Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:19184' (ECDSA) to the list of known hosts. 2025/07/01 16:34:25 fuzzer started 2025/07/01 16:34:25 dialing manager at localhost:37637 syzkaller login: [ 52.100582] cgroup: Unknown subsys name 'net' [ 52.169441] cgroup: Unknown subsys name 'cpuset' [ 52.185220] cgroup: Unknown subsys name 'rlimit' 2025/07/01 16:34:37 syscalls: 216 2025/07/01 16:34:37 code coverage: enabled 2025/07/01 16:34:37 comparison tracing: enabled 2025/07/01 16:34:37 extra coverage: enabled 2025/07/01 16:34:37 setuid sandbox: enabled 2025/07/01 16:34:37 namespace sandbox: enabled 2025/07/01 16:34:37 Android sandbox: enabled 2025/07/01 16:34:37 fault injection: enabled 2025/07/01 16:34:37 leak checking: enabled 2025/07/01 16:34:37 net packet injection: enabled 2025/07/01 16:34:37 net device setup: enabled 2025/07/01 16:34:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/01 16:34:37 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/01 16:34:37 USB emulation: enabled 2025/07/01 16:34:37 hci packet injection: enabled 2025/07/01 16:34:37 wifi device emulation: enabled 2025/07/01 16:34:37 802.15.4 emulation: enabled 2025/07/01 16:34:37 fetching corpus: 0, signal 0/0 (executing program) 2025/07/01 16:34:38 starting 8 fuzzer processes 16:34:38 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/sr0', 0x36a80, 0x90) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000080)={@in6={{0xa, 0x4e24, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}}, 0x0, 0x0, 0x28, 0x0, "d3f54f71f72ead421643a0ba6a28f6ada4e9c65a0e34078f2ce98b2223eff795b2e19a5c1a83510ec07d952dd477c94bab89cee9230932c17a4a299a7254cd2db5e4c77267e7083cf340784884a25593"}, 0xd8) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0xc0001, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000001c0)) getsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f0000000280)={0x8001, 0x1ff}) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f00000002c0)=0x3, 0x4) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000340)) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_SEC_KEY(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x50, 0x0, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x180000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000400}, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$net_dm(&(0x7f00000004c0), r4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEV(r5, &(0x7f0000000640)={&(0x7f0000000500), 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x60, r6, 0x28, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0102}}}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000680)) openat$sysfs(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/pci_hotplug', 0x408000, 0x20) perf_event_open$cgroup(&(0x7f0000000740)={0x3, 0x80, 0x3f, 0xff, 0x1f, 0x8, 0x0, 0x7, 0x40820, 0xbc3f6c6c865bae69, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000700), 0x8}, 0x8219, 0x8ab5, 0x8, 0x1, 0x7, 0x2, 0x5e, 0x0, 0xb06f, 0x0, 0xd000000000000000}, 0xffffffffffffffff, 0xc, r2, 0x8) 16:34:38 executing program 1: ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000000)) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000040)) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f00000000c0)=0x5) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/cgroup\x00') ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000140)) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/hid_chicony', 0x101001, 0xc) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000200)={0x2, 0x1}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000240)={0x2, 0x7, 0x1f, 0x0, 0x2}) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x101800, 0x0) ioctl$BLKRAGET(r3, 0x1263, &(0x7f0000000300)) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000340)={0x3}) setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000380)=@ccm_128={{0x304}, "e18800bb323f9d97", "1cef0f7dee8b6e2e5e69e5f81786ef2c", "300d5ad1", "e336096df96668a1"}, 0x28) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000003c0), 0x80001, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r4, 0x54a3) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r4, 0x80605414, &(0x7f0000000400)) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000480)) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000500)=0x1, 0x4) r5 = syz_open_dev$vcsa(&(0x7f0000000540), 0x10000, 0xa8a14b561e616c46) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000580)=0xffffffffffffffff, 0x4) 16:34:38 executing program 2: ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, &(0x7f0000000000)) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4) ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f00000001c0)={0x1, 0x31c, 0x92, &(0x7f0000000100)=""/146}) ioctl$BTRFS_IOC_DEFRAG_RANGE(0xffffffffffffffff, 0x40309410, &(0x7f0000000200)={0xfffffffffffffff7, 0xe4d0, 0x2, 0x3, 0x3, [0x80000001, 0x333, 0x80, 0x7acb]}) bind$802154_dgram(0xffffffffffffffff, &(0x7f0000000240)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0202}}}, 0x14) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000280)=@ccm_128={{0x304}, "d4e7c86f2a7ed623", "426693195f0e70ad8de0d07a0db0f82e", "fb474237", "c39008b7fa850819"}, 0x28) ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000002c0)) getsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000300), &(0x7f0000000340)=0x4) ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f0000000380)={0x1, 0x5}) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl2\x00', 0x0, 0x4, 0x2, 0x7f, 0x5, 0x60, @remote, @ipv4={'\x00', '\xff\xff', @loopback}, 0x20, 0x8029, 0x2, 0x2}}) syncfs(r0) pipe2$9p(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ioctl$BTRFS_IOC_WAIT_SYNC(r2, 0x40089416, &(0x7f00000004c0)) socket$inet6_udplite(0xa, 0x2, 0x88) openat$zero(0xffffffffffffff9c, &(0x7f0000000500), 0x10840, 0x0) semctl$SEM_INFO(0xffffffffffffffff, 0x3, 0x13, &(0x7f0000000540)=""/132) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000680)={'syztnl1\x00', &(0x7f0000000600)={'ip6gre0\x00', r1, 0x4, 0xfb, 0xff, 0xffffffff, 0x4, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7800, 0x7, 0x1, 0x6}}) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000740), &(0x7f0000000780)={'U-', 0x4000}, 0x16, 0x2) 16:34:38 executing program 3: r0 = semget(0x1, 0x3, 0x0) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000000)=""/4096) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000001000)=0x2, 0x4) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000001040), 0xc0400, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000001080)={@in={{0x2, 0x4e24, @loopback}}, 0x0, 0x0, 0xb, 0x0, "c446e4f4f468f829b698a251e608612e19772cd29da95a5b5703700638e35e220939987bc9395f5c9a2a3e4fdc64e57f52da93f99d806a0812928c1a65d902924d73b50db0d67cdbddd4540e5f66b5f9"}, 0xd8) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000001180)={0x0, 0x0}) r3 = gettid() tgkill(r2, r3, 0x41) getsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f0000001200), &(0x7f0000001240)=0x4) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000001280), 0x4) fsetxattr$trusted_overlay_nlink(r1, &(0x7f00000012c0), &(0x7f0000001300)={'U+', 0x547}, 0x16, 0x3) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000001340)=""/250) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001440)='/sys/module/clocksource', 0x2000, 0x156) ioctl$SNDRV_TIMER_IOCTL_TREAD(r4, 0x40045402, &(0x7f0000001480)=0x1) ioctl$BLKRRPART(r1, 0x125f, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000014c0)='lp\x00', 0x3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000001540)={0x6, &(0x7f0000001500)=[{0x1f, 0x20, 0x81, 0x28}, {0x2, 0x40, 0x4, 0x4}, {0x226, 0x3f, 0x8, 0xfffffe01}, {0x8, 0x6, 0xec, 0x101}, {0x1f, 0x6, 0x9, 0x4}, {0x2, 0x0, 0x4, 0x9}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000015c0)={0x1, &(0x7f0000001580)=[{0x3, 0x3f, 0x81, 0x1000}]}) r5 = syz_open_dev$vcsa(&(0x7f0000001600), 0x10, 0x4000) ioctl$sock_inet_tcp_SIOCOUTQ(r5, 0x5411, &(0x7f0000001640)) 16:34:38 executing program 4: ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'sit0\x00', 0x0, 0x4, 0x1f, 0x0, 0x6, 0x40, @private0, @dev={0xfe, 0x80, '\x00', 0x12}, 0x7800, 0x706, 0x7, 0x8}}) r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x1, 0x500) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'ip6tnl0\x00', r0, 0x2f, 0x1, 0x3, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x8000, 0x7800, 0x1, 0xfff}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000240)={'syztnl2\x00', &(0x7f00000001c0)={'syztnl0\x00', r2, 0x4, 0x2, 0x4b, 0x7, 0xc, @mcast2, @mcast1, 0x700, 0x21, 0x4, 0x4}}) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000280)={0x5, 0x3f, 0x1, 0x8, 0x1, [0x2, 0x8001]}) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f00000002c0)={0x6, 0x743}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000300)={0x0, 0x0}) sched_getattr(r4, &(0x7f0000000380)={0x38}, 0x38, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) r5 = syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/time\x00') ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000400)={'sit0\x00', r3, 0x2f, 0x3f, 0x40, 0x9, 0x8, @remote, @local, 0x80, 0x40, 0x80000001, 0x2}}) ioctl$INCFS_IOC_PERMIT_FILL(r5, 0x40046721, &(0x7f00000004c0)={r1}) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000500)={0x5, 0x24, 0x1, 0x2b, 0x1, [0x37f, 0x4, 0x1, 0x2]}) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000540), 0x80000, 0x0) setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f0000000580)=0x3, 0x4) setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f00000005c0)=0x4, 0x4) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000680)={'sit0\x00', &(0x7f0000000600)={'ip6_vti0\x00', r0, 0x4, 0x6, 0x1, 0x8001, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @private1, 0x700, 0x80, 0x2c2, 0x9}}) r7 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x1d, &(0x7f00000006c0), &(0x7f0000000700)=0x14) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, 0x0, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000040) [ 64.359659] audit: type=1400 audit(1751387678.610:7): avc: denied { execmem } for pid=273 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:34:38 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000080)={0x6, 0x95d, 0x37, &(0x7f0000000040)="62099c4a4de471ea758bc84fa31215feffff0536df70b03a705bc2e4122617dd123c940eaf2cd0d02f4ee0e6b4b06a180546ccbc5046e3"}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) read$char_usb(r0, &(0x7f0000000100)=""/156, 0x9c) write$P9_RWRITE(r0, &(0x7f00000001c0)={0xb, 0x77, 0x1, 0x80000001}, 0xb) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x24, &(0x7f0000000200)=0x8, 0x4) r3 = syz_open_dev$vcsa(&(0x7f0000000240), 0x0, 0x82480) ioctl$BLKROTATIONAL(r3, 0x127e, &(0x7f0000000280)) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000300), 0xffffffffffffffff) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000340), 0x80400, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x4c, r4, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40}, @NBD_ATTR_SOCKETS={0x2c, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8, 0x1, r5}, {0x8, 0x1, r3}, {0x8, 0x1, r1}, {0x8, 0x1, r1}]}]}, 0x4c}}, 0x24000094) r6 = openat$sr(0xffffffffffffff9c, &(0x7f0000000480), 0x101000, 0x0) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000004c0), 0x208000) ioctl$INCFS_IOC_PERMIT_FILL(r0, 0x40046721, &(0x7f0000000500)={r7}) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000540), 0x305000) ioctl$BTRFS_IOC_QGROUP_CREATE(r8, 0x4010942a, &(0x7f0000000580)={0x1, 0x10000}) ioctl$IOC_PR_PREEMPT_ABORT(r6, 0x401870cc, &(0x7f00000005c0)={0x5, 0x7f, 0x10001, 0xffffffff}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000600)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000680)={r9, 0x1, r2, 0x1a}) 16:34:38 executing program 6: ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x7a9, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f0000000040)={{0x3, 0x3, 0xb360, 0x3, 0x200}, 0x4, 0xfb4c}) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/consoles\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000100)=""/215) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000200)={{0x0, 0x2, 0x6, 0x2, 0x200}, 0x5, 0x200, 0x1}) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000280)) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/class/usbmon', 0x69a382, 0x82) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) r2 = syz_open_dev$vcsa(&(0x7f0000000300), 0x7, 0xc00) r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000380)='ns/pid\x00') ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x89f9, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x7, 0x4, 0x0, 0x0, @mcast1, @mcast2, 0x8, 0x7, 0x6, 0xffffffea}}) sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x44, 0x0, 0x611e0ca9f4f017b2, 0x70bd2c, 0x25dfdbfe, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_LINK={0x8, 0x1, r4}, @GTPA_PEER_ADDRESS={0x8, 0x4, @private=0xa010100}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_NET_NS_FD={0x8, 0x7, r1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x40004) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000580), 0x10842, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f00000005c0)={0x1, 0x0, 0x7fffffff, 0x0, 0xfff}) getsockopt$WPAN_SECURITY_LEVEL(r2, 0x0, 0x2, &(0x7f0000000600), &(0x7f0000000640)=0x4) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x20, r6, 0x20, 0x70bd25, 0x25dfdbff, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x8002}, 0x40810) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000007c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$INCFS_IOC_PERMIT_FILL(r1, 0x40046721, &(0x7f0000000800)={r7}) 16:34:38 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40001) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000040)={{0x1, 0x1, 0x4dc, 0x2, 0x1ff}, 0x4, 0x5, 'id1\x00', 'timer1\x00', 0x0, 0x5, 0xa, 0xcc9, 0x8000}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000180)={0x7fa287466f0d1519, 0x1, 0x1, 0x3, 0xffffffff}) write$P9_RWRITE(r1, &(0x7f00000001c0)={0xb, 0x77, 0x1, 0x3}, 0xb) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000240)={0x2, 0x2, 0x54e, 0x1, 0x6}) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r3, 0x40309410, &(0x7f0000000280)={0x3, 0x80, 0x0, 0x2, 0x0, [0x8, 0x8001, 0xbf4]}) setsockopt$WPAN_WANTLQI(r1, 0x0, 0x3, &(0x7f00000002c0), 0x4) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000300)=@gcm_128={{0x303}, "3e517cac97aec337", "c69d4e2d1a47463ce5ca2cf88e480112", "28e2bbdf", "ffa908160be84a5c"}, 0x28) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, &(0x7f0000000340)) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) syncfs(r3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f00000003c0)) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000440)=@gcm_256={{0x304}, "a19461022e97a20a", "9553365f955e810ca6a7a37534814ac26544b23b42037dc8c4f662512da461b2", "84a0eab3", "258b40e0762a48cb"}, 0x38) setsockopt$inet_tcp_buf(r3, 0x6, 0xd, &(0x7f0000000480)="dffad6f8f4e114f165bbc3cdd2fda376ca67b8eb447edd414138fd", 0x1b) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000500)=@gcm_128={{0x304}, "c4db7ced91a69301", "bcf2aa11f200200457e89a8f01c28b18", "43e714fc", "f2f0bed79a5ff4b2"}, 0x28) [ 65.653854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.659105] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.661445] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.663405] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.665970] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.670597] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.671849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.675722] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.678937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.684465] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.699099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.722755] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.724163] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.724549] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.726188] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.730593] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.732224] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.742357] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.744901] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.747031] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.748771] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.752532] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.763494] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.763523] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.775872] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.776578] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.778633] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.781133] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.782600] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.785740] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.787795] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.793765] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.799728] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.805949] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.807113] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.808793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.821458] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.822560] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.837991] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.845892] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 66.207023] [ 66.207761] ============================= [ 66.208513] WARNING: suspicious RCU usage [ 66.209080] 6.16.0-rc4-next-20250701 #1 Not tainted [ 66.210562] ----------------------------- [ 66.212216] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 66.214896] [ 66.214896] other info that might help us debug this: [ 66.214896] [ 66.217525] [ 66.217525] rcu_scheduler_active = 2, debug_locks = 1 [ 66.219400] 3 locks held by syz-executor.1/285: [ 66.220037] #0: ffff88800f526400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 66.221279] #1: ffff8880092ce618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 66.222672] #2: ffff88801c3b03c0 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 66.223964] [ 66.223964] stack backtrace: [ 66.224617] CPU: 0 UID: 0 PID: 285 Comm: syz-executor.1 Not tainted 6.16.0-rc4-next-20250701 #1 PREEMPT(voluntary) [ 66.224644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 66.224656] Call Trace: [ 66.224664] [ 66.224672] dump_stack_lvl+0xfa/0x120 [ 66.224709] lockdep_rcu_suspicious+0x152/0x1c0 [ 66.224735] proc_sys_compare+0x28a/0x340 [ 66.224756] ? __pfx_proc_sys_compare+0x10/0x10 [ 66.224778] d_same_name+0x229/0x2e0 [ 66.224801] d_alloc_parallel+0x7c1/0x1330 [ 66.224838] ? __pfx_d_alloc_parallel+0x10/0x10 [ 66.224865] ? __pfx_default_wake_function+0x10/0x10 [ 66.224895] ? __d_lookup+0x25f/0x490 [ 66.224928] lookup_open.isra.0+0x64f/0x1530 [ 66.224961] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 66.225004] ? mnt_get_write_access+0x81/0x2d0 [ 66.225025] ? mnt_get_write_access+0x1ea/0x2d0 [ 66.225054] path_openat+0xc26/0x2880 [ 66.225093] ? __lock_acquire+0x694/0x1b70 [ 66.225114] ? __pfx_path_openat+0x10/0x10 [ 66.225153] do_filp_open+0x1e8/0x450 [ 66.225182] ? __pfx_do_filp_open+0x10/0x10 [ 66.225223] ? find_held_lock+0x2b/0x80 [ 66.225251] ? alloc_fd+0x2c1/0x560 [ 66.225278] ? lock_release+0xc8/0x290 [ 66.225305] ? alloc_fd+0x2c1/0x560 [ 66.225348] do_sys_openat2+0x104/0x1b0 [ 66.225373] ? __pfx_do_sys_openat2+0x10/0x10 [ 66.225398] ? rcu_read_unlock+0x2d/0xb0 [ 66.225420] ? lock_release+0xc8/0x290 [ 66.225447] __x64_sys_openat+0x142/0x200 [ 66.225472] ? __pfx___x64_sys_openat+0x10/0x10 [ 66.225502] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 66.225539] do_syscall_64+0xbf/0x360 [ 66.225561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.225583] RIP: 0033:0x7ff9488dea04 [ 66.225599] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 66.225618] RSP: 002b:00007fff053aa2b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 66.225637] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007ff9488dea04 [ 66.225651] RDX: 0000000000080001 RSI: 00007ff948984f61 RDI: 00000000ffffff9c [ 66.225664] RBP: 00007ff948984f61 R08: 0000000000000000 R09: 00007fff053aa2a0 [ 66.225677] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 66.225689] R13: 00007fff053aa350 R14: 0000000000000000 R15: 00000000000000f8 [ 66.225717] [ 67.746876] Bluetooth: hci0: command tx timeout [ 67.746883] Bluetooth: hci1: command tx timeout [ 67.810696] Bluetooth: hci4: command tx timeout [ 67.811543] Bluetooth: hci6: command tx timeout [ 67.874788] Bluetooth: hci5: command tx timeout [ 67.875569] Bluetooth: hci3: command tx timeout [ 67.876119] Bluetooth: hci2: command tx timeout [ 67.941542] Bluetooth: hci7: command tx timeout [ 69.794404] Bluetooth: hci0: command tx timeout [ 69.794879] Bluetooth: hci1: command tx timeout [ 69.858564] Bluetooth: hci4: command tx timeout [ 69.859048] Bluetooth: hci6: command tx timeout [ 69.922644] Bluetooth: hci2: command tx timeout [ 69.923136] Bluetooth: hci5: command tx timeout [ 69.923545] Bluetooth: hci3: command tx timeout [ 69.986539] Bluetooth: hci7: command tx timeout [ 71.843375] Bluetooth: hci1: command tx timeout [ 71.843818] Bluetooth: hci0: command tx timeout [ 71.906432] Bluetooth: hci6: command tx timeout [ 71.906511] Bluetooth: hci4: command tx timeout [ 71.970430] Bluetooth: hci3: command tx timeout [ 71.970572] Bluetooth: hci2: command tx timeout [ 71.970831] Bluetooth: hci5: command tx timeout [ 72.034423] Bluetooth: hci7: command tx timeout [ 73.891406] Bluetooth: hci0: command tx timeout [ 73.891493] Bluetooth: hci1: command tx timeout [ 73.954434] Bluetooth: hci6: command tx timeout [ 73.957372] Bluetooth: hci4: command tx timeout [ 74.018428] Bluetooth: hci2: command tx timeout [ 74.018445] Bluetooth: hci3: command tx timeout [ 74.019890] Bluetooth: hci5: command tx timeout [ 74.083380] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 16:34:40 Registers: info registers vcpu 0 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b9285 RDI=ffffffff8871efa0 RBP=ffffffff8871ef60 RSP=ffff88802bdcf2b8 R8 =0000000000000000 R9 =ffffed10014e9046 R10=0000000000000065 R11=0000000000000001 R12=0000000000000065 R13=0000000000000010 R14=ffffffff8871ef60 R15=ffffffff828b9270 RIP=ffffffff828b92dd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555588668400 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffe11152ff8 CR3=0000000030bb3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=747269762d736563697665642d737973 XMM02=00000000000000000000000000000000 XMM03=00000000ff00ff000000000000000000 XMM04=2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e XMM05=00000000ffffffff000055d1f4471220 XMM06=697665640031006563697665642e3369 XMM07=00000000000000000000000000000000 XMM08=65646362613938373635343332313040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffff8880e56f2000 RCX=0000000000000001 RDX=0000000000000000 RSI=ffff888034357b80 RDI=ffff88806cf31850 RBP=ffff888034350000 RSP=ffff888034357868 R8 =0000000000000001 R9 =ffff888034357928 R10=000000000003bae4 R11=00000000000230cf R12=ffff888034357c01 R13=ffff888034357930 R14=ffff888034357b80 R15=ffff8880343578e8 RIP=ffffffff815abc54 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f096418f8e0 CR3=0000000033633000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=00362e6f732e6362696c2f756e672d78 XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000