Warning: Permanently added '[localhost]:21631' (ECDSA) to the list of known hosts. 2025/07/03 09:47:18 fuzzer started 2025/07/03 09:47:18 dialing manager at localhost:33709 syzkaller login: [ 48.918997] cgroup: Unknown subsys name 'net' [ 49.002275] cgroup: Unknown subsys name 'cpuset' [ 49.031638] cgroup: Unknown subsys name 'rlimit' 2025/07/03 09:47:28 syscalls: 2214 2025/07/03 09:47:28 code coverage: enabled 2025/07/03 09:47:28 comparison tracing: enabled 2025/07/03 09:47:28 extra coverage: enabled 2025/07/03 09:47:28 setuid sandbox: enabled 2025/07/03 09:47:28 namespace sandbox: enabled 2025/07/03 09:47:28 Android sandbox: enabled 2025/07/03 09:47:28 fault injection: enabled 2025/07/03 09:47:28 leak checking: enabled 2025/07/03 09:47:28 net packet injection: enabled 2025/07/03 09:47:28 net device setup: enabled 2025/07/03 09:47:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/03 09:47:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/03 09:47:28 USB emulation: enabled 2025/07/03 09:47:28 hci packet injection: enabled 2025/07/03 09:47:28 wifi device emulation: enabled 2025/07/03 09:47:28 802.15.4 emulation: enabled 2025/07/03 09:47:28 fetching corpus: 0, signal 0/2000 (executing program) 2025/07/03 09:47:29 fetching corpus: 37, signal 22491/25294 (executing program) 2025/07/03 09:47:29 fetching corpus: 67, signal 27610/31379 (executing program) 2025/07/03 09:47:29 fetching corpus: 101, signal 32778/37294 (executing program) 2025/07/03 09:47:29 fetching corpus: 145, signal 38944/43726 (executing program) 2025/07/03 09:47:29 fetching corpus: 194, signal 42977/48077 (executing program) 2025/07/03 09:47:29 fetching corpus: 244, signal 47405/52519 (executing program) 2025/07/03 09:47:29 fetching corpus: 294, signal 52571/57297 (executing program) 2025/07/03 09:47:29 fetching corpus: 343, signal 54793/59605 (executing program) 2025/07/03 09:47:29 fetching corpus: 393, signal 56598/61478 (executing program) 2025/07/03 09:47:30 fetching corpus: 442, signal 58950/63596 (executing program) 2025/07/03 09:47:30 fetching corpus: 492, signal 62038/66095 (executing program) 2025/07/03 09:47:30 fetching corpus: 540, signal 64101/67842 (executing program) 2025/07/03 09:47:30 fetching corpus: 590, signal 67143/70059 (executing program) 2025/07/03 09:47:30 fetching corpus: 639, signal 69159/71482 (executing program) 2025/07/03 09:47:30 fetching corpus: 689, signal 71677/73097 (executing program) 2025/07/03 09:47:30 fetching corpus: 730, signal 73780/74379 (executing program) 2025/07/03 09:47:30 fetching corpus: 730, signal 73782/74424 (executing program) 2025/07/03 09:47:30 fetching corpus: 730, signal 73782/74463 (executing program) 2025/07/03 09:47:30 fetching corpus: 730, signal 73782/74504 (executing program) 2025/07/03 09:47:31 fetching corpus: 730, signal 73782/74539 (executing program) 2025/07/03 09:47:31 fetching corpus: 730, signal 73782/74582 (executing program) 2025/07/03 09:47:31 fetching corpus: 730, signal 73782/74613 (executing program) 2025/07/03 09:47:31 fetching corpus: 730, signal 73782/74645 (executing program) 2025/07/03 09:47:31 fetching corpus: 730, signal 73782/74677 (executing program) 2025/07/03 09:47:31 fetching corpus: 730, signal 73782/74717 (executing program) 2025/07/03 09:47:31 fetching corpus: 732, signal 73815/74776 (executing program) 2025/07/03 09:47:31 fetching corpus: 732, signal 73815/74799 (executing program) 2025/07/03 09:47:31 fetching corpus: 732, signal 73815/74839 (executing program) 2025/07/03 09:47:31 fetching corpus: 732, signal 73815/74871 (executing program) 2025/07/03 09:47:31 fetching corpus: 732, signal 73815/74924 (executing program) 2025/07/03 09:47:31 fetching corpus: 732, signal 73815/74957 (executing program) 2025/07/03 09:47:31 fetching corpus: 733, signal 73826/74997 (executing program) 2025/07/03 09:47:31 fetching corpus: 735, signal 73893/75077 (executing program) 2025/07/03 09:47:31 fetching corpus: 736, signal 73895/75113 (executing program) 2025/07/03 09:47:31 fetching corpus: 737, signal 73910/75162 (executing program) 2025/07/03 09:47:31 fetching corpus: 738, signal 73937/75236 (executing program) 2025/07/03 09:47:31 fetching corpus: 738, signal 73937/75256 (executing program) 2025/07/03 09:47:31 fetching corpus: 738, signal 73937/75256 (executing program) 2025/07/03 09:47:33 starting 8 fuzzer processes 09:47:33 executing program 0: r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0) ioctl$CDROM_SEND_PACKET(r0, 0x5317, &(0x7f0000000700)={"16cccdfe94ff03208000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:47:33 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40189206, &(0x7f0000000080)) ioctl$MON_IOCX_GET(r0, 0xc0109207, &(0x7f0000000240)={0x0, 0x0}) 09:47:33 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000000)=0x8, 0x4) 09:47:33 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x10ca, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) 09:47:33 executing program 4: nanosleep(&(0x7f0000000040)={0x0, 0x3938700}, 0x0) [ 63.681334] audit: type=1400 audit(1751536053.697:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:47:33 executing program 5: capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0xb4948e5}) 09:47:33 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x2f}) 09:47:33 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xad7d, 0x0, "8f75a053465ade96"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xa) [ 65.014906] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.016783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.021017] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.023103] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.025326] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.027431] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.033781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.036712] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.038302] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.040705] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.044308] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.047017] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.050255] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.062069] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.067108] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.079517] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.099288] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.102030] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.108367] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.110517] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.112475] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.114836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.115977] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.118456] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.125171] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.128413] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.134247] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.135980] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.138372] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.140000] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.141315] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.144365] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.145623] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.146787] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.149061] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.152267] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.156368] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.166630] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.167722] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 65.170064] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.443312] [ 65.444262] ============================= [ 65.445222] WARNING: suspicious RCU usage [ 65.446278] 6.16.0-rc4-next-20250703 #1 Not tainted [ 65.448309] ----------------------------- [ 65.450714] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 65.454502] [ 65.454502] other info that might help us debug this: [ 65.454502] [ 65.456110] [ 65.456110] rcu_scheduler_active = 2, debug_locks = 1 [ 65.457202] 3 locks held by syz-executor.3/289: [ 65.458015] #0: ffff88800fa1c400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 65.459352] #1: ffff88800c136618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 65.460814] #2: ffff88801aa320d0 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 65.462188] [ 65.462188] stack backtrace: [ 65.462874] CPU: 0 UID: 0 PID: 289 Comm: syz-executor.3 Not tainted 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 65.462902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 65.462914] Call Trace: [ 65.462923] [ 65.462931] dump_stack_lvl+0xfa/0x120 [ 65.462970] lockdep_rcu_suspicious+0x152/0x1c0 [ 65.462997] proc_sys_compare+0x28a/0x340 [ 65.463017] ? __pfx_proc_sys_compare+0x10/0x10 [ 65.463046] d_same_name+0x229/0x2e0 [ 65.463099] d_alloc_parallel+0x7c1/0x1330 [ 65.463155] ? __pfx_d_alloc_parallel+0x10/0x10 [ 65.463196] ? __pfx_default_wake_function+0x10/0x10 [ 65.463231] ? __d_lookup+0x25f/0x490 [ 65.463263] lookup_open.isra.0+0x64f/0x1530 [ 65.463296] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 65.463339] ? mnt_get_write_access+0x81/0x2d0 [ 65.463359] ? mnt_get_write_access+0x1ea/0x2d0 [ 65.463387] path_openat+0xc26/0x2880 [ 65.463427] ? __lock_acquire+0x694/0x1b70 [ 65.463449] ? __pfx_path_openat+0x10/0x10 [ 65.463489] do_filp_open+0x1e8/0x450 [ 65.463519] ? __pfx_do_filp_open+0x10/0x10 [ 65.463560] ? find_held_lock+0x2b/0x80 [ 65.463606] ? alloc_fd+0x2c1/0x560 [ 65.463633] ? lock_release+0xc8/0x290 [ 65.463661] ? alloc_fd+0x2c1/0x560 [ 65.463699] do_sys_openat2+0x104/0x1b0 [ 65.463724] ? __pfx_do_sys_openat2+0x10/0x10 [ 65.463750] ? __fput+0x67b/0xb50 [ 65.463779] __x64_sys_openat+0x142/0x200 [ 65.463810] ? __pfx___x64_sys_openat+0x10/0x10 [ 65.463834] ? __pfx_fput_close_sync+0x10/0x10 [ 65.463869] do_syscall_64+0xbf/0x360 [ 65.463893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.463914] RIP: 0033:0x7febc6682a04 [ 65.463932] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 65.463952] RSP: 002b:00007ffe1cf701d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 65.463972] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 00007febc6682a04 [ 65.463986] RDX: 0000000000080001 RSI: 00007febc67392eb RDI: 00000000ffffff9c [ 65.464000] RBP: 00007febc67392eb R08: 0000000000000000 R09: 00007ffe1cf701c0 [ 65.464013] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 65.464025] R13: 00007ffe1cf70270 R14: 0000000000000000 R15: 00000000000000f8 [ 65.464067] [ 67.106688] Bluetooth: hci0: command tx timeout [ 67.106699] Bluetooth: hci2: command tx timeout [ 67.108129] Bluetooth: hci1: command tx timeout [ 67.171894] Bluetooth: hci6: command tx timeout [ 67.233911] Bluetooth: hci5: command tx timeout [ 67.234241] Bluetooth: hci4: command tx timeout [ 67.234884] Bluetooth: hci3: command tx timeout [ 67.236372] Bluetooth: hci7: command tx timeout [ 69.154005] Bluetooth: hci0: command tx timeout [ 69.154565] Bluetooth: hci2: command tx timeout [ 69.154864] Bluetooth: hci1: command tx timeout [ 69.220819] Bluetooth: hci6: command tx timeout [ 69.281970] Bluetooth: hci3: command tx timeout [ 69.282343] Bluetooth: hci7: command tx timeout [ 69.282393] Bluetooth: hci5: command tx timeout [ 69.283201] Bluetooth: hci4: command tx timeout [ 71.202432] Bluetooth: hci1: command tx timeout [ 71.202453] Bluetooth: hci0: command tx timeout [ 71.203705] Bluetooth: hci2: command tx timeout [ 71.266915] Bluetooth: hci6: command tx timeout [ 71.329962] Bluetooth: hci4: command tx timeout [ 71.330422] Bluetooth: hci5: command tx timeout [ 71.330464] Bluetooth: hci7: command tx timeout [ 71.331578] Bluetooth: hci3: command tx timeout [ 73.249868] Bluetooth: hci1: command tx timeout [ 73.250326] Bluetooth: hci0: command tx timeout [ 73.250964] Bluetooth: hci2: command tx timeout [ 73.315046] Bluetooth: hci6: command tx timeout [ 73.377868] Bluetooth: hci4: command tx timeout [ 73.378309] Bluetooth: hci3: command tx timeout [ 73.379167] Bluetooth: hci7: command tx timeout [ 73.379562] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 09:47:35 Registers: info registers vcpu 0 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828b54a0 RDI=ffffffff8871ef20 RBP=ffffffff8871eee0 RSP=ffff888038a472c0 R8 =0000000000000001 R9 =ffffed1007148e49 R10=0000000000000000 R11=0000000000000001 R12=0000000000000053 R13=ffffffff8871ef30 R14=ffffffff8871eee0 R15=ffffffff8871f1a0 RIP=ffffffff828b54f5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555591b9d400 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7dc06128e0 CR3=0000000039f19000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=00362e6f732e6362696c2f756e672d78 XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffff888015dafa18 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff81354012 RDI=ffffffff85c1cc40 RBP=ffffffff85c1cc40 RSP=ffff888015daf530 R8 =0000000000000001 R9 =ffff888015daf638 R10=000000000003baa4 R11=00000000000258fa R12=ffffffff81354012 R13=ffff888015daf640 R14=ffff888015daf9f8 R15=ffff888015daf5f8 RIP=ffffffff815abc15 RFL=00000247 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f5776d0a700 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe2c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f60ac8791f0 CR3=000000000c7d2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=725f34656d616e796274736f68746567 XMM02=0000000000000000ffffffffffffff00 XMM03=746f72702f6374652f00656372000a23 XMM04=40404040404040404040404040404040 XMM05=5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a XMM06=20202020202020202020202020202020 XMM07=00000000000000000000000000000000 XMM08=6e61696265642e320000000000000004 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000