last executing test programs: 432.572858ms ago: executing program 1 (id=76): syz_open_dev$midi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$midi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$midi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$midi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$midi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$midi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$midi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$midi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$midi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$midi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$midi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$midi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$midi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$midi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$midi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$midi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$midi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$midi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$midi(&(0x7f0000000500), 0x4, 0x800) 346.794198ms ago: executing program 1 (id=99): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools', 0x1, 0x0) 324.795998ms ago: executing program 1 (id=104): getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 324.485018ms ago: executing program 1 (id=105): statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 324.151598ms ago: executing program 1 (id=106): timer_settime(0x0, 0x0, &(0x7f0000000000), 0x0) 299.680369ms ago: executing program 1 (id=109): rt_sigreturn() 127.823449ms ago: executing program 0 (id=140): socket(0x1, 0x1, 0x0) 127.463429ms ago: executing program 0 (id=144): geteuid() 84.18716ms ago: executing program 0 (id=148): syz_open_dev$amidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$amidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$amidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$amidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$amidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$amidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$amidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$amidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$amidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$amidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$amidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$amidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$amidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$amidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$amidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$amidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$amidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$amidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$amidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$amidi(&(0x7f0000000500), 0x4, 0x800) 83.90024ms ago: executing program 3 (id=150): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/mk_contexts', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/mk_contexts', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/mk_contexts', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/mk_contexts', 0x800, 0x0) 83.64264ms ago: executing program 4 (id=152): get_robust_list(0x0, &(0x7f0000000000), &(0x7f0000000000)) 83.53149ms ago: executing program 2 (id=153): unlinkat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 83.28734ms ago: executing program 3 (id=154): setrlimit(0x0, &(0x7f0000000000)) 77.95295ms ago: executing program 4 (id=155): pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 68.519439ms ago: executing program 2 (id=156): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20', 0x800, 0x0) 68.42337ms ago: executing program 3 (id=157): io_uring_setup(0x0, &(0x7f0000000000)) 67.36444ms ago: executing program 4 (id=158): getrlimit(0x0, &(0x7f0000000000)) 33.46288ms ago: executing program 4 (id=159): kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 33.327ms ago: executing program 3 (id=160): socket$inet_icmp_raw(0x2, 0x3, 0x1) 33.25205ms ago: executing program 2 (id=161): getrandom(&(0x7f0000000000), 0x0, 0x0) 32.48734ms ago: executing program 2 (id=162): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0) 32.22004ms ago: executing program 0 (id=163): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0', 0x2, 0x0) 32.07379ms ago: executing program 3 (id=164): syz_open_dev$hidraw(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$hidraw(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$hidraw(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$hidraw(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$hidraw(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$hidraw(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$hidraw(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$hidraw(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$hidraw(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$hidraw(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$hidraw(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$hidraw(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$hidraw(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$hidraw(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$hidraw(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$hidraw(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$hidraw(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$hidraw(&(0x7f0000000500), 0x4, 0x800) 31.94621ms ago: executing program 4 (id=165): shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 1.25127ms ago: executing program 0 (id=166): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 813.22µs ago: executing program 2 (id=167): chroot(&(0x7f0000000000)) 589.951µs ago: executing program 4 (id=168): socket$rds(0x15, 0x5, 0x0) 427.271µs ago: executing program 3 (id=169): fsmount(0xffffffffffffffff, 0x0, 0x0) 179.37µs ago: executing program 0 (id=170): io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0) 0s ago: executing program 2 (id=171): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.7' (ED25519) to the list of known hosts. syzkaller login: [ 27.699299][ T4035] cgroup: Unknown subsys name 'net' [ 27.954396][ T4035] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.249193][ T4035] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 29.738104][ T4219] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 29.739243][ T4219] Modules linked in: [ 29.739838][ T4219] CPU: 1 PID: 4219 Comm: syz.0.170 Not tainted syzkaller #0 [ 29.740954][ T4219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 29.742403][ T4219] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 29.743529][ T4219] pc : lookup_ioctx+0x108/0x7d0 [ 29.744239][ T4219] lr : lookup_ioctx+0xe4/0x7d0 [ 29.744927][ T4219] sp : ffff80001f817b20 [ 29.745510][ T4219] x29: ffff80001f817b20 x28: ffff0000cd838000 x27: dfff800000000000 [ 29.746663][ T4219] x26: ffff80001f817b80 x25: ffff700003f02f70 x24: ffff0000dcce6780 [ 29.748079][ T4219] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 29.749365][ T4219] x20: ffff0000cd838000 x19: 0000000000000000 x18: 0000000000000000 [ 29.750679][ T4219] x17: 0000000000000000 x16: ffff800008a1a2c8 x15: 0000000000000000 [ 29.751950][ T4219] x14: 0000000000000000 x13: 1ffff0000283206b x12: 0000000000ff0100 [ 29.753253][ T4219] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 29.754584][ T4219] x8 : 0000000000000000 x7 : ffff80000875107c x6 : 0000000000000000 [ 29.755876][ T4219] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 29.757106][ T4219] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 29.758316][ T4219] Call trace: [ 29.758781][ T4219] lookup_ioctx+0x108/0x7d0 [ 29.759470][ T4219] do_io_getevents+0x120/0x394 [ 29.760163][ T4219] __arm64_sys_io_getevents+0x160/0x23c [ 29.761030][ T4219] invoke_syscall+0x98/0x2b8 [ 29.761693][ T4219] el0_svc_common+0x138/0x258 [ 29.762488][ T4219] do_el0_svc+0x58/0x14c [ 29.763231][ T4219] el0_svc+0x78/0x1e0 [ 29.763934][ T4219] el0t_64_sync_handler+0xcc/0xe4 [ 29.764782][ T4219] el0t_64_sync+0x1a0/0x1a4 [ 29.765561][ T4219] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 29.766692][ T4219] ---[ end trace 52e7663eb09405b5 ]--- [ 29.941339][ T4219] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 29.942363][ T4219] SMP: stopping secondary CPUs [ 29.943060][ T4219] Kernel Offset: disabled [ 29.943671][ T4219] CPU features: 0x8,000003c1,7d33ffd9 [ 29.944427][ T4219] Memory Limit: none [ 30.118011][ T4219] Rebooting in 86400 seconds..