Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:52739' (ECDSA) to the list of known hosts. 2025/07/04 10:56:02 fuzzer started 2025/07/04 10:56:02 dialing manager at localhost:42083 syzkaller login: [ 50.374480] cgroup: Unknown subsys name 'net' [ 50.419339] cgroup: Unknown subsys name 'cpuset' [ 50.437594] cgroup: Unknown subsys name 'rlimit' 2025/07/04 10:56:12 syscalls: 2214 2025/07/04 10:56:12 code coverage: enabled 2025/07/04 10:56:12 comparison tracing: enabled 2025/07/04 10:56:12 extra coverage: enabled 2025/07/04 10:56:12 setuid sandbox: enabled 2025/07/04 10:56:12 namespace sandbox: enabled 2025/07/04 10:56:12 Android sandbox: enabled 2025/07/04 10:56:12 fault injection: enabled 2025/07/04 10:56:12 leak checking: enabled 2025/07/04 10:56:12 net packet injection: enabled 2025/07/04 10:56:12 net device setup: enabled 2025/07/04 10:56:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:56:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:56:12 USB emulation: enabled 2025/07/04 10:56:12 hci packet injection: enabled 2025/07/04 10:56:12 wifi device emulation: enabled 2025/07/04 10:56:12 802.15.4 emulation: enabled 2025/07/04 10:56:12 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:56:12 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:56:13 starting 8 fuzzer processes 10:56:13 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000380)={0x2, &(0x7f0000000340)=[{0x4}, {0x6}]}) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, 0x0) 10:56:13 executing program 3: clone(0x13aab180, 0x0, 0x0, 0x0, 0x0) 10:56:13 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 10:56:13 executing program 1: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x660c, 0x0) 10:56:13 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, &(0x7f0000000500)) 10:56:13 executing program 6: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_FONT(r0, 0x4b60, 0x0) 10:56:13 executing program 7: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x44000) r2 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r2, &(0x7f0000000b80)=[{&(0x7f00000008c0)='!', 0x1}], 0x1, 0x0, 0x0, 0x4) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fsetxattr$security_capability(r2, &(0x7f00000000c0), 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x5) [ 60.975065] audit: type=1400 audit(1751626573.336:7): avc: denied { execmem } for pid=284 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:56:13 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000003c80)={&(0x7f00000039c0), 0xc, &(0x7f0000003c40)={0x0}}, 0x0) [ 62.229565] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.231007] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.233953] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.234779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.239541] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 62.240716] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.241797] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.243553] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.244155] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 62.244821] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.248017] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.249025] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.249608] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 62.250263] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.250881] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 62.251648] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.252835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.253858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.254806] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.255444] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 62.259253] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.260462] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.261830] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 62.264944] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.266214] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.268986] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.270047] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.270897] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 62.283396] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.290303] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 62.290367] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 62.292453] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.294373] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.298362] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.302919] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 62.303715] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 62.303856] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 62.323497] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 62.327493] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 62.359363] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 62.626263] [ 62.626829] ============================= [ 62.627580] WARNING: suspicious RCU usage [ 62.628379] 6.16.0-rc4-next-20250704 #1 Not tainted [ 62.632930] ----------------------------- [ 62.636129] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 62.637225] [ 62.637225] other info that might help us debug this: [ 62.637225] [ 62.638414] [ 62.638414] rcu_scheduler_active = 2, debug_locks = 1 [ 62.639410] 3 locks held by syz-executor.3/296: [ 62.640134] #0: ffff88800fb6c400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 62.641474] #1: ffff88800bf7a618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 62.642961] #2: ffff88800bc74c90 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 62.644374] [ 62.644374] stack backtrace: [ 62.645048] CPU: 1 UID: 0 PID: 296 Comm: syz-executor.3 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 62.645080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 62.645093] Call Trace: [ 62.645100] [ 62.645109] dump_stack_lvl+0xfa/0x120 [ 62.645136] lockdep_rcu_suspicious+0x152/0x1c0 [ 62.645162] proc_sys_compare+0x28a/0x340 [ 62.645183] ? __pfx_proc_sys_compare+0x10/0x10 [ 62.645205] d_same_name+0x229/0x2e0 [ 62.645240] d_alloc_parallel+0x7c1/0x1330 [ 62.645275] ? __pfx_d_alloc_parallel+0x10/0x10 [ 62.645301] ? __pfx_default_wake_function+0x10/0x10 [ 62.645333] ? __d_lookup+0x25f/0x490 [ 62.645364] lookup_open.isra.0+0x64f/0x1530 [ 62.645397] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 62.645440] ? mnt_get_write_access+0x81/0x2d0 [ 62.645459] ? mnt_get_write_access+0x1ea/0x2d0 [ 62.645487] path_openat+0xc26/0x2880 [ 62.645525] ? __lock_acquire+0x694/0x1b70 [ 62.645547] ? __pfx_path_openat+0x10/0x10 [ 62.645585] do_filp_open+0x1e8/0x450 [ 62.645614] ? __pfx_do_filp_open+0x10/0x10 [ 62.645654] ? find_held_lock+0x2b/0x80 [ 62.645682] ? alloc_fd+0x2c1/0x560 [ 62.645709] ? lock_release+0xc8/0x290 [ 62.645735] ? alloc_fd+0x2c1/0x560 [ 62.645771] do_sys_openat2+0x104/0x1b0 [ 62.645795] ? __pfx_do_sys_openat2+0x10/0x10 [ 62.645820] ? __fput+0x67b/0xb50 [ 62.645848] __x64_sys_openat+0x142/0x200 [ 62.645873] ? __pfx___x64_sys_openat+0x10/0x10 [ 62.645895] ? __pfx_fput_close_sync+0x10/0x10 [ 62.645930] do_syscall_64+0xbf/0x360 [ 62.645955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.645976] RIP: 0033:0x7f4180a59a04 [ 62.645993] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 62.646012] RSP: 002b:00007ffcf94d9ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 62.646032] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f4180a59a04 [ 62.646045] RDX: 0000000000080001 RSI: 00007f4180b102bb RDI: 00000000ffffff9c [ 62.646058] RBP: 00007f4180b102bb R08: 0000000000000000 R09: 00007ffcf94d9ec0 [ 62.646071] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 62.646084] R13: 00007ffcf94d9f70 R14: 0000000000000000 R15: 00000000000000f8 [ 62.646112] [ 64.316803] Bluetooth: hci4: command tx timeout [ 64.318657] Bluetooth: hci3: command tx timeout [ 64.380164] Bluetooth: hci0: command tx timeout [ 64.381244] Bluetooth: hci5: command tx timeout [ 64.381806] Bluetooth: hci1: command tx timeout [ 64.382651] Bluetooth: hci6: command tx timeout [ 64.383491] Bluetooth: hci2: command tx timeout [ 64.444134] Bluetooth: hci7: command tx timeout [ 66.364255] Bluetooth: hci3: command tx timeout [ 66.365290] Bluetooth: hci4: command tx timeout [ 66.428138] Bluetooth: hci0: command tx timeout [ 66.428561] Bluetooth: hci2: command tx timeout [ 66.428589] Bluetooth: hci1: command tx timeout [ 66.429042] Bluetooth: hci5: command tx timeout [ 66.430246] Bluetooth: hci6: command tx timeout [ 66.494162] Bluetooth: hci7: command tx timeout [ 68.413208] Bluetooth: hci4: command tx timeout [ 68.413646] Bluetooth: hci3: command tx timeout [ 68.476156] Bluetooth: hci1: command tx timeout [ 68.476551] Bluetooth: hci6: command tx timeout [ 68.476928] Bluetooth: hci2: command tx timeout [ 68.477903] Bluetooth: hci5: command tx timeout [ 68.478323] Bluetooth: hci0: command tx timeout [ 68.540118] Bluetooth: hci7: command tx timeout [ 70.460156] Bluetooth: hci4: command tx timeout [ 70.460598] Bluetooth: hci3: command tx timeout [ 70.524676] Bluetooth: hci5: command tx timeout [ 70.525209] Bluetooth: hci0: command tx timeout [ 70.525682] Bluetooth: hci2: command tx timeout [ 70.526319] Bluetooth: hci6: command tx timeout [ 70.526698] Bluetooth: hci1: command tx timeout [ 70.588133] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 10:56:15 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffff88801604fda8 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff81354012 RDI=ffffffff85c1cc40 RBP=ffff888016048000 RSP=ffff88801604f138 R8 =0000000000000001 R9 =ffff88801604f208 R10=000000000003ba94 R11=0000000000021615 R12=ffff88801604f201 R13=ffff88801604f210 R14=ffff88801604fd78 R15=ffff88801604f1c8 RIP=ffffffff8151ad5a RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f24f1e91368 CR3=000000000d07f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828b59b0 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff888016ccf220 R8 =0000000000000000 R9 =ffffed100151f046 R10=00000000000fe503 R11=0000000000000001 R12=0000000000000823 R13=0000000000000060 R14=fffffbfff10e3c2e R15=dffffc0000000000 RIP=ffffffff828b5a05 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555567a83400 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fca2a0cb6f4 CR3=0000000034087000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fca2a0da47000007fca2a0d9f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000