Warning: Permanently added '[localhost]:1569' (ECDSA) to the list of known hosts. 2025/07/01 09:14:08 fuzzer started 2025/07/01 09:14:08 dialing manager at localhost:37637 2025/07/01 09:14:08 checking machine... 2025/07/01 09:14:08 checking revisions... syzkaller login: [ 50.339667] kmemleak: Automatic memory scanning thread ended 2025/07/01 09:14:08 testing simple program... [ 50.415967] cgroup: Unknown subsys name 'net' [ 50.493331] cgroup: Unknown subsys name 'cpuset' [ 50.520789] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 60.376787] audit: type=1400 audit(1751361259.027:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 61.498360] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.500887] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.504787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.510954] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.513476] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 63.530796] Bluetooth: hci0: command tx timeout executing program [ 65.579026] Bluetooth: hci0: command tx timeout [ 67.626203] Bluetooth: hci0: command tx timeout executing program [ 69.674166] Bluetooth: hci0: command tx timeout executing program executing program [ 77.186324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.187924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 77.254053] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.255466] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/01 09:14:36 building call list... executing program [ 81.036946] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.815590] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list executing program 2025/07/01 09:14:44 syscalls: 2214 2025/07/01 09:14:44 code coverage: enabled 2025/07/01 09:14:44 comparison tracing: enabled 2025/07/01 09:14:44 extra coverage: enabled 2025/07/01 09:14:44 setuid sandbox: enabled 2025/07/01 09:14:44 namespace sandbox: enabled 2025/07/01 09:14:44 Android sandbox: enabled 2025/07/01 09:14:44 fault injection: enabled 2025/07/01 09:14:44 leak checking: enabled 2025/07/01 09:14:44 net packet injection: enabled 2025/07/01 09:14:44 net device setup: enabled 2025/07/01 09:14:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/01 09:14:44 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/01 09:14:44 USB emulation: enabled 2025/07/01 09:14:44 hci packet injection: enabled 2025/07/01 09:14:44 wifi device emulation: enabled 2025/07/01 09:14:44 802.15.4 emulation: enabled 2025/07/01 09:14:44 fetching corpus: 0, signal 0/0 (executing program) 2025/07/01 09:14:44 fetching corpus: 0, signal 0/0 (executing program) 2025/07/01 09:14:46 starting 8 fuzzer processes 09:14:46 executing program 0: r0 = getpid() prlimit64(r0, 0x0, &(0x7f00000000c0), 0x0) 09:14:46 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000001200)={@private1, 0x10000, 0x0, 0xff, 0x1}, 0x20) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000, 0x0, 0x1}, 0x20) 09:14:46 executing program 2: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) 09:14:46 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x13) 09:14:46 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='task\x00') getdents(r0, &(0x7f0000000040)=""/211, 0xd3) 09:14:46 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/252, 0xffffff92) 09:14:46 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000000080), 0x4) 09:14:46 executing program 7: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={[{}, {@subsystem='blkio'}]}) [ 89.082703] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.084839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.087945] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.095691] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.100581] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.150343] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.152382] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.154344] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.165344] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.178377] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.220924] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.239001] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.241148] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.245476] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.250248] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.255575] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.257591] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.262041] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.263755] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.264180] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.265268] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.267695] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.271735] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.274360] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.276692] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.278255] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.278959] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.283172] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.284937] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.291838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.294474] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.299459] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.315579] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.317739] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.323776] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.328364] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.337214] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 89.339458] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.343188] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.354230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.682150] [ 89.682888] ============================= [ 89.683697] WARNING: suspicious RCU usage [ 89.684499] 6.16.0-rc4-next-20250701 #1 Not tainted [ 89.685698] ----------------------------- [ 89.687019] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 89.689257] [ 89.689257] other info that might help us debug this: [ 89.689257] [ 89.691573] [ 89.691573] rcu_scheduler_active = 2, debug_locks = 1 [ 89.694047] 3 locks held by syz-executor.3/849: [ 89.695742] #0: ffff88800f624400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 89.697861] #1: ffff88800ba82618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 89.699729] #2: ffff888019873270 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 89.701106] [ 89.701106] stack backtrace: [ 89.701760] CPU: 1 UID: 0 PID: 849 Comm: syz-executor.3 Not tainted 6.16.0-rc4-next-20250701 #1 PREEMPT(voluntary) [ 89.701786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 89.701798] Call Trace: [ 89.701806] [ 89.701814] dump_stack_lvl+0xfa/0x120 [ 89.701849] lockdep_rcu_suspicious+0x152/0x1c0 [ 89.701876] proc_sys_compare+0x28a/0x340 [ 89.701896] ? __pfx_proc_sys_compare+0x10/0x10 [ 89.701918] d_same_name+0x229/0x2e0 [ 89.701941] d_alloc_parallel+0x7c1/0x1330 [ 89.701977] ? __pfx_d_alloc_parallel+0x10/0x10 [ 89.702005] ? __pfx_default_wake_function+0x10/0x10 [ 89.702035] ? __d_lookup+0x25f/0x490 [ 89.702068] lookup_open.isra.0+0x64f/0x1530 [ 89.702107] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 89.702150] ? mnt_get_write_access+0x81/0x2d0 [ 89.702170] ? mnt_get_write_access+0x1ea/0x2d0 [ 89.702199] path_openat+0xc26/0x2880 [ 89.702238] ? __lock_acquire+0x694/0x1b70 [ 89.702259] ? __pfx_path_openat+0x10/0x10 [ 89.702298] do_filp_open+0x1e8/0x450 [ 89.702328] ? __pfx_do_filp_open+0x10/0x10 [ 89.702369] ? find_held_lock+0x2b/0x80 [ 89.702396] ? alloc_fd+0x2c1/0x560 [ 89.702423] ? lock_release+0xc8/0x290 [ 89.702450] ? alloc_fd+0x2c1/0x560 [ 89.702486] do_sys_openat2+0x104/0x1b0 [ 89.702511] ? __pfx_do_sys_openat2+0x10/0x10 [ 89.702536] ? rcu_read_unlock+0x2d/0xb0 [ 89.702558] ? lock_release+0xc8/0x290 [ 89.702585] __x64_sys_openat+0x142/0x200 [ 89.702610] ? __pfx___x64_sys_openat+0x10/0x10 [ 89.702641] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 89.702677] do_syscall_64+0xbf/0x360 [ 89.702699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.702720] RIP: 0033:0x7f9adc05ca04 [ 89.702737] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 89.702757] RSP: 002b:00007fff518f96f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 89.702776] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f9adc05ca04 [ 89.702790] RDX: 0000000000080001 RSI: 00007f9adc102f61 RDI: 00000000ffffff9c [ 89.702802] RBP: 00007f9adc102f61 R08: 0000000000000000 R09: 00007fff518f96e0 [ 89.702815] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 89.702839] R13: 00007fff518f9790 R14: 0000000000000000 R15: 00000000000000f8 [ 89.702867] [ 91.178207] Bluetooth: hci0: command tx timeout [ 91.244151] Bluetooth: hci1: command tx timeout [ 91.308134] Bluetooth: hci6: command tx timeout [ 91.370198] Bluetooth: hci4: command tx timeout [ 91.371019] Bluetooth: hci2: command tx timeout [ 91.434296] Bluetooth: hci5: command tx timeout [ 91.435240] Bluetooth: hci3: command tx timeout [ 91.435825] Bluetooth: hci7: command tx timeout [ 93.226178] Bluetooth: hci0: command tx timeout [ 93.291389] Bluetooth: hci1: command tx timeout [ 93.354334] Bluetooth: hci6: command tx timeout [ 93.418997] Bluetooth: hci2: command tx timeout [ 93.419849] Bluetooth: hci4: command tx timeout [ 93.482359] Bluetooth: hci5: command tx timeout [ 93.483830] Bluetooth: hci7: command tx timeout [ 93.484653] Bluetooth: hci3: command tx timeout [ 95.274152] Bluetooth: hci0: command tx timeout [ 95.338281] Bluetooth: hci1: command tx timeout [ 95.402342] Bluetooth: hci6: command tx timeout [ 95.467147] Bluetooth: hci4: command tx timeout [ 95.467866] Bluetooth: hci2: command tx timeout [ 95.530719] Bluetooth: hci7: command tx timeout [ 95.531711] Bluetooth: hci3: command tx timeout [ 95.533127] Bluetooth: hci5: command tx timeout [ 97.322324] Bluetooth: hci0: command tx timeout [ 97.386124] Bluetooth: hci1: command tx timeout [ 97.450175] Bluetooth: hci6: command tx timeout [ 97.515106] Bluetooth: hci2: command tx timeout [ 97.515557] Bluetooth: hci4: command tx timeout [ 97.578310] Bluetooth: hci7: command tx timeout [ 97.578777] Bluetooth: hci3: command tx timeout [ 97.579418] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 09:14:48 Registers: info registers vcpu 0 RAX=ffff8880162a8001 RBX=0000000000000001 RCX=0000000000000001 RDX=ffff8880162a7f01 RSI=ffff8880162a7f28 RDI=ffff8880162a74b8 RBP=ffff8880162a7500 RSP=ffff8880162a7438 R8 =ffffffff86899c26 R9 =ffff8880162a74e8 R10=000000000003bae4 R11=00000000000263df R12=ffff8880162a7508 R13=ffff8880162a74f0 R14=ffff8880162a7f30 R15=ffff8880162a74a8 RIP=ffffffff81354815 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f30fac86700 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb9faef2580 CR3=000000000e0b5000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=000000000000000000000000000000ff XMM02=000000000000000000000000000000ff XMM03=6c74637379735f636f72702f636f7270 XMM04=636f72703d7373616c63742030733a74 XMM05=3a755f6d65747379733d747865746e6f XMM06=5f6d65747379733a755f6d6574737973 XMM07=00000000000000000000000000000000 XMM08=5d3631353635322e31332020205b3e00 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000359 RBX=0000000000000080 RCX=0000000000000007 RDX=0000000000000007 RSI=ffff88801687a5d8 RDI=ffff888016879b80 RBP=ffff888016879b80 RSP=ffff8880341af308 R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff86438657 R11=fffffffffffc2820 R12=0000000000000007 R13=ffff88801687a5d8 R14=ffff88801687a5d8 R15=0000000000000000 RIP=ffffffff815184c4 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555759cf400 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe1600000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffd514bbf08 CR3=000000003516c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0070656474666f732e73656c75646f6d XMM01=0070656474666f732e73656c75646f6d XMM02=00000000000000000000ffffffffffff XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000