last executing test programs: 111.462176ms ago: executing program 4 (id=95): semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000000)) 111.252736ms ago: executing program 3 (id=97): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card0/oss_mixer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/oss_mixer', 0x800, 0x0) 85.136067ms ago: executing program 1 (id=98): syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) 85.036527ms ago: executing program 4 (id=99): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 84.891727ms ago: executing program 0 (id=100): syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsa(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsa(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsa(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsa(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsa(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsa(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsa(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsa(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsa(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsa(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsa(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsa(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsa(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsa(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsa(&(0x7f0000000500), 0x4, 0x800) 84.827027ms ago: executing program 2 (id=101): syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sg(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$sg(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$sg(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$sg(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$sg(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$sg(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$sg(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$sg(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$sg(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$sg(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$sg(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$sg(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$sg(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$sg(&(0x7f0000000500), 0x4, 0x800) 84.769817ms ago: executing program 3 (id=102): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current', 0x2, 0x0) 84.642677ms ago: executing program 0 (id=103): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold', 0x2, 0x0) 84.571407ms ago: executing program 3 (id=104): fsopen(&(0x7f0000000000), 0x0) 60.239688ms ago: executing program 1 (id=105): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tlk_device', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tlk_device', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tlk_device', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tlk_device', 0x800, 0x0) 60.117618ms ago: executing program 4 (id=106): fsetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 59.867098ms ago: executing program 2 (id=107): getpriority(0x0, 0x0) 59.590768ms ago: executing program 0 (id=108): syz_init_net_socket$rose(0xb, 0x5, 0x0) 59.548158ms ago: executing program 1 (id=109): mprotect(0x0, 0x0, 0x0) 59.378758ms ago: executing program 2 (id=110): get_mempolicy(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x0) 32.666619ms ago: executing program 4 (id=111): lseek(0xffffffffffffffff, 0x0, 0x0) 32.491709ms ago: executing program 2 (id=112): lremovexattr(&(0x7f0000000000), &(0x7f0000000000)) 32.358079ms ago: executing program 3 (id=113): pipe2(&(0x7f0000000000), 0x0) 32.310599ms ago: executing program 0 (id=114): socket$tipc(0x1e, 0x2, 0x0) 32.262089ms ago: executing program 1 (id=115): sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 32.134339ms ago: executing program 0 (id=116): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero', 0x800, 0x0) 32.041739ms ago: executing program 3 (id=117): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nmem0', 0x800, 0x0) 31.990249ms ago: executing program 2 (id=118): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2', 0x2, 0x0) 439.699µs ago: executing program 1 (id=119): mount_setattr(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0) 285.779µs ago: executing program 4 (id=120): renameat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000)) 248.42µs ago: executing program 2 (id=121): getxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 170.169µs ago: executing program 0 (id=122): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 94.149µs ago: executing program 3 (id=123): clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) exit(0x0) 47.22µs ago: executing program 4 (id=124): getresuid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 0s ago: executing program 1 (id=125): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.116' (ED25519) to the list of known hosts. [ 30.511681][ T4031] cgroup: Unknown subsys name 'net' [ 30.759215][ T4031] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 31.045500][ T4031] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 32.249126][ T4173] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 32.250425][ T4173] Modules linked in: [ 32.251070][ T4173] CPU: 0 PID: 4173 Comm: syz.3.123 Not tainted syzkaller #0 [ 32.252294][ T4173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 32.253926][ T4173] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 32.255279][ T4173] pc : do_notify_resume+0x958/0x309c [ 32.256161][ T4173] lr : do_notify_resume+0x93c/0x309c [ 32.257060][ T4173] sp : ffff80001f907be0 [ 32.257715][ T4173] x29: ffff80001f907e00 x28: ffff0000c6839b64 x27: 0000000000000001 [ 32.259008][ T4173] x26: 000000001fffeda0 x25: dfff800000000000 x24: 0000000000000000 [ 32.260310][ T4173] x23: 0000000000000001 x22: 000000001fffee20 x21: 0000000000000000 [ 32.261677][ T4173] x20: 00000000fffffff2 x19: 0000001fffee2000 x18: 0000000000000200 [ 32.262993][ T4173] x17: 0000000000000000 x16: ffff800008041c80 x15: 0000000000000002 [ 32.264310][ T4173] x14: 0000000000000009 x13: 1ffff0000285402b x12: 0000000000ff0100 [ 32.265576][ T4173] x11: 0000000000000000 x10: 0000ffffffffffff x9 : 000000001fffee20 [ 32.266870][ T4173] x8 : 000000001fffee20 x7 : ffff8000087585b4 x6 : 0000000000000000 [ 32.268206][ T4173] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 32.269591][ T4173] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 32.270977][ T4173] Call trace: [ 32.271574][ T4173] do_notify_resume+0x958/0x309c [ 32.272363][ T4173] el0_da+0x10c/0x1ec [ 32.272984][ T4173] el0t_64_sync_handler+0xd8/0xe4 [ 32.273828][ T4173] el0t_64_sync+0x1a0/0x1a4 [ 32.274558][ T4173] Code: ea2a011f 9a9f02c9 d503229f f8000938 (14000003) [ 32.275645][ T4173] ---[ end trace 97eb9145fc7decd9 ]--- [ 32.448403][ T4173] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 32.449444][ T4173] SMP: stopping secondary CPUs [ 32.450154][ T4173] Kernel Offset: disabled [ 32.450886][ T4173] CPU features: 0x8,000003c1,7d33ffd9 [ 32.451734][ T4173] Memory Limit: none [ 32.612695][ T4173] Rebooting in 86400 seconds..