Warning: Permanently added '[localhost]:2583' (ECDSA) to the list of known hosts. 2025/07/03 09:46:03 fuzzer started 2025/07/03 09:46:03 dialing manager at localhost:33709 syzkaller login: [ 58.882169] cgroup: Unknown subsys name 'net' [ 58.967257] cgroup: Unknown subsys name 'cpuset' [ 59.012143] cgroup: Unknown subsys name 'rlimit' 2025/07/03 09:46:14 syscalls: 2214 2025/07/03 09:46:14 code coverage: enabled 2025/07/03 09:46:14 comparison tracing: enabled 2025/07/03 09:46:14 extra coverage: enabled 2025/07/03 09:46:14 setuid sandbox: enabled 2025/07/03 09:46:14 namespace sandbox: enabled 2025/07/03 09:46:14 Android sandbox: enabled 2025/07/03 09:46:14 fault injection: enabled 2025/07/03 09:46:14 leak checking: enabled 2025/07/03 09:46:14 net packet injection: enabled 2025/07/03 09:46:14 net device setup: enabled 2025/07/03 09:46:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/03 09:46:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/03 09:46:14 USB emulation: enabled 2025/07/03 09:46:14 hci packet injection: enabled 2025/07/03 09:46:14 wifi device emulation: enabled 2025/07/03 09:46:14 802.15.4 emulation: enabled 2025/07/03 09:46:14 fetching corpus: 0, signal 0/2000 (executing program) 2025/07/03 09:46:14 fetching corpus: 26, signal 18187/20347 (executing program) 2025/07/03 09:46:14 fetching corpus: 54, signal 26708/28567 (executing program) 2025/07/03 09:46:14 fetching corpus: 80, signal 29390/31371 (executing program) 2025/07/03 09:46:14 fetching corpus: 118, signal 31763/33593 (executing program) 2025/07/03 09:46:14 fetching corpus: 152, signal 37950/38123 (executing program) 2025/07/03 09:46:14 fetching corpus: 154, signal 38126/38342 (executing program) 2025/07/03 09:46:14 fetching corpus: 155, signal 38164/38401 (executing program) 2025/07/03 09:46:14 fetching corpus: 155, signal 38164/38427 (executing program) 2025/07/03 09:46:14 fetching corpus: 155, signal 38164/38456 (executing program) 2025/07/03 09:46:14 fetching corpus: 155, signal 38164/38490 (executing program) 2025/07/03 09:46:14 fetching corpus: 155, signal 38164/38522 (executing program) 2025/07/03 09:46:14 fetching corpus: 156, signal 38191/38561 (executing program) 2025/07/03 09:46:14 fetching corpus: 156, signal 38191/38590 (executing program) 2025/07/03 09:46:14 fetching corpus: 156, signal 38191/38611 (executing program) 2025/07/03 09:46:14 fetching corpus: 156, signal 38191/38632 (executing program) 2025/07/03 09:46:14 fetching corpus: 156, signal 38191/38660 (executing program) 2025/07/03 09:46:14 fetching corpus: 157, signal 38516/39012 (executing program) 2025/07/03 09:46:14 fetching corpus: 157, signal 38555/39076 (executing program) 2025/07/03 09:46:14 fetching corpus: 157, signal 38555/39080 (executing program) 2025/07/03 09:46:14 fetching corpus: 158, signal 38890/39415 (executing program) 2025/07/03 09:46:14 fetching corpus: 158, signal 38890/39415 (executing program) 2025/07/03 09:46:16 starting 8 fuzzer processes 09:46:16 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x0, @loopback}, {}, 0x0, {}, 'geneve0\x00'}) 09:46:16 executing program 2: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x9437cd3fee1a31e5, 0x0, 0x0) 09:46:16 executing program 4: syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[{@fat=@gid={'gid', 0x3d, 0xee01}}]}) 09:46:16 executing program 3: creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0x0, 0xfffffffffffffff7, 0x4ff5}) 09:46:16 executing program 5: openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/kexec_crash_size', 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0xc020660b, &(0x7f00000000c0)={0x0, 0x0, 0xcf}) 09:46:16 executing program 1: clock_gettime(0x5, &(0x7f0000000040)) [ 71.545857] audit: type=1400 audit(1751535976.780:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:46:16 executing program 6: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) vmsplice(r0, &(0x7f00000005c0)=[{&(0x7f00000000c0)="04", 0x1}], 0x1, 0x0) write$hidraw(r1, &(0x7f0000000680)=':', 0x1) 09:46:16 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000000)={0x0, 0x0, 0x3fe}) [ 72.764668] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.771278] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.774242] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.776473] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.779153] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.781461] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.786623] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.788779] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.788965] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.792752] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.793155] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.794759] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.798428] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.805317] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.805346] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.809589] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.809804] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.812878] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.814931] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.815878] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.826991] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.827032] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.831228] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.844248] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.857741] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.864960] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 72.866299] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 72.866746] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 72.874724] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 72.876349] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 72.878411] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 72.880179] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 72.882032] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 72.883664] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 72.885477] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 72.892227] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 72.894747] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.897881] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.920757] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 72.922883] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.134552] [ 73.135191] ============================= [ 73.135884] WARNING: suspicious RCU usage [ 73.136492] 6.16.0-rc4-next-20250703 #1 Not tainted [ 73.139396] ----------------------------- [ 73.142297] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 73.144957] [ 73.144957] other info that might help us debug this: [ 73.144957] [ 73.146662] [ 73.146662] rcu_scheduler_active = 2, debug_locks = 1 [ 73.147752] 3 locks held by syz-executor.6/289: [ 73.148443] #0: ffff88800fcec400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 73.149824] #1: ffff88800c136618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 73.151339] #2: ffff88801f038538 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 73.152729] [ 73.152729] stack backtrace: [ 73.153406] CPU: 1 UID: 0 PID: 289 Comm: syz-executor.6 Not tainted 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 73.153433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 73.153445] Call Trace: [ 73.153454] [ 73.153462] dump_stack_lvl+0xfa/0x120 [ 73.153507] lockdep_rcu_suspicious+0x152/0x1c0 [ 73.153534] proc_sys_compare+0x28a/0x340 [ 73.153555] ? __pfx_proc_sys_compare+0x10/0x10 [ 73.153578] d_same_name+0x229/0x2e0 [ 73.153614] d_alloc_parallel+0x7c1/0x1330 [ 73.153651] ? __pfx_d_alloc_parallel+0x10/0x10 [ 73.153678] ? __pfx_default_wake_function+0x10/0x10 [ 73.153710] ? __d_lookup+0x25f/0x490 [ 73.153743] lookup_open.isra.0+0x64f/0x1530 [ 73.153776] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 73.153820] ? mnt_get_write_access+0x81/0x2d0 [ 73.153839] ? mnt_get_write_access+0x1ea/0x2d0 [ 73.153868] path_openat+0xc26/0x2880 [ 73.153908] ? __lock_acquire+0x694/0x1b70 [ 73.153929] ? __pfx_path_openat+0x10/0x10 [ 73.153969] do_filp_open+0x1e8/0x450 [ 73.154000] ? __pfx_do_filp_open+0x10/0x10 [ 73.154042] ? find_held_lock+0x2b/0x80 [ 73.154071] ? alloc_fd+0x2c1/0x560 [ 73.154098] ? lock_release+0xc8/0x290 [ 73.154125] ? alloc_fd+0x2c1/0x560 [ 73.154162] do_sys_openat2+0x104/0x1b0 [ 73.154187] ? __pfx_do_sys_openat2+0x10/0x10 [ 73.154212] ? rcu_read_unlock+0x2d/0xb0 [ 73.154234] ? lock_release+0xc8/0x290 [ 73.154262] __x64_sys_openat+0x142/0x200 [ 73.154287] ? __pfx___x64_sys_openat+0x10/0x10 [ 73.154318] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 73.154356] do_syscall_64+0xbf/0x360 [ 73.154380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.154402] RIP: 0033:0x7f224d522a04 [ 73.154419] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 73.154439] RSP: 002b:00007ffd17558c20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 73.154459] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f224d522a04 [ 73.154473] RDX: 0000000000080001 RSI: 00007f224d5c8f61 RDI: 00000000ffffff9c [ 73.154486] RBP: 00007f224d5c8f61 R08: 0000000000000000 R09: 00007ffd17558c10 [ 73.154499] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 73.154512] R13: 00007ffd17558cc0 R14: 0000000000000000 R15: 00000000000000f8 [ 73.154541] [ 74.860102] Bluetooth: hci2: command tx timeout [ 74.860276] Bluetooth: hci1: command tx timeout [ 74.860840] Bluetooth: hci0: command tx timeout [ 74.925577] Bluetooth: hci4: command tx timeout [ 74.926735] Bluetooth: hci3: command tx timeout [ 74.988161] Bluetooth: hci7: command tx timeout [ 74.989306] Bluetooth: hci6: command tx timeout [ 75.051651] Bluetooth: hci5: command tx timeout [ 76.908602] Bluetooth: hci1: command tx timeout [ 76.909080] Bluetooth: hci0: command tx timeout [ 76.909246] Bluetooth: hci2: command tx timeout [ 76.972933] Bluetooth: hci4: command tx timeout [ 76.973092] Bluetooth: hci3: command tx timeout [ 77.035577] Bluetooth: hci7: command tx timeout [ 77.035618] Bluetooth: hci6: command tx timeout [ 77.099862] Bluetooth: hci5: command tx timeout [ 78.955671] Bluetooth: hci0: command tx timeout [ 78.955787] Bluetooth: hci1: command tx timeout [ 78.956150] Bluetooth: hci2: command tx timeout [ 79.021650] Bluetooth: hci3: command tx timeout [ 79.022113] Bluetooth: hci4: command tx timeout [ 79.083741] Bluetooth: hci7: command tx timeout [ 79.085141] Bluetooth: hci6: command tx timeout [ 79.148519] Bluetooth: hci5: command tx timeout [ 81.003627] Bluetooth: hci1: command tx timeout [ 81.003704] Bluetooth: hci0: command tx timeout [ 81.004560] Bluetooth: hci2: command tx timeout [ 81.067648] Bluetooth: hci3: command tx timeout [ 81.067753] Bluetooth: hci4: command tx timeout [ 81.131584] Bluetooth: hci6: command tx timeout [ 81.131633] Bluetooth: hci7: command tx timeout [ 81.195607] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 09:46:18 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff818d0f2c RDX=ffff888039e0b700 RSI=0000000000000000 RDI=0000000000000000 RBP=ffffea0001b3a540 RSP=ffff888039e17b28 R8 =0000000000000001 R9 =fffff940003674ae R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000004 R15=ffff88800bf784b8 RIP=ffffffff81735884 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb734704088 CR3=0000000039e4b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5535 RDI=ffffffff8871ef20 RBP=ffffffff8871eee0 RSP=ffff888016e4f2b8 R8 =0000000000000000 R9 =ffffed100148f046 R10=000000000000002f R11=0000000000000001 R12=000000000000002f R13=0000000000000010 R14=ffffffff8871eee0 R15=ffffffff828b5520 RIP=ffffffff828b558d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055557ebbb400 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe4c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0dab3b6028 CR3=0000000038499000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff00ffffffffffffffffffffff00ff XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000