last executing test programs: 138.181667ms ago: executing program 1 (id=87): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/virtual_nci', 0x2, 0x0) 98.537208ms ago: executing program 4 (id=93): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 98.300948ms ago: executing program 4 (id=96): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mali0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mali0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mali0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mali0', 0x800, 0x0) 75.498648ms ago: executing program 0 (id=98): socket$inet_tcp(0x2, 0x1, 0x0) 75.293698ms ago: executing program 3 (id=100): seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000)) 75.220528ms ago: executing program 4 (id=101): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles', 0x800, 0x0) 75.094738ms ago: executing program 1 (id=102): socket(0x10, 0x3, 0x10) 75.013138ms ago: executing program 2 (id=103): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/i915', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/i915', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/i915', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/i915', 0x800, 0x0) 74.870538ms ago: executing program 4 (id=104): userfaultfd(0x0) 47.827889ms ago: executing program 1 (id=105): getpid() 47.622579ms ago: executing program 3 (id=106): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ndctl0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ndctl0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ndctl0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ndctl0', 0x800, 0x0) 47.549449ms ago: executing program 0 (id=107): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0) 47.496909ms ago: executing program 0 (id=108): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access', 0x2, 0x0) 47.435429ms ago: executing program 2 (id=109): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb1', 0x800, 0x0) 47.349449ms ago: executing program 1 (id=110): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null', 0x800, 0x0) 47.198489ms ago: executing program 3 (id=111): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rnullb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rnullb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rnullb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rnullb0', 0x800, 0x0) 18.153539ms ago: executing program 4 (id=112): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyprintk', 0x800, 0x0) 18.001559ms ago: executing program 0 (id=113): msgsnd(0x0, &(0x7f0000000000), 0x0, 0x0) 17.7933ms ago: executing program 3 (id=114): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable', 0x2, 0x0) 17.72568ms ago: executing program 2 (id=115): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/pmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pmem0', 0x800, 0x0) 17.662989ms ago: executing program 2 (id=116): shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) 17.557109ms ago: executing program 1 (id=117): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qrtr-tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qrtr-tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qrtr-tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qrtr-tun', 0x800, 0x0) 17.405039ms ago: executing program 2 (id=118): truncate(&(0x7f0000000000), 0x0) 17.30199ms ago: executing program 3 (id=119): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l/by-path/platform-soc@0:qcom_cam-req-mgr-video-index0', 0x2, 0x0) 792.79µs ago: executing program 0 (id=120): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x28, 0x800) 471.76µs ago: executing program 0 (id=121): ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 360.48µs ago: executing program 4 (id=122): move_pages(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0) 197.74µs ago: executing program 1 (id=123): syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800) 68.29µs ago: executing program 2 (id=124): clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) exit(0x0) 0s ago: executing program 3 (id=125): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.232' (ED25519) to the list of known hosts. [ 28.009327][ T4031] cgroup: Unknown subsys name 'net' [ 28.289620][ T4031] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.586239][ T4031] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 29.595445][ T4153] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 29.670522][ T4176] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP [ 29.671789][ T4176] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 29.672366][ T4176] CPU: 1 PID: 4176 Comm: syz.2.124 Not tainted syzkaller #0 [ 29.673523][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 29.675176][ T4176] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc) [ 29.676406][ T4176] pc : do_notify_resume+0x958/0x3128 [ 29.677252][ T4176] lr : do_notify_resume+0x938/0x3128 [ 29.678225][ T4176] sp : ffff80001f8e7be0 [ 29.678912][ T4176] x29: ffff80001f8e7e00 x28: 00000000fffffff2 x27: ffff80001f8e7eb0 [ 29.680255][ T4176] x26: 0000000000000001 x25: 000000001fffee20 x24: ffff80001f8e7f98 [ 29.681587][ T4176] x23: 0000000000000001 x22: dfff800000000000 x21: ffff0000cc9351c0 [ 29.682822][ T4176] x20: 0000000000000000 x19: 0000001fffee2000 x18: 0000000000000200 [ 29.684028][ T4176] x17: 0000000000000000 x16: ffff800008041920 x15: 0000000000000002 [ 29.685406][ T4176] x14: 0000000000ff0100 x13: 1ffff0000283006b x12: 0000000000ff0100 [ 29.686794][ T4176] x11: 0000000000000000 x10: 0000ffffffffffff x9 : 000000001fffee20 [ 29.688122][ T4176] x8 : 0000000000000000 x7 : ffff800008751230 x6 : 0000000000000000 [ 29.689503][ T4176] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001 [ 29.690796][ T4176] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 29.692139][ T4176] Call trace: [ 29.692731][ T4176] do_notify_resume+0x958/0x3128 [ 29.693537][ T4176] el0_da+0x10c/0x1fc [ 29.694138][ T4176] el0t_64_sync_handler+0xd8/0xe4 [ 29.694867][ T4176] el0t_64_sync+0x1a0/0x1a4 [ 29.695649][ T4176] Code: 9a9f0329 d503229f f9405fe8 f8000928 (14000003) [ 29.696853][ T4176] ---[ end trace 0c30a02b4cfe5637 ]--- [ 29.869880][ T4176] Kernel panic - not syncing: Oops - BTI: Fatal exception [ 29.870947][ T4176] SMP: stopping secondary CPUs [ 29.871676][ T4176] Kernel Offset: disabled [ 29.872353][ T4176] CPU features: 0x8,000003c1,7d33ffd9 [ 29.873194][ T4176] Memory Limit: none [ 30.044333][ T4176] Rebooting in 86400 seconds..