Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:29894' (ECDSA) to the list of known hosts. 2025/07/04 10:56:31 fuzzer started 2025/07/04 10:56:31 dialing manager at localhost:42083 syzkaller login: [ 50.739681] cgroup: Unknown subsys name 'net' [ 50.809613] cgroup: Unknown subsys name 'cpuset' [ 50.830532] cgroup: Unknown subsys name 'rlimit' 2025/07/04 10:56:42 syscalls: 2214 2025/07/04 10:56:42 code coverage: enabled 2025/07/04 10:56:42 comparison tracing: enabled 2025/07/04 10:56:42 extra coverage: enabled 2025/07/04 10:56:42 setuid sandbox: enabled 2025/07/04 10:56:42 namespace sandbox: enabled 2025/07/04 10:56:42 Android sandbox: enabled 2025/07/04 10:56:42 fault injection: enabled 2025/07/04 10:56:42 leak checking: enabled 2025/07/04 10:56:42 net packet injection: enabled 2025/07/04 10:56:42 net device setup: enabled 2025/07/04 10:56:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:56:42 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:56:42 USB emulation: enabled 2025/07/04 10:56:42 hci packet injection: enabled 2025/07/04 10:56:42 wifi device emulation: enabled 2025/07/04 10:56:42 802.15.4 emulation: enabled 2025/07/04 10:56:42 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:56:42 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:56:43 starting 8 fuzzer processes 10:56:43 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6}, 0xe) 10:56:43 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') openat$incfs(r0, &(0x7f0000000140)='.pending_reads\x00', 0x0, 0x0) 10:56:43 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='oom_score_adj\x00') writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)="be", 0x1}], 0x1) 10:56:43 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x24, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x90) sendmsg(r0, &(0x7f0000000280)={&(0x7f00000000c0)=@nl=@unspec, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="866369ed15bf241db3222862d749dac5bfd1325d", 0x14}, {&(0x7f00000001c0)="4150fbb84c8ccf532ef9cc28fdaf31f0dbee28b8", 0x14}], 0x2}, 0x0) 10:56:43 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x4) [ 62.561962] audit: type=1400 audit(1751626603.926:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:56:43 executing program 5: uname(&(0x7f0000019080)=""/4096) 10:56:43 executing program 6: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000240)="601c6d6b646f73661fe41100080101180240002000f801", 0x17}, {0x0, 0x0, 0x800}], 0x0, &(0x7f00000000c0)={[{@fat=@check_strict}]}) 10:56:43 executing program 7: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0), 0x4) syz_emit_ethernet(0x22, &(0x7f0000000080)={@local, @multicast, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "ed01ce658378b714"}}}}, 0x0) [ 63.851254] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.858169] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.860872] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.864968] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.869971] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.876272] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.877997] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.879672] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.881923] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.885080] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.891550] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.897862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.900570] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.902772] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.920694] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.922054] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.935323] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.936649] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 63.942885] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 63.944434] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 63.947695] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 63.948554] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 63.950612] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 63.956149] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 63.957241] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 63.958372] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.960283] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 63.960742] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 63.962324] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 63.965750] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.973308] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 63.973628] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 63.978567] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.979763] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 63.979919] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 63.982654] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 63.986165] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 63.986649] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.995750] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.004838] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.041429] [ 64.041977] ============================= [ 64.042625] WARNING: suspicious RCU usage [ 64.043225] 6.16.0-rc4-next-20250704 #1 Not tainted [ 64.047484] ----------------------------- [ 64.050492] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 64.051610] [ 64.051610] other info that might help us debug this: [ 64.051610] [ 64.052802] [ 64.052802] rcu_scheduler_active = 2, debug_locks = 1 [ 64.053784] 3 locks held by syz-executor.3/283: [ 64.054482] #0: ffff88800f22c400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 64.055803] #1: ffff888009336618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 64.057285] #2: ffff88801b930538 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 64.058639] [ 64.058639] stack backtrace: [ 64.059287] CPU: 0 UID: 0 PID: 283 Comm: syz-executor.3 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 64.059314] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 64.059326] Call Trace: [ 64.059334] [ 64.059342] dump_stack_lvl+0xfa/0x120 [ 64.059369] lockdep_rcu_suspicious+0x152/0x1c0 [ 64.059402] proc_sys_compare+0x28a/0x340 [ 64.059423] ? __pfx_proc_sys_compare+0x10/0x10 [ 64.059446] d_same_name+0x229/0x2e0 [ 64.059481] d_alloc_parallel+0x7c1/0x1330 [ 64.059517] ? __pfx_d_alloc_parallel+0x10/0x10 [ 64.059543] ? __pfx_default_wake_function+0x10/0x10 [ 64.059575] ? __d_lookup+0x25f/0x490 [ 64.059606] lookup_open.isra.0+0x64f/0x1530 [ 64.059638] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 64.059681] ? mnt_get_write_access+0x81/0x2d0 [ 64.059701] ? mnt_get_write_access+0x1ea/0x2d0 [ 64.059729] path_openat+0xc26/0x2880 [ 64.059767] ? __lock_acquire+0x694/0x1b70 [ 64.059789] ? __pfx_path_openat+0x10/0x10 [ 64.059827] do_filp_open+0x1e8/0x450 [ 64.059856] ? __pfx_do_filp_open+0x10/0x10 [ 64.059897] ? find_held_lock+0x2b/0x80 [ 64.059925] ? alloc_fd+0x2c1/0x560 [ 64.059951] ? lock_release+0xc8/0x290 [ 64.059978] ? alloc_fd+0x2c1/0x560 [ 64.060014] do_sys_openat2+0x104/0x1b0 [ 64.060038] ? __pfx_do_sys_openat2+0x10/0x10 [ 64.060064] ? __fput+0x67b/0xb50 [ 64.060092] __x64_sys_openat+0x142/0x200 [ 64.060116] ? __pfx___x64_sys_openat+0x10/0x10 [ 64.060139] ? __pfx_fput_close_sync+0x10/0x10 [ 64.060173] do_syscall_64+0xbf/0x360 [ 64.060198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.060221] RIP: 0033:0x7fa1e9830a04 [ 64.060238] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 64.060257] RSP: 002b:00007fff0b431930 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 64.060277] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa1e9830a04 [ 64.060290] RDX: 0000000000080001 RSI: 00007fa1e98e7286 RDI: 00000000ffffff9c [ 64.060304] RBP: 00007fa1e98e7286 R08: 0000000000000000 R09: 00007fff0b431920 [ 64.060317] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 64.060329] R13: 00007fff0b4319d0 R14: 0000000000000000 R15: 00000000000000f8 [ 64.060358] [ 65.943527] Bluetooth: hci0: command tx timeout [ 66.008233] Bluetooth: hci4: command tx timeout [ 66.009061] Bluetooth: hci2: command tx timeout [ 66.010509] Bluetooth: hci1: command tx timeout [ 66.070527] Bluetooth: hci3: command tx timeout [ 66.071215] Bluetooth: hci7: command tx timeout [ 66.072343] Bluetooth: hci5: command tx timeout [ 66.072983] Bluetooth: hci6: command tx timeout [ 67.992411] Bluetooth: hci0: command tx timeout [ 68.057425] Bluetooth: hci2: command tx timeout [ 68.057853] Bluetooth: hci4: command tx timeout [ 68.058231] Bluetooth: hci1: command tx timeout [ 68.119454] Bluetooth: hci5: command tx timeout [ 68.119879] Bluetooth: hci6: command tx timeout [ 68.120259] Bluetooth: hci7: command tx timeout [ 68.120674] Bluetooth: hci3: command tx timeout [ 70.038980] Bluetooth: hci0: command tx timeout [ 70.103569] Bluetooth: hci1: command tx timeout [ 70.104032] Bluetooth: hci4: command tx timeout [ 70.105296] Bluetooth: hci2: command tx timeout [ 70.166519] Bluetooth: hci5: command tx timeout [ 70.167083] Bluetooth: hci3: command tx timeout [ 70.167624] Bluetooth: hci7: command tx timeout [ 70.168115] Bluetooth: hci6: command tx timeout [ 72.086502] Bluetooth: hci0: command tx timeout [ 72.151528] Bluetooth: hci2: command tx timeout [ 72.152342] Bluetooth: hci4: command tx timeout [ 72.153227] Bluetooth: hci1: command tx timeout [ 72.214594] Bluetooth: hci6: command tx timeout [ 72.215647] Bluetooth: hci7: command tx timeout [ 72.217459] Bluetooth: hci3: command tx timeout [ 72.218215] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 10:56:45 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828b59b0 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff88803174f220 R8 =0000000000000000 R9 =ffffed10014ed046 R10=00000000000fe503 R11=0000000000000001 R12=0000000000000823 R13=0000000000000060 R14=fffffbfff10e3c2e R15=dffffc0000000000 RIP=ffffffff828b5a05 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055556317f400 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f741cae18b0 CR3=000000003440e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffff0000000000 XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=216811e83e4b7a00 RBX=0000000000000000 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff85c1cc40 RBP=ffffffff85c1cc40 RSP=ffff88803459f770 R8 =0000000000000000 R9 =0000000000000000 R10=000000000003ba94 R11=00000000000230e7 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=ffff88803459f858 RIP=ffffffff8151b0d2 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555799fc400 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe0600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055ebb02623c0 CR3=0000000034418000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000000000000000ff XMM02=000000000000000000000000000000ff XMM03=7465756c42205d3833383430302e3436 XMM04=636f72703d7373616c63742030733a74 XMM05=3a755f6d65747379733d747865746e6f XMM06=5f6d65747379733a755f6d6574737973 XMM07=00000000000000000000000000000000 XMM08=756c42205d3035373539392e33362000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000