last executing test programs: 208.098748ms ago: executing program 3 (id=148): msgget(0xffffffffffffffff, 0x0) 180.693619ms ago: executing program 3 (id=153): syz_init_net_socket$bt_cmtp(0x1f, 0x3, 0x5) 180.365769ms ago: executing program 3 (id=154): gettid() 180.091219ms ago: executing program 3 (id=156): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/renderD128', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128', 0x800, 0x0) 154.545061ms ago: executing program 3 (id=160): munlock(0x0, 0x0) 130.336793ms ago: executing program 3 (id=167): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mice', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/mice', 0x800, 0x0) 100.045804ms ago: executing program 4 (id=175): socket$l2tp(0x2, 0x2, 0x73) 98.391934ms ago: executing program 2 (id=179): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable', 0x2, 0x0) 70.367076ms ago: executing program 4 (id=180): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0', 0x800, 0x0) 70.017866ms ago: executing program 2 (id=182): shmget(0xffffffffffffffff, 0x0, 0x0, 0x0) 69.884866ms ago: executing program 0 (id=183): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0) 69.837896ms ago: executing program 2 (id=184): socket$pppl2tp(0x18, 0x1, 0x1) 69.515586ms ago: executing program 1 (id=186): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pktcdvd/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pktcdvd/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/pktcdvd/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pktcdvd/control', 0x800, 0x0) 69.358246ms ago: executing program 4 (id=187): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/keychord', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/keychord', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/keychord', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/keychord', 0x800, 0x0) 46.170627ms ago: executing program 0 (id=188): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls', 0x0, 0x0) 45.905107ms ago: executing program 1 (id=189): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock', 0x800, 0x0) 45.796417ms ago: executing program 2 (id=190): pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 45.553497ms ago: executing program 4 (id=191): getcwd(&(0x7f0000000000), 0x0) 45.473837ms ago: executing program 0 (id=192): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 45.318597ms ago: executing program 1 (id=193): fspick(0xffffffffffffffff, &(0x7f0000000000), 0x0) 45.096897ms ago: executing program 2 (id=194): syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbmon(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbmon(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$usbmon(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$usbmon(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$usbmon(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$usbmon(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$usbmon(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$usbmon(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$usbmon(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$usbmon(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$usbmon(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$usbmon(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$usbmon(&(0x7f0000000500), 0x4, 0x800) 1.10416ms ago: executing program 4 (id=195): faccessat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 837.46µs ago: executing program 0 (id=196): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0) 732.4µs ago: executing program 1 (id=197): semget(0xffffffffffffffff, 0x0, 0x0) 627.42µs ago: executing program 0 (id=198): mlock(0x0, 0x0) 588.92µs ago: executing program 1 (id=199): statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 416.6µs ago: executing program 0 (id=200): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0) 193.53µs ago: executing program 4 (id=201): syncfs(0xffffffffffffffff) 105.88µs ago: executing program 1 (id=202): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sr0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sr0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sr0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sr0', 0x800, 0x0) 0s ago: executing program 2 (id=203): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 0s ago: executing program 4 (id=206): io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. [ 28.380821][ T4029] cgroup: Unknown subsys name 'net' [ 28.630634][ T4029] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.950756][ T4029] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 30.543625][ T4254] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 30.545067][ T4254] Modules linked in: [ 30.545661][ T4254] CPU: 1 PID: 4254 Comm: syz.4.206 Not tainted syzkaller #0 [ 30.546820][ T4254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 30.548397][ T4254] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 30.549692][ T4254] pc : lookup_ioctx+0x108/0x7c8 [ 30.550472][ T4254] lr : lookup_ioctx+0xe4/0x7c8 [ 30.551189][ T4254] sp : ffff80001fba7b20 [ 30.551816][ T4254] x29: ffff80001fba7b20 x28: ffff0000cce09b40 x27: dfff800000000000 [ 30.553020][ T4254] x26: ffff80001fba7b80 x25: ffff700003f74f70 x24: ffff0000d3d0e780 [ 30.554205][ T4254] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 30.555449][ T4254] x20: ffff0000cce09b40 x19: 0000000000000000 x18: 0000000000000000 [ 30.556661][ T4254] x17: 0000000000000000 x16: ffff800008a220d8 x15: 0000000000000000 [ 30.557963][ T4254] x14: 0000000000000002 x13: 1ffff0000285202b x12: 0000000000ff0100 [ 30.559316][ T4254] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 30.560674][ T4254] x8 : 0000000000000000 x7 : ffff800008758124 x6 : 0000000000000000 [ 30.561966][ T4254] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 30.563259][ T4254] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 30.564510][ T4254] Call trace: [ 30.565008][ T4254] lookup_ioctx+0x108/0x7c8 [ 30.565663][ T4254] do_io_getevents+0x12c/0x3c8 [ 30.566390][ T4254] __arm64_sys_io_getevents+0x164/0x248 [ 30.567211][ T4254] invoke_syscall+0x98/0x2b0 [ 30.567886][ T4254] el0_svc_common+0x138/0x258 [ 30.568563][ T4254] do_el0_svc+0x58/0x13c [ 30.569162][ T4254] el0_svc+0x78/0x1d0 [ 30.569757][ T4254] el0t_64_sync_handler+0xcc/0xe4 [ 30.570464][ T4254] el0t_64_sync+0x1a0/0x1a4 [ 30.571167][ T4254] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 30.572204][ T4254] ---[ end trace 89e1bdc5125093fc ]--- [ 30.678269][ T4257] ODEBUG: Out of memory. ODEBUG disabled [ 30.740852][ T4254] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 30.741916][ T4254] SMP: stopping secondary CPUs [ 30.742660][ T4254] Kernel Offset: disabled [ 30.743272][ T4254] CPU features: 0x8,000003c1,7d33ffd9 [ 30.744059][ T4254] Memory Limit: none [ 30.906275][ T4254] Rebooting in 86400 seconds..