last executing test programs: 104.975781ms ago: executing program 2 (id=163): accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 104.886241ms ago: executing program 4 (id=164): syslog(0x0, 0x0, 0x0) 104.654051ms ago: executing program 2 (id=167): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2', 0x800, 0x0) 104.602121ms ago: executing program 3 (id=168): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3', 0x800, 0x0) 81.326056ms ago: executing program 4 (id=169): socket$alg(0x26, 0x5, 0x0) 81.212246ms ago: executing program 2 (id=170): timer_delete(0x0) 81.111566ms ago: executing program 3 (id=171): fgetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 80.769766ms ago: executing program 2 (id=174): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/yama/ptrace_scope', 0x2, 0x0) 47.35028ms ago: executing program 1 (id=175): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 47.21278ms ago: executing program 4 (id=176): file_getattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 47.00897ms ago: executing program 3 (id=177): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/schemes', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/schemes', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/schemes', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/schemes', 0x800, 0x0) 46.95806ms ago: executing program 4 (id=178): inotify_rm_watch(0xffffffffffffffff, 0x0) 46.76986ms ago: executing program 0 (id=179): newfstatat(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000000), 0x0) 46.70452ms ago: executing program 2 (id=180): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/ipv6host', 0x2, 0x0) 46.56918ms ago: executing program 1 (id=181): socket$pppoe(0x18, 0x1, 0x0) 46.519069ms ago: executing program 0 (id=182): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/onlycap', 0x2, 0x0) 27.867236ms ago: executing program 3 (id=183): inotify_init1(0x0) 27.754106ms ago: executing program 0 (id=184): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current', 0x2, 0x0) 27.680066ms ago: executing program 1 (id=185): shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 27.589026ms ago: executing program 2 (id=186): syz_open_dev$dmmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$dmmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$dmmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$dmmidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$dmmidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$dmmidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$dmmidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$dmmidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$dmmidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$dmmidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$dmmidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$dmmidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$dmmidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$dmmidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$dmmidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$dmmidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$dmmidi(&(0x7f0000000500), 0x4, 0x800) 27.531196ms ago: executing program 4 (id=187): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 27.410436ms ago: executing program 1 (id=188): syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$mouse(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$mouse(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$mouse(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$mouse(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$mouse(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$mouse(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$mouse(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$mouse(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$mouse(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$mouse(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$mouse(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$mouse(&(0x7f0000000500), 0x4, 0x800) 27.285365ms ago: executing program 3 (id=189): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control', 0x800, 0x0) 27.151376ms ago: executing program 0 (id=190): dup(0xffffffffffffffff) 512.72µs ago: executing program 0 (id=191): get_robust_list(0x0, &(0x7f0000000000), &(0x7f0000000000)) 344.831µs ago: executing program 1 (id=192): pkey_alloc(0x0, 0x0) 239.451µs ago: executing program 3 (id=193): request_key(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 187.06µs ago: executing program 4 (id=194): mq_open(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 34.06µs ago: executing program 0 (id=195): waitid(0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=196): geteuid() 0s ago: executing program 1 (id=199): io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0) kernel console output (not intermixed with test programs): [ 11.364060][ T3713] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK [ 11.399333][ T580] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 11.416315][ T580] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts. syzkaller login: [ 28.399634][ T4031] cgroup: Unknown subsys name 'net' [ 28.718495][ T4031] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.996528][ T4031] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 29.973234][ T4108] mmap: syz.3.60 (4108) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 30.479589][ T4248] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 30.480908][ T4248] Modules linked in: [ 30.481561][ T4248] CPU: 1 PID: 4248 Comm: syz.1.199 Not tainted syzkaller #0 [ 30.482783][ T4248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 30.484534][ T4248] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 30.485900][ T4248] pc : lookup_ioctx+0x108/0x7c8 [ 30.486724][ T4248] lr : lookup_ioctx+0xe4/0x7c8 [ 30.487527][ T4248] sp : ffff80001f8f7b20 [ 30.488204][ T4248] x29: ffff80001f8f7b20 x28: ffff0000d36f8000 x27: dfff800000000000 [ 30.489529][ T4248] x26: ffff80001f8f7b80 x25: ffff700003f1ef70 x24: ffff0000d48eae00 [ 30.490901][ T4248] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 30.492234][ T4248] x20: ffff0000d36f8000 x19: 0000000000000000 x18: 0000000000000000 [ 30.493647][ T4248] x17: 0000000000000000 x16: ffff800008a22da8 x15: 0000000000000000 [ 30.494946][ T4248] x14: 0000000000000002 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 30.496310][ T4248] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 30.497636][ T4248] x8 : 0000000000000000 x7 : ffff8000087586bc x6 : 0000000000000000 [ 30.498961][ T4248] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 30.500291][ T4248] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 30.501600][ T4248] Call trace: [ 30.502132][ T4248] lookup_ioctx+0x108/0x7c8 [ 30.502872][ T4248] do_io_getevents+0x12c/0x3c8 [ 30.503674][ T4248] __arm64_sys_io_getevents+0x164/0x248 [ 30.504596][ T4248] invoke_syscall+0x98/0x2b0 [ 30.505314][ T4248] el0_svc_common+0x138/0x258 [ 30.506086][ T4248] do_el0_svc+0x58/0x13c [ 30.506802][ T4248] el0_svc+0x78/0x1d0 [ 30.507441][ T4248] el0t_64_sync_handler+0xcc/0xe4 [ 30.508289][ T4248] el0t_64_sync+0x1a0/0x1a4 [ 30.509022][ T4248] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 30.510120][ T4248] ---[ end trace 40ee6478b841116c ]--- [ 30.718750][ T4248] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 30.719828][ T4248] SMP: stopping secondary CPUs [ 30.720656][ T4248] Kernel Offset: disabled [ 30.721343][ T4248] CPU features: 0x8,000003c1,7d33ffd9 [ 30.722265][ T4248] Memory Limit: none [ 30.891065][ T4248] Rebooting in 86400 seconds..