Warning: Permanently added '[localhost]:18432' (ECDSA) to the list of known hosts. 2025/07/05 21:22:59 fuzzer started 2025/07/05 21:23:00 dialing manager at localhost:42083 syzkaller login: [ 56.361268] cgroup: Unknown subsys name 'net' [ 56.429122] cgroup: Unknown subsys name 'cpuset' [ 56.447240] cgroup: Unknown subsys name 'rlimit' 2025/07/05 21:23:11 syscalls: 201 2025/07/05 21:23:11 code coverage: enabled 2025/07/05 21:23:11 comparison tracing: enabled 2025/07/05 21:23:11 extra coverage: enabled 2025/07/05 21:23:11 setuid sandbox: enabled 2025/07/05 21:23:11 namespace sandbox: enabled 2025/07/05 21:23:11 Android sandbox: enabled 2025/07/05 21:23:11 fault injection: enabled 2025/07/05 21:23:11 leak checking: enabled 2025/07/05 21:23:11 net packet injection: enabled 2025/07/05 21:23:11 net device setup: enabled 2025/07/05 21:23:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/05 21:23:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/05 21:23:11 USB emulation: enabled 2025/07/05 21:23:11 hci packet injection: enabled 2025/07/05 21:23:11 wifi device emulation: enabled 2025/07/05 21:23:11 802.15.4 emulation: enabled 2025/07/05 21:23:11 fetching corpus: 0, signal 0/0 (executing program) 2025/07/05 21:23:12 starting 8 fuzzer processes 21:23:12 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'gretap0\x00'}) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000080)=@gcm_256={{0x304}, "37c2394ffba3eb71", "fbfa70a45722f3b0b16e64e55ab207a764b5d55765349f7eed29b73950daa0b4", "22ed50b2", "418317157eb21921"}, 0x38) ioctl$TUNSETGROUP(r0, 0x400454ce, 0xee01) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'macvlan1\x00'}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x422000, 0x0) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000140)=0x1) ioctl$TUNSETOWNER(r1, 0x400454cc, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x40001, 0x0) ioctl$TUNSETOWNER(r2, 0x400454cc, 0xffffffffffffffff) syz_open_dev$usbmon(&(0x7f00000001c0), 0x7, 0x404000) ioctl$TUNGETFILTER(r2, 0x801054db, &(0x7f0000000200)=""/96) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000280)={0x1f, 0x33}, 0x2) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f00000002c0)=0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000300)={0x80, 0x9, 0x5, 0x2}, 0x14) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/consoles\x00', 0x0, 0x0) ioctl$TUNSETVNETBE(r4, 0x400454de, &(0x7f0000000380)=0x1) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4) setsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000400)=0x3, 0x1) 21:23:12 executing program 1: mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x10, 0xffffffffffffffff, 0x401) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{0x303}, "b0a372e6172cd972", "3716495760f270200f6704782ab5070b", "4db8066a", "b648d1f0ef146429"}, 0x28) fstat(r0, &(0x7f0000000040)) r1 = socket(0x1f, 0x8d1360d9532183da, 0xffffffff) setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "5f6510496f7fdff1", "e8bebac768aae184882a4a6c5fa8918c", "003acdda", "26ce24d5515ca521"}, 0x28) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000140)=0x14) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4) r2 = socket(0x23, 0x1, 0x1) setsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, &(0x7f00000001c0)="c039469a71e051bf5f7b58010e82b3a2f48ef0e69b72b6168e865f1241d07e24c2188a3659d846bf21d6565af6efa8e87129d6bdbbc98291cdfa870c953989de0605bcd28175b8adb529dcdc8534288ff5c75643e1307f068db830fd874f622d10f2f8c641913eaf2e7f096241e75ee8da16e2132d80181638776cf8ab0660119f78808ef2d3e9e3f68dfc4688d7a7e01aa95c1912a0dccc42b6a3ffbf1b97b4f5831f28b895fc2b82d9bfb26bb0864a18dff1a931741f86dfd47fef27d73701ef528ae16d98d5f2d31aad7aa1bb26bf39ac980eba009a0695137f629645c5316ac6d075ac4d88c4bdca564f997ac1756d4d40db310f09", 0xf7) mmap$perf(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x100000b, 0x10, 0xffffffffffffffff, 0xa398567) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r3, 0x6, 0x15, &(0x7f00000002c0)=0xa5e7, 0x4) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/diskstats\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000340)="c6a1c8f45281fff1e7874dd76ee5c00d", 0x10) ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f0000000380)=0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TUNSETNOCSUM(r4, 0x400454c8, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000003c0)=0x2, 0x4) 21:23:12 executing program 2: ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000000)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000040)) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080), 0x4) rt_sigsuspend(&(0x7f00000000c0)={[0x70]}, 0x8) fstat(r0, &(0x7f0000000100)) socketpair(0x25, 0x5, 0x7fff, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/242, 0xf2, 0x0, &(0x7f00000002c0)=""/111, 0x6f}, &(0x7f0000000380)=0x40) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000003c0), 0x4) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/vmstat\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000440), 0x4) clock_gettime(0x0, &(0x7f0000000540)={0x0, 0x0}) rt_sigtimedwait(&(0x7f0000000480)={[0x7]}, &(0x7f00000004c0), &(0x7f0000000580)={r4, r5+10000000}, 0x8) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f00000005c0)=0x1, 0x4) io_uring_setup(0x246e, &(0x7f0000000600)={0x0, 0x9137, 0x8, 0x0, 0x2f5, 0x0, r3}) getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000680)=0x8, &(0x7f00000006c0)=0x2) setsockopt$inet6_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000700)=@gcm_256={{0x303}, "9f115c501383aead", "302e4401e2bb140fd085136c1f1df63980b3e410c29ea6ef3ed1691b934a5b94", "e61e0802", "8081fbdd498c1cf6"}, 0x38) setsockopt$inet6_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000740)=@ccm_128={{0x304}, "48366f6403e52204", "1a6cddf0bc837bc730d155fb2882d4c9", "6088ee02", "498df24215ff2942"}, 0x28) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000780)='/proc/diskstats\x00', 0x0, 0x0) setsockopt$inet6_tcp_buf(r6, 0x6, 0xd, &(0x7f00000007c0)="ccf2d5a7a71786f28a7d6e473696eca9ae86fda311d785346c6d7b77db963cae8205b47e59ac0e7d0ea0c4c0d051f8507a5c34d22fa373e4ff772085bdf5b5fb1d53629acf3182805d5ce1cce4a457", 0x4f) 21:23:12 executing program 3: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/171, 0xab, 0x0, &(0x7f00000000c0)=""/88, 0x58}, &(0x7f0000000180)=0x40) socketpair(0x22, 0x5, 0xff, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/52, 0x34, 0x0, &(0x7f0000000240)=""/17, 0x11}, &(0x7f00000002c0)=0x40) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000300), &(0x7f0000000340)=0x14) setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000380)=@gcm_256={{0x303}, "b969f3a00dbe973e", "9af3b14fa643f00e80e4914c1c0a03cdf5af0f368480a8bcd4d3cd39f33e8291", "bbffc8bb", "41c62c7ede82675f"}, 0x38) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000540)={&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/236, 0xec, 0x0, &(0x7f00000004c0)=""/73, 0x49}, &(0x7f0000000580)=0x40) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f00000005c0)) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000600)='/proc/timer_list\x00', 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000800)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000640)=""/172, 0xac, 0x1, &(0x7f0000000700)=""/203, 0xcb}, &(0x7f0000000840)=0x40) r3 = syz_io_uring_setup(0x6db5, &(0x7f0000000880)={0x0, 0xc450, 0x0, 0x1, 0x28f, 0x0, r2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000900), &(0x7f0000000940)) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xa, 0x8010, r3, 0x87a53000) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000008, 0x8010, r3, 0x8000000) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000980)='/proc/bus/input/handlers\x00', 0x0, 0x0) getsockopt$WPAN_SECURITY_LEVEL(r4, 0x0, 0x2, &(0x7f00000009c0), &(0x7f0000000a00)=0x4) setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000a40)=0x832, 0x2) r5 = socket(0x1a, 0x800, 0x10001) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a80)='/proc/sysvipc/shm\x00', 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000ac0)={'macvtap0\x00'}) getsockopt$bt_BT_POWER(r5, 0x112, 0x9, &(0x7f0000000b00)=0x6, &(0x7f0000000b40)=0x1) fstat(0xffffffffffffffff, &(0x7f0000000b80)) [ 68.038928] audit: type=1400 audit(1751750592.694:7): avc: denied { execmem } for pid=273 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 21:23:12 executing program 4: ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000000)=""/196) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000100)) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x339) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x10000, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000180)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x816229c2341c8063, 0x0) ioctl$TUNGETSNDBUF(r2, 0x800454d3, &(0x7f0000000240)) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000280), &(0x7f00000002c0)=0x14) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000300)=0x4) ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000340)=0x1) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000380)=0xff, 0x4) ioctl$TUNGETFILTER(r2, 0x801054db, &(0x7f00000003c0)=""/128) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xb, &(0x7f0000000440)="1b30fe512abe91b34accfb5965c773bd02f2d25e59ea331ec6cd4a47fb9d1b3540fe624b4f7aaa05fd5c6f5ea57396a76033002e8e93149ed9f84fe042310e15421713f8e08cbca1993392ef1ca93017382921407249687aff72f0037024e13f108292873eeab8b072942577d18f27a02f9875a5e487e8c0addbcf59f496823d66c2f6435fcf5c835015e19c4ec1c8c00876fb93efdfa910ad27c94d1d0dc0744ad9f20c428d7b136d0c33d2aa34a2cad888d64b1198587f021b139fc02803449cd0b7ed", 0xc4) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000540)='/proc/locks\x00', 0x0, 0x0) ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000580)={0x0, 0x4, [@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @broadcast, @multicast]}) setsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f00000005c0)=0x101, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000600), 0x80, 0x0) 21:23:12 executing program 5: io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000000), 0x1) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14) socketpair(0x2, 0x5, 0x9, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100), 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x9, &(0x7f0000000140), &(0x7f0000000180)=0x4) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000001c0)=0x5, 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = io_uring_setup(0x34ef, &(0x7f0000000200)={0x0, 0xf5bc, 0x10, 0x2, 0x7c}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x7, &(0x7f0000000280), 0x1) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/consoles\x00', 0x0, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000300)=0x401, 0x4) write$cgroup_pressure(r4, &(0x7f0000000340)={'some', 0x20, 0x4, 0x20, 0x1}, 0x2f) getsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000380), &(0x7f00000003c0)=0x10) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000400)="02ffeace8e0394ba0f51eb0c2d290856", 0x10) socketpair(0x25, 0x2, 0x4cd4, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f0000000480), 0x2) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000004c0), 0x4) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000500)='tls\x00', &(0x7f0000000540)='/proc/consoles\x00', 0x0) setsockopt$inet6_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000580)=@ccm_128={{0x304}, "01d79a8b67614b9e", "bf470634eb6bcd5c1d29b72d9cc5bb22", "88df984c", "e53d89208cda674d"}, 0x28) 21:23:12 executing program 6: rt_sigtimedwait(&(0x7f0000000000)={[0x101]}, &(0x7f0000000040), &(0x7f00000000c0), 0x8) clock_gettime(0x3, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f0000000140)) clock_settime(0x5, &(0x7f0000000180)={0x0, 0x3938700}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80040, 0x0) clock_gettime(0x5, &(0x7f0000000200)) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000240), 0x0) clock_settime(0x2, &(0x7f0000000280)) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) clock_settime(0x2, &(0x7f0000000300)={r1, r2+60000000}) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000340)=0x9, 0x4) ioctl$TUNSETLINK(r0, 0x400454cd, 0x4) clock_gettime(0x7, &(0x7f0000000380)) pselect6(0x40, &(0x7f00000003c0)={0xfffffffffffffffc, 0x8, 0x9, 0x1, 0x7, 0x80000001, 0x80, 0x3}, &(0x7f0000000400)={0x97, 0x2, 0x8, 0x10001, 0x52, 0x1000, 0x800, 0x6}, &(0x7f0000000440)={0x3, 0x87a, 0x8000, 0x2, 0x7fffffff, 0x2, 0x0, 0xffffffffffffeb56}, &(0x7f0000000480)={0x0, 0x3938700}, &(0x7f0000000500)={&(0x7f00000004c0)={[0x4f08]}, 0x8}) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000540)='/proc/asound/timers\x00', 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/timer_list\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r4, 0x408c5333, &(0x7f00000005c0)={0xfff, 0x6, 0x1, 'queue1\x00', 0x4}) syz_open_dev$usbmon(&(0x7f0000000680), 0x100, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000740), 0x1) 21:23:12 executing program 7: ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f0000000000)={0xfffffc00, 0x4, 0x0, 'queue0\x00', 0x4}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0xbeb9, 0x7, 0x1, 'queue1\x00', 0x2}) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f00000001c0)={0x9, 0x1, 0xffffffff, 0x8, 0x98, 0x8}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/mdstat\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000280)={0x63, 0x1, 0x0, 'queue0\x00', 0xba}) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/tty/drivers\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0xc0a85352, &(0x7f0000000380)={{0xff, 0x1d}, 'port0\x00', 0x0, 0x4, 0x9, 0x20, 0x9, 0x0, 0x8, 0x0, 0x2, 0x9}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000440)={0x6, 0x6, 0x1, 'queue1\x00', 0x5}) openat$cgroup_devices(r1, &(0x7f0000000500)='devices.deny\x00', 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000540)='/proc/vmallocinfo\x00', 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f00000005c0)='devices.allow\x00', 0x2, 0x0) timerfd_gettime(r0, &(0x7f0000000600)) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000640), 0x2) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000680)={0x20, @time={0xd716, 0x320480}, 0x9, {0x6, 0xff}, 0x4, 0x2, 0x40}) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000006c0)='/proc/vmallocinfo\x00', 0x0, 0x0) timerfd_gettime(r5, &(0x7f0000000700)) [ 69.257987] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.260130] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.263110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.266405] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.268574] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.330799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.335587] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.338596] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.347654] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.350690] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.352631] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.354670] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 69.359423] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.360760] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.363579] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 69.365318] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.366858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.368947] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 69.370205] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.371611] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.373530] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.376101] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.378950] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.380019] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.385526] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.388403] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 69.390526] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.390841] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 69.391885] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.393808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.396416] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.401429] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 69.402616] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.407403] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.412398] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.423585] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.434626] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 69.436458] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 69.443503] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.445361] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.707229] [ 69.707818] ============================= [ 69.708652] WARNING: suspicious RCU usage [ 69.709492] 6.16.0-rc4-next-20250704 #1 Not tainted [ 69.711027] ----------------------------- [ 69.712263] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 69.714022] [ 69.714022] other info that might help us debug this: [ 69.714022] [ 69.715674] [ 69.715674] rcu_scheduler_active = 2, debug_locks = 1 [ 69.717018] 3 locks held by syz-executor.3/284: [ 69.718040] #0: ffff888007102400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 69.720215] #1: ffff88800c12a618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 69.722195] #2: ffff88801c93a248 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 69.724055] [ 69.724055] stack backtrace: [ 69.725097] CPU: 0 UID: 0 PID: 284 Comm: syz-executor.3 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 69.725125] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 69.725137] Call Trace: [ 69.725144] [ 69.725153] dump_stack_lvl+0xfa/0x120 [ 69.725186] lockdep_rcu_suspicious+0x152/0x1c0 [ 69.725212] proc_sys_compare+0x28a/0x340 [ 69.725233] ? __pfx_proc_sys_compare+0x10/0x10 [ 69.725255] d_same_name+0x229/0x2e0 [ 69.725290] d_alloc_parallel+0x7c1/0x1330 [ 69.725326] ? __pfx_d_alloc_parallel+0x10/0x10 [ 69.725352] ? __pfx_default_wake_function+0x10/0x10 [ 69.725383] ? __d_lookup+0x25f/0x490 [ 69.725415] lookup_open.isra.0+0x64f/0x1530 [ 69.725447] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 69.725490] ? mnt_get_write_access+0x81/0x2d0 [ 69.725510] ? mnt_get_write_access+0x1ea/0x2d0 [ 69.725537] path_openat+0xc26/0x2880 [ 69.725576] ? __lock_acquire+0x694/0x1b70 [ 69.725597] ? __pfx_path_openat+0x10/0x10 [ 69.725636] do_filp_open+0x1e8/0x450 [ 69.725664] ? __pfx_do_filp_open+0x10/0x10 [ 69.725705] ? find_held_lock+0x2b/0x80 [ 69.725733] ? alloc_fd+0x2c1/0x560 [ 69.725759] ? lock_release+0xc8/0x290 [ 69.725786] ? alloc_fd+0x2c1/0x560 [ 69.725822] do_sys_openat2+0x104/0x1b0 [ 69.725846] ? __pfx_do_sys_openat2+0x10/0x10 [ 69.725870] ? rcu_read_unlock+0x2d/0xb0 [ 69.725892] ? lock_release+0xc8/0x290 [ 69.725920] __x64_sys_openat+0x142/0x200 [ 69.725944] ? __pfx___x64_sys_openat+0x10/0x10 [ 69.725974] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 69.726010] do_syscall_64+0xbf/0x360 [ 69.726035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.726058] RIP: 0033:0x7f3bbacb4a04 [ 69.726074] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 69.726094] RSP: 002b:00007ffcd787d3e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 69.726113] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f3bbacb4a04 [ 69.726127] RDX: 0000000000080001 RSI: 00007f3bbad6b264 RDI: 00000000ffffff9c [ 69.726140] RBP: 00007f3bbad6b264 R08: 0000000000000000 R09: 00007ffcd787d3d0 [ 69.726153] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 69.726165] R13: 00007ffcd787d480 R14: 0000000000000000 R15: 00000000000000f8 [ 69.726194] [ 71.289804] Bluetooth: hci0: command tx timeout [ 71.419219] Bluetooth: hci1: command tx timeout [ 71.480356] Bluetooth: hci4: command tx timeout [ 71.481011] Bluetooth: hci5: command tx timeout [ 71.481893] Bluetooth: hci2: command tx timeout [ 71.482386] Bluetooth: hci3: command tx timeout [ 71.482842] Bluetooth: hci7: command tx timeout [ 71.544219] Bluetooth: hci6: command tx timeout [ 73.336886] Bluetooth: hci0: command tx timeout [ 73.464257] Bluetooth: hci1: command tx timeout [ 73.530285] Bluetooth: hci2: command tx timeout [ 73.530355] Bluetooth: hci4: command tx timeout [ 73.530708] Bluetooth: hci7: command tx timeout [ 73.531080] Bluetooth: hci3: command tx timeout [ 73.532099] Bluetooth: hci5: command tx timeout [ 73.592224] Bluetooth: hci6: command tx timeout [ 75.384326] Bluetooth: hci0: command tx timeout [ 75.512318] Bluetooth: hci1: command tx timeout [ 75.577332] Bluetooth: hci3: command tx timeout [ 75.577766] Bluetooth: hci5: command tx timeout [ 75.578143] Bluetooth: hci7: command tx timeout [ 75.578555] Bluetooth: hci4: command tx timeout [ 75.578938] Bluetooth: hci2: command tx timeout [ 75.640216] Bluetooth: hci6: command tx timeout [ 77.432295] Bluetooth: hci0: command tx timeout [ 77.560858] Bluetooth: hci1: command tx timeout [ 77.624414] Bluetooth: hci3: command tx timeout [ 77.625312] Bluetooth: hci2: command tx timeout [ 77.625344] Bluetooth: hci4: command tx timeout [ 77.626011] Bluetooth: hci7: command tx timeout [ 77.626437] Bluetooth: hci5: command tx timeout [ 77.688428] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 21:23:14 Registers: info registers vcpu 0 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828b59b0 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff88801806f2a0 R8 =0000000000000001 R9 =ffffed100300de45 R10=0000000000000000 R11=0000000000000001 R12=000000000000005f R13=ffffffff8871def0 R14=ffffffff8871dea0 R15=ffffffff8871e160 RIP=ffffffff828b5a05 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556b8c1400 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f03d202e260 CR3=000000000d848000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=00000000b7d27e35 RBX=000000005d6c5bc0 RCX=000000002da9383f RDX=000000000000000b RSI=ffff8880169dfa0c RDI=0000000000000007 RBP=0000000000000001 RSP=ffff8880169df968 R8 =0000000099889d56 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000000 R13=0000000000000cc0 R14=ffff8880169df9d0 R15=000000000000000b RIP=ffffffff825c07ad RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd25f338580 CR3=000000000dce4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000