Warning: Permanently added '[localhost]:21793' (ECDSA) to the list of known hosts. 2025/07/04 10:56:10 fuzzer started 2025/07/04 10:56:11 dialing manager at localhost:42083 syzkaller login: [ 51.114247] cgroup: Unknown subsys name 'net' [ 51.173298] cgroup: Unknown subsys name 'cpuset' [ 51.200517] cgroup: Unknown subsys name 'rlimit' 2025/07/04 10:56:22 syscalls: 2214 2025/07/04 10:56:22 code coverage: enabled 2025/07/04 10:56:22 comparison tracing: enabled 2025/07/04 10:56:22 extra coverage: enabled 2025/07/04 10:56:22 setuid sandbox: enabled 2025/07/04 10:56:22 namespace sandbox: enabled 2025/07/04 10:56:22 Android sandbox: enabled 2025/07/04 10:56:22 fault injection: enabled 2025/07/04 10:56:22 leak checking: enabled 2025/07/04 10:56:22 net packet injection: enabled 2025/07/04 10:56:22 net device setup: enabled 2025/07/04 10:56:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:56:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:56:22 USB emulation: enabled 2025/07/04 10:56:22 hci packet injection: enabled 2025/07/04 10:56:22 wifi device emulation: enabled 2025/07/04 10:56:22 802.15.4 emulation: enabled 2025/07/04 10:56:22 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:56:22 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:56:23 starting 8 fuzzer processes 10:56:23 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001980)=ANY=[]) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00') 10:56:23 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x53, &(0x7f00000000c0), 0x4) 10:56:23 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d6f4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000008395006fb905454792d9f392427055b7010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000d6f4655fd7f4655fd7f4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000d6f4655fd6f4655fd6f4655f00000000000001002000000010000800000000000af302000400000000000000000000000200000030000000020000000400000032", 0x49, 0x1600}, {&(0x7f0000012700)="111fc0d9", 0x4, 0xc000}, {&(0x7f0000012d00)="2719c0d9", 0x4, 0x10000}], 0x0, &(0x7f0000000040)={[{@debug}]}) 10:56:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x181902, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)={{}, "", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x820) [ 63.131007] audit: type=1400 audit(1751626583.541:7): avc: denied { execmem } for pid=273 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:56:23 executing program 5: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8000) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f00000001c0)={0x2, 0x0, 0x1, 'queue0\x00'}) 10:56:23 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000000)) fcntl$notify(r0, 0x402, 0x28) write$binfmt_script(r0, 0x0, 0x7d) 10:56:23 executing program 6: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000080)="0000000000000000000000c1525201cd8a614beddffb6e9e3afc5ae1325600010040ea835ca27d60c25438658d8e6d18b0", 0x31}], 0x0, 0x0) r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pidfd_send_signal(r0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x200}, 0x0) 10:56:23 executing program 7: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000540)=ANY=[], 0x83) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001040)=""/4096, 0x1000}], 0x1}, 0x160) [ 64.272874] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.275505] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.278326] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.286716] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.289943] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.349320] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.351532] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.353770] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.358623] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.359901] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.361849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.361882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.363095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.371026] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.371108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.372344] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.374446] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.380337] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.383885] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.404618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.411349] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.431237] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.437173] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.440501] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.445153] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.456295] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.458409] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.460642] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.463905] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.464354] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.469080] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.474916] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.476176] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.478494] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.479888] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.484049] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 64.488036] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.489261] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.497977] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.503041] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.845999] [ 64.846598] ============================= [ 64.847407] WARNING: suspicious RCU usage [ 64.848215] 6.16.0-rc4-next-20250704 #1 Not tainted [ 64.849855] ----------------------------- [ 64.851078] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 64.853009] [ 64.853009] other info that might help us debug this: [ 64.853009] [ 64.855668] [ 64.855668] rcu_scheduler_active = 2, debug_locks = 1 [ 64.857527] 3 locks held by syz-executor.4/285: [ 64.858823] #0: ffff88800f646400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 64.860610] #1: ffff88800ba76618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 64.862174] #2: ffff888019342538 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 64.863623] [ 64.863623] stack backtrace: [ 64.864323] CPU: 0 UID: 0 PID: 285 Comm: syz-executor.4 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 64.864350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 64.864362] Call Trace: [ 64.864370] [ 64.864378] dump_stack_lvl+0xfa/0x120 [ 64.864405] lockdep_rcu_suspicious+0x152/0x1c0 [ 64.864432] proc_sys_compare+0x28a/0x340 [ 64.864452] ? __pfx_proc_sys_compare+0x10/0x10 [ 64.864474] d_same_name+0x229/0x2e0 [ 64.864509] d_alloc_parallel+0x7c1/0x1330 [ 64.864545] ? __pfx_d_alloc_parallel+0x10/0x10 [ 64.864571] ? __pfx_default_wake_function+0x10/0x10 [ 64.864602] ? __d_lookup+0x25f/0x490 [ 64.864634] lookup_open.isra.0+0x64f/0x1530 [ 64.864666] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 64.864708] ? mnt_get_write_access+0x81/0x2d0 [ 64.864728] ? mnt_get_write_access+0x1ea/0x2d0 [ 64.864762] path_openat+0xc26/0x2880 [ 64.864800] ? __lock_acquire+0x694/0x1b70 [ 64.864823] ? __pfx_path_openat+0x10/0x10 [ 64.864862] do_filp_open+0x1e8/0x450 [ 64.864892] ? __pfx_do_filp_open+0x10/0x10 [ 64.864934] ? find_held_lock+0x2b/0x80 [ 64.864963] ? alloc_fd+0x2c1/0x560 [ 64.864991] ? lock_release+0xc8/0x290 [ 64.865019] ? alloc_fd+0x2c1/0x560 [ 64.865054] do_sys_openat2+0x104/0x1b0 [ 64.865078] ? __pfx_do_sys_openat2+0x10/0x10 [ 64.865104] ? __fput+0x67b/0xb50 [ 64.865132] __x64_sys_openat+0x142/0x200 [ 64.865156] ? __pfx___x64_sys_openat+0x10/0x10 [ 64.865179] ? __pfx_fput_close_sync+0x10/0x10 [ 64.865214] do_syscall_64+0xbf/0x360 [ 64.865239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.865260] RIP: 0033:0x7fd1db580a04 [ 64.865277] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 64.865296] RSP: 002b:00007fff157d2e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 64.865316] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fd1db580a04 [ 64.865329] RDX: 0000000000080001 RSI: 00007fd1db63729e RDI: 00000000ffffff9c [ 64.865343] RBP: 00007fd1db63729e R08: 0000000000000000 R09: 00007fff157d2e10 [ 64.865355] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 64.865368] R13: 00007fff157d2ec0 R14: 0000000000000000 R15: 00000000000000f8 [ 64.865397] [ 66.369619] Bluetooth: hci0: command tx timeout [ 66.432877] Bluetooth: hci2: command tx timeout [ 66.496866] Bluetooth: hci3: command tx timeout [ 66.497400] Bluetooth: hci1: command tx timeout [ 66.560839] Bluetooth: hci5: command tx timeout [ 66.561384] Bluetooth: hci6: command tx timeout [ 66.562138] Bluetooth: hci7: command tx timeout [ 66.562627] Bluetooth: hci4: command tx timeout [ 68.416948] Bluetooth: hci0: command tx timeout [ 68.481298] Bluetooth: hci2: command tx timeout [ 68.544949] Bluetooth: hci3: command tx timeout [ 68.545677] Bluetooth: hci1: command tx timeout [ 68.608870] Bluetooth: hci4: command tx timeout [ 68.609634] Bluetooth: hci6: command tx timeout [ 68.609791] Bluetooth: hci7: command tx timeout [ 68.610399] Bluetooth: hci5: command tx timeout [ 70.466624] Bluetooth: hci0: command tx timeout [ 70.528835] Bluetooth: hci2: command tx timeout [ 70.592863] Bluetooth: hci1: command tx timeout [ 70.593434] Bluetooth: hci3: command tx timeout [ 70.656976] Bluetooth: hci6: command tx timeout [ 70.657527] Bluetooth: hci7: command tx timeout [ 70.658554] Bluetooth: hci5: command tx timeout [ 70.659235] Bluetooth: hci4: command tx timeout [ 72.512794] Bluetooth: hci0: command tx timeout [ 72.576799] Bluetooth: hci2: command tx timeout [ 72.641471] Bluetooth: hci3: command tx timeout [ 72.641911] Bluetooth: hci1: command tx timeout [ 72.705849] Bluetooth: hci5: command tx timeout [ 72.706272] Bluetooth: hci7: command tx timeout [ 72.706657] Bluetooth: hci4: command tx timeout [ 72.707814] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 10:56:25 Registers: info registers vcpu 0 RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5a45 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff88803421f2b8 R8 =0000000000000000 R9 =ffffed10016d0046 R10=0000000000000034 R11=0000000000000001 R12=0000000000000034 R13=0000000000000010 R14=ffffffff8871dea0 R15=ffffffff828b5a30 RIP=ffffffff828b5a9d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555643ed400 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000562603da2568 CR3=0000000034f1a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffffffffff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=00007fca40bf6af8 RCX=0000000000000001 RDX=000000000000ffff RSI=00007fca40c148f0 RDI=00007fca40c148f0 RBP=00000000066d1f10 RSP=00007fffdf305578 R8 =0000000000000000 R9 =00007fca40bf6af8 R10=00007fca40c04dae R11=0000000000000007 R12=00007fca40ef7510 R13=00007fca409ec030 R14=0000000000000002 R15=00007fca40ef7510 RIP=00007fca40f21224 RFL=00000246 [---Z-P-] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fca409ed540 00000000 00000000 GS =0000 0000000000000000 00000000 00000000 LDT=0000 fffffe2400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fca40ec6000 CR3=000000000db66000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff00000000000000000000000000ff XMM01=4f00305f315f315f4c53534e45504f00 XMM02=315f315f4c53534e45504f00315f315f XMM03=0000000000666c65735f646165726874 XMM04=5f5f006e6f7474736f685f7265687465 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000