 (id=142): io_submit(0x0, 0x0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. [ 29.941642][ T4035] cgroup: Unknown subsys name 'net' [ 30.184416][ T4035] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 30.464934][ T4035] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 31.696592][ T4193] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 31.698020][ T4193] Modules linked in: [ 31.698728][ T4193] CPU: 0 PID: 4193 Comm: syz.1.142 Not tainted syzkaller #0 [ 31.700026][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 31.701886][ T4193] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 31.703293][ T4193] pc : lookup_ioctx+0x108/0x7c8 [ 31.704113][ T4193] lr : lookup_ioctx+0xe4/0x7c8 [ 31.704871][ T4193] sp : ffff80001f7b7c20 [ 31.705568][ T4193] x29: ffff80001f7b7c20 x28: ffff0000c2281b40 x27: 0000000020000000 [ 31.706983][ T4193] x26: 1fffe00018450368 x25: 1ffff00003ef6fd6 x24: ffff0000cabc78c0 [ 31.708393][ T4193] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 31.709865][ T4193] x20: ffff0000c2281b40 x19: 0000000000000000 x18: 0000000000000000 [ 31.711188][ T4193] x17: 0000000000000000 x16: ffff800008a23a84 x15: 0000000000000000 [ 31.712517][ T4193] x14: 0000000000000005 x13: 1ffff0000285402b x12: 0000000000ff0100 [ 31.713824][ T4193] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 31.715251][ T4193] x8 : 0000000000000000 x7 : ffff800008758eb0 x6 : 0000000000000000 [ 31.716558][ T4193] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 31.717913][ T4193] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 31.719201][ T4193] Call trace: [ 31.719795][ T4193] lookup_ioctx+0x108/0x7c8 [ 31.720564][ T4193] __arm64_sys_io_submit+0x110/0x410 [ 31.721473][ T4193] invoke_syscall+0x98/0x2b0 [ 31.722243][ T4193] el0_svc_common+0x138/0x258 [ 31.723042][ T4193] do_el0_svc+0x58/0x13c [ 31.723741][ T4193] el0_svc+0x78/0x1d0 [ 31.724462][ T4193] el0t_64_sync_handler+0xcc/0xe4 [ 31.725362][ T4193] el0t_64_sync+0x1a0/0x1a4 [ 31.726128][ T4193] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 31.727214][ T4193] ---[ end trace 75cae87c5bf13938 ]--- [ 31.909646][ T4193] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 31.910682][ T4193] SMP: stopping secondary CPUs [ 31.911441][ T4193] Kernel Offset: disabled [ 31.912142][ T4193] CPU features: 0x8,000003c1,7d33ffd9 [ 31.913016][ T4193] Memory Limit: none [ 32.111073][ T4193] Rebooting in 86400 seconds..