last executing test programs: 83.320636ms ago: executing program 1 (id=2): sendmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 83.084025ms ago: executing program 0 (id=10): prctl$0(0x0, 0x0, 0x0, 0x0, 0x0) 82.936175ms ago: executing program 3 (id=4): mmap(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 82.775926ms ago: executing program 1 (id=12): connect(0xffffffffffffffff, &(0x7f0000000000), 0x0) 82.425776ms ago: executing program 4 (id=14): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vtpmx', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vtpmx', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vtpmx', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vtpmx', 0x800, 0x0) 60.655327ms ago: executing program 0 (id=15): write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 60.429277ms ago: executing program 2 (id=16): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/raw-gadget', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/raw-gadget', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/raw-gadget', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/raw-gadget', 0x800, 0x0) 60.315457ms ago: executing program 3 (id=17): socket$inet_icmp_raw(0x2, 0x3, 0x1) 60.233167ms ago: executing program 4 (id=18): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 60.191327ms ago: executing program 1 (id=19): getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 59.952047ms ago: executing program 2 (id=20): bind(0xffffffffffffffff, &(0x7f0000000000), 0x0) 59.888637ms ago: executing program 3 (id=21): accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 29.211649ms ago: executing program 0 (id=22): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp', 0x800, 0x0) 29.046229ms ago: executing program 2 (id=23): socket(0x10, 0x3, 0x10) 28.905548ms ago: executing program 4 (id=24): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp0', 0x800, 0x0) 28.859108ms ago: executing program 3 (id=25): recvfrom(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 28.777068ms ago: executing program 1 (id=26): syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) 28.709148ms ago: executing program 2 (id=27): io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 28.619039ms ago: executing program 0 (id=28): timer_settime(0x0, 0x0, &(0x7f0000000000), 0x0) 28.571968ms ago: executing program 1 (id=29): socket$inet(0x2, 0x1, 0x0) 28.413768ms ago: executing program 4 (id=30): setresgid(0x0, 0x0, 0x0) 984.04µs ago: executing program 3 (id=31): lsetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 679.1µs ago: executing program 0 (id=32): process_mrelease(0xffffffffffffffff, 0x0) 558.1µs ago: executing program 4 (id=33): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 527.18µs ago: executing program 2 (id=34): sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 372.97µs ago: executing program 0 (id=35): sendto(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) 221.51µs ago: executing program 1 (id=36): fchmod(0xffffffffffffffff, 0x0) 169.01µs ago: executing program 3 (id=37): close(0xffffffffffffffff) 87.93µs ago: executing program 2 (id=38): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/mac80211_hwsim/', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/mac80211_hwsim/', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/mac80211_hwsim/', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/mac80211_hwsim/', 0x800, 0x0) 0s ago: executing program 4 (id=39): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/trusty-ipc-dev0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/trusty-ipc-dev0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/trusty-ipc-dev0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/trusty-ipc-dev0', 0x800, 0x0) 0s ago: executing program 2 (id=40): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.56' (ED25519) to the list of known hosts. [ 30.328738][ T4032] cgroup: Unknown subsys name 'net' [ 30.574922][ T4032] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 30.891161][ T4032] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 31.774943][ T4089] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 31.776224][ T4089] Modules linked in: [ 31.776837][ T4089] CPU: 0 PID: 4089 Comm: syz.2.40 Not tainted syzkaller #0 [ 31.777949][ T4089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 31.779558][ T4089] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 31.780769][ T4089] pc : lookup_ioctx+0x108/0x7c8 [ 31.781563][ T4089] lr : lookup_ioctx+0xe4/0x7c8 [ 31.782270][ T4089] sp : ffff80001f307cf0 [ 31.782915][ T4089] x29: ffff80001f307cf0 x28: ffff0000c91d9b40 x27: 0000000000000000 [ 31.784130][ T4089] x26: 1fffe0001923b368 x25: 0000000000400040 x24: ffff0000c8ae0000 [ 31.785366][ T4089] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 31.786549][ T4089] x20: ffff0000c91d9b40 x19: 0000000000000000 x18: 0000000000000000 [ 31.787801][ T4089] x17: 0000000000000000 x16: ffff800008a22c1c x15: 0000000000000000 [ 31.789090][ T4089] x14: 0000000000000003 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 31.790245][ T4089] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 31.791379][ T4089] x8 : 0000000000000000 x7 : ffff800008758530 x6 : 0000000000000000 [ 31.792564][ T4089] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 31.793752][ T4089] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 31.794954][ T4089] Call trace: [ 31.795432][ T4089] lookup_ioctx+0x108/0x7c8 [ 31.796106][ T4089] __arm64_sys_io_cancel+0x160/0x338 [ 31.796919][ T4089] invoke_syscall+0x98/0x2b0 [ 31.797624][ T4089] el0_svc_common+0x138/0x258 [ 31.798311][ T4089] do_el0_svc+0x58/0x13c [ 31.798978][ T4089] el0_svc+0x78/0x1d0 [ 31.799569][ T4089] el0t_64_sync_handler+0xcc/0xe4 [ 31.800363][ T4089] el0t_64_sync+0x1a0/0x1a4 [ 31.801026][ T4089] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 31.802070][ T4089] ---[ end trace 14cab8173eafd481 ]--- [ 31.984709][ T4089] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 31.985738][ T4089] SMP: stopping secondary CPUs [ 33.059892][ T4089] SMP: failed to stop secondary CPUs 0-1 [ 33.060658][ T4089] Kernel Offset: disabled [ 33.061285][ T4089] CPU features: 0x8,000003c1,7d33ffd9 [ 33.062085][ T4089] Memory Limit: none [ 33.247346][ T4089] Rebooting in 86400 seconds..