last executing test programs: 146.387797ms ago: executing program 2 (id=32): renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 145.830236ms ago: executing program 2 (id=39): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 109.773927ms ago: executing program 2 (id=44): socket(0x10, 0x3, 0x10) 87.611758ms ago: executing program 2 (id=50): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 87.017888ms ago: executing program 2 (id=54): timer_create(0x0, &(0x7f0000000000), &(0x7f0000000000)) 86.976428ms ago: executing program 0 (id=55): socket$inet_dccp(0x2, 0x6, 0x0) 86.868708ms ago: executing program 3 (id=56): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec', 0x2, 0x0) 56.423568ms ago: executing program 1 (id=57): syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$MSR(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$MSR(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$MSR(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$MSR(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$MSR(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$MSR(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$MSR(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$MSR(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$MSR(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$MSR(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$MSR(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$MSR(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$MSR(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$MSR(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$MSR(&(0x7f0000000500), 0x4, 0x800) 56.117538ms ago: executing program 2 (id=58): syz_open_dev$dmmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$dmmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$dmmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$dmmidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$dmmidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$dmmidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$dmmidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$dmmidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$dmmidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$dmmidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$dmmidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$dmmidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$dmmidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$dmmidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$dmmidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$dmmidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$dmmidi(&(0x7f0000000500), 0x4, 0x800) 56.020858ms ago: executing program 3 (id=59): shmat(0x0, 0x0, 0x0) 55.871008ms ago: executing program 0 (id=61): syz_open_dev$drirender(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$drirender(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$drirender(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$drirender(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$drirender(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$drirender(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$drirender(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$drirender(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$drirender(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$drirender(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$drirender(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$drirender(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$drirender(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$drirender(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$drirender(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$drirender(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$drirender(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$drirender(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$drirender(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$drirender(&(0x7f0000000500), 0x4, 0x800) 55.808108ms ago: executing program 4 (id=62): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 55.718728ms ago: executing program 1 (id=63): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy', 0x0, 0x0) 55.673838ms ago: executing program 3 (id=64): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rnullb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rnullb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rnullb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rnullb0', 0x800, 0x0) 29.163349ms ago: executing program 4 (id=65): quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)) 29.045069ms ago: executing program 3 (id=66): process_vm_readv(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 28.941129ms ago: executing program 4 (id=67): fsync(0xffffffffffffffff) 28.785789ms ago: executing program 0 (id=68): pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 28.738548ms ago: executing program 1 (id=69): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0', 0x800, 0x0) 28.701708ms ago: executing program 0 (id=70): prctl$0(0x0, 0x0, 0x0, 0x0, 0x0) 28.635819ms ago: executing program 3 (id=71): bind(0xffffffffffffffff, &(0x7f0000000000), 0x0) 757.01µs ago: executing program 1 (id=72): quotactl$Q_GETFMT(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000)) 688.799µs ago: executing program 4 (id=73): socket$igmp6(0xa, 0x3, 0x2) 522.439µs ago: executing program 0 (id=74): sched_getattr(0x0, &(0x7f0000000000), 0x0, 0x0) 348.269µs ago: executing program 1 (id=75): msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 272.529µs ago: executing program 3 (id=76): ptrace(0x0, 0x0) 189.749µs ago: executing program 4 (id=77): socket$inet6_udp(0xa, 0x2, 0x0) 140.68µs ago: executing program 1 (id=78): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx', 0x800, 0x0) 87.229µs ago: executing program 0 (id=79): syz_init_net_socket$ax25(0x3, 0x2, 0x0) 0s ago: executing program 4 (id=80): io_pgetevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.220' (ED25519) to the list of known hosts. [ 30.413012][ T4032] cgroup: Unknown subsys name 'net' [ 30.673220][ T4032] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 30.995741][ T4032] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 31.912683][ T4104] mmap: syz.4.60 (4104) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 31.992301][ T4126] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 31.993535][ T4126] Modules linked in: [ 31.994173][ T4126] CPU: 0 PID: 4126 Comm: syz.4.80 Not tainted syzkaller #0 [ 31.995324][ T4126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 31.997004][ T4126] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 31.998260][ T4126] pc : lookup_ioctx+0x108/0x7d0 [ 31.999062][ T4126] lr : lookup_ioctx+0xe4/0x7d0 [ 31.999840][ T4126] sp : ffff80001f7a7ac0 [ 32.000495][ T4126] x29: ffff80001f7a7ac0 x28: dfff800000000000 x27: dfff800000000000 [ 32.001914][ T4126] x26: ffff80001f7a7b20 x25: ffff700003ef4f64 x24: ffff0000cb636780 [ 32.003234][ T4126] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 32.004508][ T4126] x20: ffff0000cf628000 x19: 0000000000000000 x18: 0000000000000000 [ 32.005886][ T4126] x17: 0000000000000000 x16: ffff800008a1a0d8 x15: 0000000000000000 [ 32.007293][ T4126] x14: 0000000000000000 x13: 1ffff0000283006b x12: 0000000000ff0100 [ 32.008690][ T4126] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 32.010036][ T4126] x8 : 0000000000000000 x7 : ffff800008751314 x6 : 0000000000000000 [ 32.011371][ T4126] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 32.012786][ T4126] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 32.014087][ T4126] Call trace: [ 32.014644][ T4126] lookup_ioctx+0x108/0x7d0 [ 32.015346][ T4126] do_io_getevents+0x120/0x394 [ 32.016095][ T4126] __arm64_sys_io_pgetevents+0x2ec/0x4f8 [ 32.016989][ T4126] invoke_syscall+0x98/0x2b8 [ 32.017693][ T4126] el0_svc_common+0x138/0x258 [ 32.018445][ T4126] do_el0_svc+0x58/0x14c [ 32.019121][ T4126] el0_svc+0x78/0x1e0 [ 32.019742][ T4126] el0t_64_sync_handler+0xcc/0xe4 [ 32.020537][ T4126] el0t_64_sync+0x1a0/0x1a4 [ 32.021244][ T4126] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 32.022406][ T4126] ---[ end trace b8a554afb1b90604 ]--- [ 32.226471][ T4126] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 32.227643][ T4126] SMP: stopping secondary CPUs [ 32.228427][ T4126] Kernel Offset: disabled [ 32.229141][ T4126] CPU features: 0x8,000003c1,7d33ffd9 [ 32.229941][ T4126] Memory Limit: none [ 32.404537][ T4126] Rebooting in 86400 seconds..