[ 39.082095] audit: type=1400 audit(1751626636.652:6): avc: denied { checkpoint_restore } for pid=219 comm="agetty" capability=40 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:35587' (ECDSA) to the list of known hosts. 2025/07/04 10:57:20 fuzzer started 2025/07/04 10:57:21 dialing manager at localhost:42083 syzkaller login: [ 43.639153] cgroup: Unknown subsys name 'net' [ 43.691337] cgroup: Unknown subsys name 'cpuset' [ 43.698140] cgroup: Unknown subsys name 'rlimit' 2025/07/04 10:57:32 syscalls: 2214 2025/07/04 10:57:32 code coverage: enabled 2025/07/04 10:57:32 comparison tracing: enabled 2025/07/04 10:57:32 extra coverage: enabled 2025/07/04 10:57:32 setuid sandbox: enabled 2025/07/04 10:57:32 namespace sandbox: enabled 2025/07/04 10:57:32 Android sandbox: enabled 2025/07/04 10:57:32 fault injection: enabled 2025/07/04 10:57:32 leak checking: enabled 2025/07/04 10:57:32 net packet injection: enabled 2025/07/04 10:57:32 net device setup: enabled 2025/07/04 10:57:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:57:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:57:32 USB emulation: enabled 2025/07/04 10:57:32 hci packet injection: enabled 2025/07/04 10:57:32 wifi device emulation: enabled 2025/07/04 10:57:32 802.15.4 emulation: enabled 2025/07/04 10:57:32 fetching corpus: 0, signal 0/2000 (executing program) 2025/07/04 10:57:32 fetching corpus: 29, signal 22333/23933 (executing program) 2025/07/04 10:57:32 fetching corpus: 60, signal 31446/32419 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36393 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36449 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36502 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36546 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36617 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36674 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36735 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36796 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36859 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36917 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/36987 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/37035 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/37091 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/37145 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/37209 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/37243 (executing program) 2025/07/04 10:57:32 fetching corpus: 77, signal 36162/37243 (executing program) 2025/07/04 10:57:34 starting 8 fuzzer processes 10:57:34 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x5423, &(0x7f0000000880)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:57:34 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3e63, &(0x7f0000000a80)={0x0, 0x0, 0x26}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000b00), &(0x7f0000000b40)) 10:57:34 executing program 2: r0 = fsopen(&(0x7f0000000000)='nfs\x00', 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/203, 0xcb}], 0x1) 10:57:34 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x3, 0x0, &(0x7f00000023c0)) 10:57:34 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e1f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010200)="000000000000000000000007000000000000000000002000200001000000000000000000000000000000000000000000000039", 0x33, 0x540}, {&(0x7f0000010400)="02000000030000000400000030000f000300040000000000000000000f008ec4", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000e1f4655fe2f4655fe2f4655f000000000000040008", 0x1d, 0x4200}, {&(0x7f0000012700)="20000000d4c49a2ed4c49a2e00000000e1f465", 0x13, 0x4282}], 0x0, &(0x7f0000013a00)) [ 57.269261] audit: type=1400 audit(1751626654.841:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:57:34 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000440), 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c05, 0xffffffffffffffff) 10:57:34 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, 0x0, &(0x7f00000000c0)) 10:57:34 executing program 7: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='clear_refs\x00') write$P9_RREAD(r0, &(0x7f0000000000)={0x34, 0x75, 0x0, {0x29, "cc23123dfcd3690ca92b1c6f5adb9ed48af6e6f543ef51f41056cc5396aff1132658fa1fa257b7f861"}}, 0x34) [ 58.545173] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.547977] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.550051] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.554641] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.557517] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.604587] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 58.610094] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 58.612252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 58.615604] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 58.618265] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 58.623417] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 58.631316] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 58.636058] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 58.637787] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 58.640035] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 58.641468] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 58.643373] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 58.644579] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 58.646178] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 58.650998] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 58.653714] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 58.656124] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 58.657805] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 58.660251] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 58.664573] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 58.665569] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 58.669731] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 58.670476] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 58.671571] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 58.673399] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 58.677466] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 58.681691] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 58.699013] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 58.719428] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 58.723940] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 58.726522] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 58.728542] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 58.733196] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 58.770172] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 58.777388] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 59.076933] [ 59.077649] ============================= [ 59.078638] WARNING: suspicious RCU usage [ 59.079408] 6.16.0-rc4-next-20250704 #1 Not tainted [ 59.081371] ----------------------------- [ 59.083049] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 59.086295] [ 59.086295] other info that might help us debug this: [ 59.086295] [ 59.087969] [ 59.087969] rcu_scheduler_active = 2, debug_locks = 1 [ 59.089062] 3 locks held by syz-executor.3/282: [ 59.089807] #0: ffff88800fa52400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 59.091289] #1: ffff88800ba3a618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 59.092912] #2: ffff88801b8c33e8 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 59.094437] [ 59.094437] stack backtrace: [ 59.095187] CPU: 1 UID: 0 PID: 282 Comm: syz-executor.3 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 59.095216] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 59.095230] Call Trace: [ 59.095238] [ 59.095248] dump_stack_lvl+0xfa/0x120 [ 59.095276] lockdep_rcu_suspicious+0x152/0x1c0 [ 59.095305] proc_sys_compare+0x28a/0x340 [ 59.095326] ? __pfx_proc_sys_compare+0x10/0x10 [ 59.095351] d_same_name+0x229/0x2e0 [ 59.095388] d_alloc_parallel+0x7c1/0x1330 [ 59.095427] ? __pfx_d_alloc_parallel+0x10/0x10 [ 59.095455] ? __pfx_default_wake_function+0x10/0x10 [ 59.095489] ? __d_lookup+0x25f/0x490 [ 59.095523] lookup_open.isra.0+0x64f/0x1530 [ 59.095558] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 59.095604] ? mnt_get_write_access+0x81/0x2d0 [ 59.095625] ? mnt_get_write_access+0x1ea/0x2d0 [ 59.095655] path_openat+0xc26/0x2880 [ 59.095696] ? __lock_acquire+0x694/0x1b70 [ 59.095719] ? __pfx_path_openat+0x10/0x10 [ 59.095760] do_filp_open+0x1e8/0x450 [ 59.095791] ? __pfx_do_filp_open+0x10/0x10 [ 59.095835] ? find_held_lock+0x2b/0x80 [ 59.095872] ? alloc_fd+0x2c1/0x560 [ 59.095900] ? lock_release+0xc8/0x290 [ 59.095929] ? alloc_fd+0x2c1/0x560 [ 59.095967] do_sys_openat2+0x104/0x1b0 [ 59.095993] ? __pfx_do_sys_openat2+0x10/0x10 [ 59.096020] ? __fput+0x67b/0xb50 [ 59.096050] __x64_sys_openat+0x142/0x200 [ 59.096076] ? __pfx___x64_sys_openat+0x10/0x10 [ 59.096100] ? __pfx_fput_close_sync+0x10/0x10 [ 59.096137] do_syscall_64+0xbf/0x360 [ 59.096164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.096188] RIP: 0033:0x7f84a0a21a04 [ 59.096206] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 59.096228] RSP: 002b:00007ffd06970920 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 59.096249] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f84a0a21a04 [ 59.096263] RDX: 0000000000080001 RSI: 00007f84a0ad8264 RDI: 00000000ffffff9c [ 59.096277] RBP: 00007f84a0ad8264 R08: 0000000000000000 R09: 00007ffd06970910 [ 59.096291] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 59.096304] R13: 00007ffd069709c0 R14: 0000000000000000 R15: 00000000000000f8 [ 59.096335] [ 60.636619] Bluetooth: hci0: command tx timeout [ 60.700136] Bluetooth: hci6: command tx timeout [ 60.700188] Bluetooth: hci5: command tx timeout [ 60.763995] Bluetooth: hci2: command tx timeout [ 60.764004] Bluetooth: hci1: command tx timeout [ 60.827920] Bluetooth: hci3: command tx timeout [ 60.828218] Bluetooth: hci7: command tx timeout [ 60.891897] Bluetooth: hci4: command tx timeout [ 62.683924] Bluetooth: hci0: command tx timeout [ 62.747977] Bluetooth: hci5: command tx timeout [ 62.748397] Bluetooth: hci6: command tx timeout [ 62.813899] Bluetooth: hci2: command tx timeout [ 62.814023] Bluetooth: hci1: command tx timeout [ 62.875893] Bluetooth: hci7: command tx timeout [ 62.876905] Bluetooth: hci3: command tx timeout [ 62.940009] Bluetooth: hci4: command tx timeout [ 64.731960] Bluetooth: hci0: command tx timeout [ 64.796015] Bluetooth: hci6: command tx timeout [ 64.796476] Bluetooth: hci5: command tx timeout [ 64.860052] Bluetooth: hci1: command tx timeout [ 64.860149] Bluetooth: hci2: command tx timeout [ 64.924768] Bluetooth: hci3: command tx timeout [ 64.925335] Bluetooth: hci7: command tx timeout [ 64.989892] Bluetooth: hci4: command tx timeout [ 66.779906] Bluetooth: hci0: command tx timeout [ 66.843945] Bluetooth: hci5: command tx timeout [ 66.844900] Bluetooth: hci6: command tx timeout [ 66.908041] Bluetooth: hci1: command tx timeout [ 66.908912] Bluetooth: hci2: command tx timeout [ 66.971992] Bluetooth: hci3: command tx timeout [ 66.973015] Bluetooth: hci7: command tx timeout [ 67.037009] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 10:57:36 Registers: info registers vcpu 0 RAX=ffffffff87a7d4c8 RBX=0000000000000200 RCX=0000000000000200 RDX=0000000000000008 RSI=ffff888016b45d28 RDI=ffff888016b45280 RBP=ffff888016b45280 RSP=ffff88801707e708 R8 =0000000000000000 R9 =0000000000000005 R10=0000000000000001 R11=0000000000000000 R12=0000000000000009 R13=0000000000000002 R14=ffff888016b45d28 R15=0000000000000004 RIP=ffffffff81518447 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffad9bbc260 CR3=000000001d124000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828b59b0 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff88800ed4f2c0 R8 =0000000000000001 R9 =ffffed1001da9e49 R10=0000000000000000 R11=0000000000000001 R12=0000000000000059 R13=ffffffff8871def0 R14=ffffffff8871dea0 R15=ffffffff8871e160 RIP=ffffffff828b5a05 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555578218400 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1fcd7cc8e0 CR3=00000000355d1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=00362e6f732e6362696c2f756e672d78 XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000