last executing test programs: 356.484585ms ago: executing program 4 (id=103): socket(0x1, 0x1, 0x0) 322.050569ms ago: executing program 4 (id=107): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/virtual_nci', 0x2, 0x0) 246.015446ms ago: executing program 4 (id=123): setresuid(0x0, 0x0, 0x0) 245.723386ms ago: executing program 4 (id=126): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg/0:0:0:0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg/0:0:0:0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg/0:0:0:0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg/0:0:0:0', 0x800, 0x0) 224.389028ms ago: executing program 4 (id=129): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member', 0x2, 0x0) 223.588218ms ago: executing program 4 (id=134): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 123.742048ms ago: executing program 1 (id=155): syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$MSR(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$MSR(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$MSR(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$MSR(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$MSR(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$MSR(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$MSR(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$MSR(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$MSR(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$MSR(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$MSR(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$MSR(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$MSR(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$MSR(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$MSR(&(0x7f0000000500), 0x4, 0x800) 100.258871ms ago: executing program 1 (id=161): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp0', 0x800, 0x0) 72.035593ms ago: executing program 0 (id=163): ioprio_set$auto(0x0, 0x0, 0x0) 71.831763ms ago: executing program 3 (id=165): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bifrost', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bifrost', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bifrost', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bifrost', 0x800, 0x0) 71.698893ms ago: executing program 0 (id=166): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status', 0x0, 0x0) 71.615633ms ago: executing program 1 (id=167): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/i915', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/i915', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/i915', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/i915', 0x800, 0x0) 71.523973ms ago: executing program 1 (id=168): socket$key(0xf, 0x3, 0x2) 34.998777ms ago: executing program 0 (id=170): linkat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 34.850267ms ago: executing program 3 (id=171): open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0) 34.779627ms ago: executing program 0 (id=172): socket$can_raw(0x1d, 0x3, 0x1) 34.650937ms ago: executing program 2 (id=173): capset(&(0x7f0000000000), &(0x7f0000000000)) 34.608537ms ago: executing program 3 (id=174): socket$hf(0x13, 0x2, 0x0) 34.573687ms ago: executing program 0 (id=175): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net', 0x2, 0x0) 34.456087ms ago: executing program 2 (id=176): socket$nl_sock_diag(0x10, 0x3, 0x4) 34.384347ms ago: executing program 2 (id=177): clock_settime(0x0, &(0x7f0000000000)) 795.03µs ago: executing program 2 (id=178): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_control', 0x2, 0x0) 677.82µs ago: executing program 1 (id=179): socket$inet_icmp_raw(0x2, 0x3, 0x1) 608.74µs ago: executing program 3 (id=180): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binder', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binder', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binder', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binder', 0x800, 0x0) 459.87µs ago: executing program 2 (id=181): fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)) 407.821µs ago: executing program 3 (id=182): chroot(&(0x7f0000000000)) 332.48µs ago: executing program 2 (id=183): exit(0x0) 168.15µs ago: executing program 3 (id=184): capget(&(0x7f0000000000), &(0x7f0000000000)) 107.02µs ago: executing program 0 (id=185): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l/by-path/platform-soc@0:qcom_cam-req-mgr-video-index0', 0x2, 0x0) 0s ago: executing program 1 (id=186): process_vm_readv(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 0s ago: executing program 0 (id=192): io_submit(0x0, 0x0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts. [ 27.767297][ T4033] cgroup: Unknown subsys name 'net' [ 28.059423][ T4033] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.334119][ T4033] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 29.855025][ T4245] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 29.856226][ T4245] Modules linked in: [ 29.856812][ T4245] CPU: 1 PID: 4245 Comm: syz.0.192 Not tainted syzkaller #0 [ 29.857893][ T4245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 29.859334][ T4245] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 29.860505][ T4245] pc : lookup_ioctx+0x108/0x7d0 [ 29.861193][ T4245] lr : lookup_ioctx+0xe4/0x7d0 [ 29.861863][ T4245] sp : ffff80001f9f7c20 [ 29.862486][ T4245] x29: ffff80001f9f7c20 x28: ffff0000cd483680 x27: 0000000020000000 [ 29.863642][ T4245] x26: 1fffe00019a906d0 x25: 1ffff00003f3efd6 x24: ffff0000d676b980 [ 29.864763][ T4245] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 29.865911][ T4245] x20: ffff0000cd483680 x19: 0000000000000000 x18: 0000000000000000 [ 29.867049][ T4245] x17: 0000000000000000 x16: ffff800008a19ecc x15: 0000000000000000 [ 29.868199][ T4245] x14: 0000000000000000 x13: 1ffff0000283206b x12: 0000000000ff0100 [ 29.869374][ T4245] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 29.870499][ T4245] x8 : 0000000000000000 x7 : ffff800008751020 x6 : 0000000000000000 [ 29.871621][ T4245] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 29.872745][ T4245] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 29.873879][ T4245] Call trace: [ 29.874316][ T4245] lookup_ioctx+0x108/0x7d0 [ 29.874982][ T4245] __arm64_sys_io_submit+0x110/0x40c [ 29.875746][ T4245] invoke_syscall+0x98/0x2b8 [ 29.876462][ T4245] el0_svc_common+0x138/0x258 [ 29.877111][ T4245] do_el0_svc+0x58/0x14c [ 29.877792][ T4245] el0_svc+0x78/0x1e0 [ 29.878347][ T4245] el0t_64_sync_handler+0xcc/0xe4 [ 29.879042][ T4245] el0t_64_sync+0x1a0/0x1a4 [ 29.879709][ T4245] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 29.880729][ T4245] ---[ end trace 8c1a42e8ec5b31fb ]--- [ 30.059200][ T4245] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 30.060198][ T4245] SMP: stopping secondary CPUs [ 30.060850][ T4245] Kernel Offset: disabled [ 30.061474][ T4245] CPU features: 0x8,000003c1,7d33ffd9 [ 30.062204][ T4245] Memory Limit: none [ 30.229687][ T4245] Rebooting in 86400 seconds..