last executing test programs: 100.779396ms ago: executing program 4 (id=5): sendmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 100.479426ms ago: executing program 4 (id=20): bind(0xffffffffffffffff, &(0x7f0000000000), 0x0) 100.337906ms ago: executing program 3 (id=22): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/register', 0x1, 0x0) 62.297877ms ago: executing program 1 (id=23): syncfs(0xffffffffffffffff) 62.101077ms ago: executing program 1 (id=25): shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 62.063127ms ago: executing program 3 (id=26): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvme-fabrics', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvme-fabrics', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvme-fabrics', 0x800, 0x0) 61.360277ms ago: executing program 4 (id=27): keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000), 0x0) 60.469657ms ago: executing program 0 (id=28): getsockname(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 60.333207ms ago: executing program 2 (id=29): setxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 60.115467ms ago: executing program 0 (id=30): pkey_mprotect(0x0, 0x0, 0x0, 0xffffffffffffffff) 60.013508ms ago: executing program 1 (id=31): fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)) 59.658447ms ago: executing program 3 (id=32): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x0) 59.382808ms ago: executing program 4 (id=33): add_key(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x0) 59.301367ms ago: executing program 2 (id=34): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/raw-gadget', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/raw-gadget', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/raw-gadget', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/raw-gadget', 0x800, 0x0) 30.441939ms ago: executing program 1 (id=35): ptrace(0x0, 0x0) 30.273079ms ago: executing program 4 (id=36): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 30.116649ms ago: executing program 2 (id=37): fsetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 30.007369ms ago: executing program 0 (id=38): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0) 29.807459ms ago: executing program 3 (id=39): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l/by-path/platform-soc@0:qcom_cam-req-mgr-video-index0', 0x2, 0x0) 29.713309ms ago: executing program 1 (id=40): pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 29.603309ms ago: executing program 3 (id=41): mremap(0x0, 0x0, 0x0, 0x0, 0x0) 29.551499ms ago: executing program 2 (id=42): prctl$0(0x0, 0x0, 0x0, 0x0, 0x0) 839.81µs ago: executing program 0 (id=43): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mISDNtimer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mISDNtimer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mISDNtimer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mISDNtimer', 0x800, 0x0) 627.48µs ago: executing program 2 (id=44): times(&(0x7f0000000000)) 456.63µs ago: executing program 1 (id=45): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 398.13µs ago: executing program 3 (id=46): getpeername(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000)) 312.53µs ago: executing program 0 (id=47): quotactl$Q_GETFMT(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000)) 95.45µs ago: executing program 2 (id=48): socket$inet_icmp_raw(0x2, 0x3, 0x1) 47.94µs ago: executing program 0 (id=49): io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0) 0s ago: executing program 4 (id=50): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem', 0x1, 0x0) kernel console output (not intermixed with test programs): [ 11.683463][ T3715] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: [ 11.718341][ T154] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 11.725777][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. syzkaller login: [ 25.403695][ T4015] cgroup: Unknown subsys name 'net' [ 25.685197][ T4015] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 25.968888][ T4015] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 26.865425][ T4096] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 26.866571][ T4096] Modules linked in: [ 26.867137][ T4096] CPU: 0 PID: 4096 Comm: syz.0.49 Not tainted syzkaller #0 [ 26.868276][ T4096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 26.869713][ T4096] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 26.870808][ T4096] pc : lookup_ioctx+0x108/0x7d0 [ 26.871505][ T4096] lr : lookup_ioctx+0xe4/0x7d0 [ 26.872148][ T4096] sp : ffff80001f7b7b20 [ 26.872779][ T4096] x29: ffff80001f7b7b20 x28: ffff0000c9331b40 x27: dfff800000000000 [ 26.873914][ T4096] x26: ffff80001f7b7b80 x25: ffff700003ef6f70 x24: ffff0000c86e8000 [ 26.875115][ T4096] x23: dfff800000000000 x22: 00000000fffffff2 x21: 0000000000000000 [ 26.876298][ T4096] x20: ffff0000c9331b40 x19: 0000000000000000 x18: 0000000000000000 [ 26.877511][ T4096] x17: 0000000000000000 x16: ffff800008a1a2c8 x15: 0000000000000000 [ 26.878865][ T4096] x14: 0000000000000000 x13: 1ffff0000283206b x12: 0000000000ff0100 [ 26.880175][ T4096] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000ffffffffffff [ 26.881435][ T4096] x8 : 0000000000000000 x7 : ffff80000875107c x6 : 0000000000000000 [ 26.882736][ T4096] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 26.883998][ T4096] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 26.885259][ T4096] Call trace: [ 26.885760][ T4096] lookup_ioctx+0x108/0x7d0 [ 26.886497][ T4096] do_io_getevents+0x120/0x394 [ 26.887284][ T4096] __arm64_sys_io_getevents+0x160/0x23c [ 26.888093][ T4096] invoke_syscall+0x98/0x2b8 [ 26.888741][ T4096] el0_svc_common+0x138/0x258 [ 26.889476][ T4096] do_el0_svc+0x58/0x14c [ 26.890101][ T4096] el0_svc+0x78/0x1e0 [ 26.890717][ T4096] el0t_64_sync_handler+0xcc/0xe4 [ 26.891470][ T4096] el0t_64_sync+0x1a0/0x1a4 [ 26.892140][ T4096] Code: d503229f 2a1f03f6 2a1f03e0 b8400953 (2a1603e1) [ 26.893153][ T4096] ---[ end trace 4aafa01673214952 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 27.068913][ T4096] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 27.070002][ T4096] SMP: stopping secondary CPUs [ 27.070699][ T4096] Kernel Offset: disabled [ 27.071355][ T4096] CPU features: 0x8,000003c1,7d33ffd9 [ 27.072150][ T4096] Memory Limit: none [ 27.247701][ T4096] Rebooting in 86400 seconds..