last executing test programs: 75.280286ms ago: executing program 2 (id=145): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/load', 0x2, 0x0) 74.913366ms ago: executing program 0 (id=146): syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$I2C(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$I2C(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$I2C(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$I2C(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$I2C(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$I2C(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$I2C(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$I2C(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$I2C(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$I2C(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$I2C(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$I2C(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$I2C(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$I2C(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$I2C(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$I2C(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$I2C(&(0x7f0000000500), 0x4, 0x800) 74.852386ms ago: executing program 1 (id=147): rseq(&(0x7f0000000000), 0x0, 0x0, 0x0) 74.499116ms ago: executing program 3 (id=148): shmat(0x0, 0x0, 0x0) 74.377146ms ago: executing program 4 (id=149): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 74.242306ms ago: executing program 0 (id=150): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 54.921867ms ago: executing program 1 (id=151): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/reclaim', 0x1, 0x0) 54.801937ms ago: executing program 2 (id=152): socket$inet6_mptcp(0xa, 0x1, 0x106) 54.545717ms ago: executing program 4 (id=153): syz_open_dev$vcsn(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsn(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsn(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsn(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsn(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsn(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsn(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsn(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsn(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsn(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsn(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsn(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsn(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsn(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsn(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsn(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsn(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsn(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsn(&(0x7f0000000500), 0x4, 0x800) 54.487157ms ago: executing program 3 (id=154): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 54.421017ms ago: executing program 0 (id=155): mprotect(0x0, 0x0, 0x0) 54.159807ms ago: executing program 1 (id=156): sched_setattr(0x0, &(0x7f0000000000), 0x0) 54.003947ms ago: executing program 2 (id=157): wait4(0x0, 0x0, 0x0, 0x0) 53.926307ms ago: executing program 3 (id=158): ioprio_get$auto(0x0, 0x0) 28.141808ms ago: executing program 4 (id=159): syz_init_net_socket$netrom(0x6, 0x5, 0x0) 27.844878ms ago: executing program 1 (id=160): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp0', 0x800, 0x0) 27.778188ms ago: executing program 0 (id=161): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/unconfined', 0x2, 0x0) 27.654018ms ago: executing program 2 (id=162): socket$inet_mptcp(0x2, 0x1, 0x106) 27.588118ms ago: executing program 3 (id=163): splice(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 27.250688ms ago: executing program 4 (id=164): socket(0x1e, 0x2, 0x0) 27.081528ms ago: executing program 0 (id=165): epoll_pwait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 26.910538ms ago: executing program 1 (id=166): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 1.09246ms ago: executing program 2 (id=167): file_setattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 772.87µs ago: executing program 3 (id=168): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa', 0x800, 0x0) 676.17µs ago: executing program 2 (id=169): timer_getoverrun(0x0) 574.6µs ago: executing program 0 (id=170): msgget(0xffffffffffffffff, 0x0) 191.91µs ago: executing program 1 (id=171): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid', 0x800, 0x0) 84.6µs ago: executing program 4 (id=172): vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 35.72µs ago: executing program 3 (id=173): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) 0s ago: executing program 4 (id=174): socket$nl_audit(0x10, 0x3, 0x9) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.242' (ED25519) to the list of known hosts. [ 27.204908][ T4030] cgroup: Unknown subsys name 'net' [ 27.435808][ T4030] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 27.720586][ T4030] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 28.664784][ T4111] mmap: syz.4.63 (4111) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 28.892243][ T4166] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 29.105648][ T4224] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 29.106909][ T4224] Modules linked in: [ 29.107495][ T4224] CPU: 1 PID: 4224 Comm: syz.3.173 Not tainted syzkaller #0 [ 29.108566][ T4224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 29.110014][ T4224] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 29.111184][ T4224] pc : lookup_ioctx+0x108/0x7c8 [ 29.111911][ T4224] lr : lookup_ioctx+0xe4/0x7c8 [ 29.112615][ T4224] sp : ffff80001fae7cf0 [ 29.113221][ T4224] x29: ffff80001fae7cf0 x28: ffff0000cc1c9b40 x27: 0000000000000000 [ 29.114404][ T4224] x26: 1fffe00019839368 x25: 0000000000400040 x24: ffff0000c7ecb980 [ 29.115597][ T4224] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 29.116776][ T4224] x20: ffff0000cc1c9b40 x19: 0000000000000000 x18: 0000000000000000 [ 29.117943][ T4224] x17: 0000000000000000 x16: ffff800008a22da8 x15: 0000000000000000 [ 29.119104][ T4224] x14: 0000000000000003 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 29.120249][ T4224] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 29.121411][ T4224] x8 : 0000000000000000 x7 : ffff8000087586bc x6 : 0000000000000000 [ 29.122592][ T4224] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 29.123778][ T4224] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 29.124961][ T4224] Call trace: [ 29.125437][ T4224] lookup_ioctx+0x108/0x7c8 [ 29.126104][ T4224] __arm64_sys_io_cancel+0x160/0x338 [ 29.126863][ T4224] invoke_syscall+0x98/0x2b0 [ 29.127520][ T4224] el0_svc_common+0x138/0x258 [ 29.128186][ T4224] do_el0_svc+0x58/0x13c [ 29.128792][ T4224] el0_svc+0x78/0x1d0 [ 29.129367][ T4224] el0t_64_sync_handler+0xcc/0xe4 [ 29.130096][ T4224] el0t_64_sync+0x1a0/0x1a4 [ 29.130758][ T4224] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 29.131765][ T4224] ---[ end trace ca3eb288b2dea5d5 ]--- [ 29.299327][ T4224] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 29.300372][ T4224] SMP: stopping secondary CPUs [ 29.301033][ T4224] Kernel Offset: disabled [ 29.301615][ T4224] CPU features: 0x8,000003c1,7d33ffd9 [ 29.302341][ T4224] Memory Limit: none [ 29.466668][ T4224] Rebooting in 86400 seconds..