Warning: Permanently added '[localhost]:25985' (ECDSA) to the list of known hosts. 2025/07/01 09:14:28 fuzzer started 2025/07/01 09:14:29 dialing manager at localhost:37637 2025/07/01 09:14:29 checking machine... 2025/07/01 09:14:29 checking revisions... syzkaller login: [ 50.834505] kmemleak: Automatic memory scanning thread ended 2025/07/01 09:14:29 testing simple program... [ 50.930819] cgroup: Unknown subsys name 'net' [ 51.003572] cgroup: Unknown subsys name 'cpuset' [ 51.018279] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 60.951597] audit: type=1400 audit(1751361279.336:7): avc: denied { execmem } for pid=275 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 62.047082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.049512] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.052093] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.056126] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.059929] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 64.138534] Bluetooth: hci0: command tx timeout executing program [ 66.187768] Bluetooth: hci0: command tx timeout [ 68.234319] Bluetooth: hci0: command tx timeout executing program [ 70.282832] Bluetooth: hci0: command tx timeout executing program executing program executing program [ 77.971235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.972807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.039122] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.040771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/01 09:14:56 building call list... executing program [ 81.720398] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.570527] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list executing program 2025/07/01 09:15:02 syscalls: 2214 2025/07/01 09:15:02 code coverage: enabled 2025/07/01 09:15:02 comparison tracing: enabled 2025/07/01 09:15:02 extra coverage: enabled 2025/07/01 09:15:02 setuid sandbox: enabled 2025/07/01 09:15:02 namespace sandbox: enabled 2025/07/01 09:15:02 Android sandbox: enabled 2025/07/01 09:15:02 fault injection: enabled 2025/07/01 09:15:02 leak checking: enabled 2025/07/01 09:15:02 net packet injection: enabled 2025/07/01 09:15:02 net device setup: enabled 2025/07/01 09:15:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/01 09:15:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/01 09:15:02 USB emulation: enabled 2025/07/01 09:15:02 hci packet injection: enabled 2025/07/01 09:15:02 wifi device emulation: enabled 2025/07/01 09:15:02 802.15.4 emulation: enabled 2025/07/01 09:15:02 fetching corpus: 0, signal 0/0 (executing program) 2025/07/01 09:15:02 fetching corpus: 0, signal 0/0 (executing program) 2025/07/01 09:15:03 starting 8 fuzzer processes 09:15:03 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @private}, {0x0, @local}, 0x0, {0x2, 0x0, @broadcast}}) 09:15:03 executing program 3: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, 0x0) 09:15:03 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) pwritev2(r0, &(0x7f0000000180)=[{&(0x7f0000004ac0)='J', 0x1}], 0x1, 0x0, 0x0, 0x15) 09:15:03 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10, 0x0}, 0x4044850) fcntl$getflags(0xffffffffffffffff, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, 0x0) 09:15:03 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) write$nbd(r1, &(0x7f0000000000), 0x10) close(r0) 09:15:03 executing program 7: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80284504, &(0x7f00000000c0)={0x9, 0x0, 0x0, 0x0, "05f5724e42fc11ab19d53d257da87935d68d9a0efdab28929f337626c1db7e9c"}) 09:15:03 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000000)=@ethtool_rx_ntuple={0xa, {0x0, @tcp_ip4_spec={@rand_addr, @private}, @esp_ip4_spec={@multicast1, @local}}}}) 09:15:03 executing program 6: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x880, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 86.742432] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.744527] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.749029] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.758953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.766646] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.817999] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.819929] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.825238] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.827485] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.829036] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.830581] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.836364] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.840453] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.842443] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.844848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.847207] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.850962] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.860019] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.865323] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.875821] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.878835] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 86.886351] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 86.887954] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 86.889433] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.889941] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.892300] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 86.897304] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 86.899285] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.907466] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.909040] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 86.914311] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 86.918249] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 86.920724] [ 86.921371] ============================= [ 86.922360] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.923479] WARNING: suspicious RCU usage [ 86.924157] 6.16.0-rc4-next-20250701 #1 Not tainted [ 86.925609] ----------------------------- [ 86.927064] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 86.927947] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 86.929223] [ 86.929223] other info that might help us debug this: [ 86.929223] [ 86.931324] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.933711] [ 86.933711] rcu_scheduler_active = 2, debug_locks = 1 [ 86.936198] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 86.937647] 3 locks held by syz-executor.0/846: [ 86.939288] #0: ffff88800fab0400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 86.940698] #1: ffff88800b94e618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 86.942276] #2: ffff88801cc260d0 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 86.943727] [ 86.943727] stack backtrace: [ 86.944437] CPU: 0 UID: 0 PID: 846 Comm: syz-executor.0 Not tainted 6.16.0-rc4-next-20250701 #1 PREEMPT(voluntary) [ 86.944465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 86.944477] Call Trace: [ 86.944485] [ 86.944494] dump_stack_lvl+0xfa/0x120 [ 86.944532] lockdep_rcu_suspicious+0x152/0x1c0 [ 86.944560] proc_sys_compare+0x28a/0x340 [ 86.944581] ? __pfx_proc_sys_compare+0x10/0x10 [ 86.944605] d_same_name+0x229/0x2e0 [ 86.944629] d_alloc_parallel+0x7c1/0x1330 [ 86.944676] ? __pfx_d_alloc_parallel+0x10/0x10 [ 86.944702] ? lock_is_held_type+0x9e/0x120 [ 86.944736] ? __pfx_default_wake_function+0x10/0x10 [ 86.944769] ? __d_lookup+0x25f/0x490 [ 86.944804] lookup_open.isra.0+0x64f/0x1530 [ 86.944839] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 86.944885] ? mnt_get_write_access+0x81/0x2d0 [ 86.944907] ? mnt_get_write_access+0x1ea/0x2d0 [ 86.944938] path_openat+0xc26/0x2880 [ 86.944979] ? __lock_acquire+0x694/0x1b70 [ 86.945002] ? __pfx_path_openat+0x10/0x10 [ 86.945044] do_filp_open+0x1e8/0x450 [ 86.945075] ? __pfx_do_filp_open+0x10/0x10 [ 86.945119] ? find_held_lock+0x2b/0x80 [ 86.945149] ? alloc_fd+0x2c1/0x560 [ 86.945177] ? lock_release+0xc8/0x290 [ 86.945206] ? alloc_fd+0x2c1/0x560 [ 86.945245] do_sys_openat2+0x104/0x1b0 [ 86.945271] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.945299] ? __fput+0x67b/0xb50 [ 86.945329] __x64_sys_openat+0x142/0x200 [ 86.945355] ? __pfx___x64_sys_openat+0x10/0x10 [ 86.945380] ? __pfx_fput_close_sync+0x10/0x10 [ 86.945418] do_syscall_64+0xbf/0x360 [ 86.945440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.945463] RIP: 0033:0x7fa2fdaaea04 [ 86.945480] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 86.945501] RSP: 002b:00007ffc54914880 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 86.945522] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa2fdaaea04 [ 86.945547] RDX: 0000000000080001 RSI: 00007fa2fdb6529e RDI: 00000000ffffff9c [ 86.945561] RBP: 00007fa2fdb6529e R08: 0000000000000000 R09: 00007ffc54914870 [ 86.945575] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 86.945588] R13: 00007ffc54914920 R14: 0000000000000000 R15: 00000000000000f8 [ 86.945619] [ 87.000068] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.002595] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.004332] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.012414] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.841786] Bluetooth: hci0: command tx timeout [ 88.905913] Bluetooth: hci1: command tx timeout [ 88.907079] Bluetooth: hci2: command tx timeout [ 88.969853] Bluetooth: hci7: command tx timeout [ 88.970868] Bluetooth: hci3: command tx timeout [ 89.097931] Bluetooth: hci5: command tx timeout [ 89.099128] Bluetooth: hci4: command tx timeout [ 89.100557] Bluetooth: hci6: command tx timeout [ 90.889997] Bluetooth: hci0: command tx timeout [ 90.954404] Bluetooth: hci1: command tx timeout [ 90.956559] Bluetooth: hci2: command tx timeout [ 91.017814] Bluetooth: hci7: command tx timeout [ 91.018541] Bluetooth: hci3: command tx timeout [ 91.146010] Bluetooth: hci6: command tx timeout [ 91.147062] Bluetooth: hci5: command tx timeout [ 91.147849] Bluetooth: hci4: command tx timeout [ 92.937793] Bluetooth: hci0: command tx timeout [ 93.001998] Bluetooth: hci2: command tx timeout [ 93.003563] Bluetooth: hci1: command tx timeout [ 93.065908] Bluetooth: hci7: command tx timeout [ 93.066650] Bluetooth: hci3: command tx timeout [ 93.193928] Bluetooth: hci5: command tx timeout [ 93.194667] Bluetooth: hci4: command tx timeout [ 93.196118] Bluetooth: hci6: command tx timeout [ 94.985738] Bluetooth: hci0: command tx timeout [ 95.049791] Bluetooth: hci1: command tx timeout [ 95.050304] Bluetooth: hci2: command tx timeout [ 95.113830] Bluetooth: hci7: command tx timeout [ 95.114257] Bluetooth: hci3: command tx timeout [ 95.241797] Bluetooth: hci5: command tx timeout [ 95.242244] Bluetooth: hci6: command tx timeout [ 95.242608] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 09:15:05 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828b9285 RDI=ffffffff8871efa0 RBP=ffffffff8871ef60 RSP=ffff888015f0f298 R8 =0000000000000001 R9 =ffffed1002be1e49 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffffffff8871efb0 R14=ffffffff8871ef60 R15=ffffffff8871f220 RIP=ffffffff828b92dd RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555586b97400 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5e7ed98058 CR3=00000000321b3000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=30306234386136303638616663356134 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=fbaf7679a59de3240000000000134390 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=23769e7e82c64d2200000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000189a RBX=1ffff11002e69f06 RCX=ffffc90002cff000 RDX=0000000000040000 RSI=ffffffff815495be RDI=0000000000000001 RBP=0000000000000001 RSP=ffff88801734f828 R8 =0000000000000000 R9 =0000000000000030 R10=0000000000000001 R11=0000000000000001 R12=0000000000000035 R13=0000000000000200 R14=ffff888017211b80 R15=ffff88801734f8e8 RIP=ffffffff815495c0 RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f76215601d3 CR3=0000000034f35000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f67e3cbf7c000007f67e3cbf7c8 XMM02=00007f67e3cbf7e000007f67e3cbf7c0 XMM03=00007f67e3cbf7c800007f67e3cbf7c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000