last executing test programs: 84.284657ms ago: executing program 0 (id=15): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 84.014097ms ago: executing program 2 (id=17): inotify_init1(0x0) 83.923197ms ago: executing program 3 (id=18): quotactl$Q_GETFMT(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000)) 83.817027ms ago: executing program 0 (id=20): sendto(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 83.741957ms ago: executing program 1 (id=21): lseek(0xffffffffffffffff, 0x0, 0x0) 83.709647ms ago: executing program 1 (id=22): read(0xffffffffffffffff, &(0x7f0000000000), 0x0) 60.638348ms ago: executing program 2 (id=24): futex(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 60.471418ms ago: executing program 3 (id=25): syz_open_dev$ircomm(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ircomm(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ircomm(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ircomm(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$ircomm(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$ircomm(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$ircomm(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$ircomm(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$ircomm(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$ircomm(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$ircomm(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$ircomm(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$ircomm(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$ircomm(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$ircomm(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$ircomm(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$ircomm(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$ircomm(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$ircomm(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$ircomm(&(0x7f0000000500), 0x4, 0x800) 60.362798ms ago: executing program 1 (id=26): socket$inet_icmp_raw(0x2, 0x3, 0x1) 60.301508ms ago: executing program 4 (id=27): request_key(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 60.191658ms ago: executing program 1 (id=28): mmap(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 60.159528ms ago: executing program 0 (id=29): fstatfs(0xffffffffffffffff, &(0x7f0000000000)) 60.092338ms ago: executing program 2 (id=30): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3', 0x800, 0x0) 60.019418ms ago: executing program 3 (id=31): setpriority(0x0, 0x0, 0x0) 31.196369ms ago: executing program 4 (id=32): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0) 31.111309ms ago: executing program 1 (id=33): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx', 0x800, 0x0) 31.027949ms ago: executing program 0 (id=34): bind(0xffffffffffffffff, &(0x7f0000000000), 0x0) 30.811979ms ago: executing program 4 (id=35): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current', 0x2, 0x0) 30.764119ms ago: executing program 0 (id=36): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 30.679709ms ago: executing program 2 (id=37): process_mrelease(0xffffffffffffffff, 0x0) 30.634389ms ago: executing program 3 (id=38): fchdir(0xffffffffffffffff) 30.498649ms ago: executing program 4 (id=39): prctl$0(0x0, 0x0, 0x0, 0x0, 0x0) 699.97µs ago: executing program 4 (id=40): ptrace(0x0, 0x0) 535.48µs ago: executing program 2 (id=41): accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 442.21µs ago: executing program 3 (id=42): keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000), 0x0) 392.69µs ago: executing program 1 (id=43): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/raw-gadget', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/raw-gadget', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/raw-gadget', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/raw-gadget', 0x800, 0x0) 161.72µs ago: executing program 0 (id=44): syz_open_dev$amidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$amidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$amidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$amidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$amidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$amidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$amidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$amidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$amidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$amidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$amidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$amidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$amidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$amidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$amidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$amidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$amidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$amidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$amidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$amidi(&(0x7f0000000500), 0x4, 0x800) 99.37µs ago: executing program 4 (id=45): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0) 57.11µs ago: executing program 2 (id=46): utimensat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 0s ago: executing program 3 (id=47): exit_group(0x0) 0s ago: executing program 2 (id=51): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts. syzkaller login: [ 29.550546][ T4034] cgroup: Unknown subsys name 'net' [ 29.805957][ T4034] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 30.083182][ T4034] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 30.948410][ T4102] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 30.949744][ T4102] Modules linked in: [ 30.950387][ T4102] CPU: 0 PID: 4102 Comm: syz.2.51 Not tainted syzkaller #0 [ 30.951475][ T4102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 30.953195][ T4102] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 30.954450][ T4102] pc : lookup_ioctx+0x108/0x7c8 [ 30.955236][ T4102] lr : lookup_ioctx+0xe4/0x7c8 [ 30.955976][ T4102] sp : ffff80001f797cf0 [ 30.956663][ T4102] x29: ffff80001f797cf0 x28: ffff0000dd561b40 x27: 0000000000000000 [ 30.957925][ T4102] x26: 1fffe0001baac368 x25: 0000000000400040 x24: ffff0000c85033c0 [ 30.959262][ T4102] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 30.960545][ T4102] x20: ffff0000dd561b40 x19: 0000000000000000 x18: 0000000000000000 [ 30.961941][ T4102] x17: 0000000000000000 x16: ffff800008a23b90 x15: 0000000000000000 [ 30.963366][ T4102] x14: 0000000000000003 x13: 1ffff0000285402b x12: 0000000000ff0100 [ 30.964654][ T4102] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 30.965996][ T4102] x8 : 0000000000000000 x7 : ffff800008758fbc x6 : 0000000000000000 [ 30.967254][ T4102] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 30.968612][ T4102] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 30.969976][ T4102] Call trace: [ 30.970498][ T4102] lookup_ioctx+0x108/0x7c8 [ 30.971240][ T4102] __arm64_sys_io_cancel+0x160/0x338 [ 30.972127][ T4102] invoke_syscall+0x98/0x2b0 [ 30.972884][ T4102] el0_svc_common+0x138/0x258 [ 30.973648][ T4102] do_el0_svc+0x58/0x13c [ 30.974359][ T4102] el0_svc+0x78/0x1d0 [ 30.975041][ T4102] el0t_64_sync_handler+0xcc/0xe4 [ 30.975878][ T4102] el0t_64_sync+0x1a0/0x1a4 [ 30.976636][ T4102] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 30.977721][ T4102] ---[ end trace 54da95d9d7b32eb2 ]--- [ 31.168623][ T4102] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 31.169824][ T4102] SMP: stopping secondary CPUs [ 31.170581][ T4102] Kernel Offset: disabled [ 31.171329][ T4102] CPU features: 0x8,000003c1,7d33ffd9 [ 31.172251][ T4102] Memory Limit: none [ 31.358876][ T4102] Rebooting in 86400 seconds..