Warning: Permanently added '[localhost]:61241' (ECDSA) to the list of known hosts. 2025/07/01 09:14:38 fuzzer started 2025/07/01 09:14:39 dialing manager at localhost:37637 2025/07/01 09:14:39 checking machine... 2025/07/01 09:14:39 checking revisions... syzkaller login: [ 50.798919] kmemleak: Automatic memory scanning thread ended 2025/07/01 09:14:39 testing simple program... [ 50.882748] cgroup: Unknown subsys name 'net' [ 50.945211] cgroup: Unknown subsys name 'cpuset' [ 50.965964] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 61.950030] audit: type=1400 audit(1751361290.581:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 63.060604] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.063720] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.065642] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.068880] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.071215] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.152040] Bluetooth: hci0: command tx timeout executing program [ 67.199774] Bluetooth: hci0: command tx timeout executing program [ 69.247474] Bluetooth: hci0: command tx timeout [ 71.295483] Bluetooth: hci0: command tx timeout executing program executing program executing program [ 78.613460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.614651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.669555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.670696] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/01 09:15:07 building call list... [ 79.141045] syz-executor.0 (273) used greatest stack depth: 24512 bytes left executing program [ 82.328175] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.211932] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list executing program 2025/07/01 09:15:13 syscalls: 2214 2025/07/01 09:15:13 code coverage: enabled 2025/07/01 09:15:13 comparison tracing: enabled 2025/07/01 09:15:13 extra coverage: enabled 2025/07/01 09:15:13 setuid sandbox: enabled 2025/07/01 09:15:13 namespace sandbox: enabled 2025/07/01 09:15:13 Android sandbox: enabled 2025/07/01 09:15:13 fault injection: enabled 2025/07/01 09:15:13 leak checking: enabled 2025/07/01 09:15:13 net packet injection: enabled 2025/07/01 09:15:13 net device setup: enabled 2025/07/01 09:15:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/01 09:15:13 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/01 09:15:13 USB emulation: enabled 2025/07/01 09:15:13 hci packet injection: enabled 2025/07/01 09:15:13 wifi device emulation: enabled 2025/07/01 09:15:13 802.15.4 emulation: enabled 2025/07/01 09:15:13 fetching corpus: 0, signal 0/0 (executing program) 2025/07/01 09:15:13 fetching corpus: 0, signal 0/0 (executing program) 2025/07/01 09:15:14 starting 8 fuzzer processes 09:15:14 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x3, &(0x7f0000000940)) 09:15:14 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000001540)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)="907239", 0x3}, {&(0x7f0000000100)="5ec7921700da747d778fadcd3435d60d7e0ef42deb90d0242508b378b238cf9c8b5de27b75deaa0baf2ef8eda963b7f490ae41287f9f86bf92b179f08c625b7dea2e2c512fd6945d54ef72e61f92fd8f8f20d41363369d2f05ec7bb09e1a1f2012f0e4fab4d28e5d5fe521c2ff4a5336c8d51c0b14371b2c2a370b98b9e611508b2f6f25", 0x84}], 0x8, &(0x7f0000000040)=[@ip_pktinfo={{0xffffffffffffffb9, 0x0, 0x8, {0x0, @local, @broadcast}}}], 0x20}, 0x0) 09:15:14 executing program 1: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) setxattr$incfs_size(&(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) 09:15:14 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1a, &(0x7f0000000000), 0x4) 09:15:14 executing program 6: set_robust_list(&(0x7f0000000240), 0x18) 09:15:14 executing program 3: mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 09:15:14 executing program 7: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000880)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:15:14 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) [ 87.446987] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.449619] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.452740] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.454196] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.456332] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.462567] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.464732] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.466819] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.472865] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.479088] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.480644] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.483083] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.485680] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.487235] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.490209] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.491893] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.493759] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.495363] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.497171] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.499800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.501493] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.503961] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.505139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.506324] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.511204] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.512009] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.514253] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.515618] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.517843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.518672] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.520312] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.526642] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.529162] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.531647] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.535952] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.547293] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.557919] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.560645] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.562272] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.565182] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.697732] [ 87.698320] ============================= [ 87.699146] WARNING: suspicious RCU usage [ 87.699884] 6.16.0-rc4-next-20250701 #1 Not tainted [ 87.701576] ----------------------------- [ 87.705017] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 87.707914] [ 87.707914] other info that might help us debug this: [ 87.707914] [ 87.709083] [ 87.709083] rcu_scheduler_active = 2, debug_locks = 1 [ 87.710047] 3 locks held by syz-executor.1/843: [ 87.710747] #0: ffff88800f26c400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 87.712108] #1: ffff8880092d6618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 87.713561] #2: ffff88801b86d3e8 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 87.714905] [ 87.714905] stack backtrace: [ 87.715619] CPU: 1 UID: 0 PID: 843 Comm: syz-executor.1 Not tainted 6.16.0-rc4-next-20250701 #1 PREEMPT(voluntary) [ 87.715647] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 87.715659] Call Trace: [ 87.715666] [ 87.715675] dump_stack_lvl+0xfa/0x120 [ 87.715712] lockdep_rcu_suspicious+0x152/0x1c0 [ 87.715738] proc_sys_compare+0x28a/0x340 [ 87.715759] ? __pfx_proc_sys_compare+0x10/0x10 [ 87.715782] d_same_name+0x229/0x2e0 [ 87.715805] d_alloc_parallel+0x7c1/0x1330 [ 87.715842] ? __pfx_d_alloc_parallel+0x10/0x10 [ 87.715870] ? __pfx_default_wake_function+0x10/0x10 [ 87.715901] ? __d_lookup+0x25f/0x490 [ 87.715934] lookup_open.isra.0+0x64f/0x1530 [ 87.715967] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 87.716011] ? mnt_get_write_access+0x81/0x2d0 [ 87.716032] ? mnt_get_write_access+0x1ea/0x2d0 [ 87.716061] path_openat+0xc26/0x2880 [ 87.716100] ? __lock_acquire+0x694/0x1b70 [ 87.716121] ? __pfx_path_openat+0x10/0x10 [ 87.716161] do_filp_open+0x1e8/0x450 [ 87.716191] ? __pfx_do_filp_open+0x10/0x10 [ 87.716232] ? find_held_lock+0x2b/0x80 [ 87.716260] ? alloc_fd+0x2c1/0x560 [ 87.716288] ? lock_release+0xc8/0x290 [ 87.716314] ? alloc_fd+0x2c1/0x560 [ 87.716351] do_sys_openat2+0x104/0x1b0 [ 87.716376] ? __pfx_do_sys_openat2+0x10/0x10 [ 87.716409] ? __fput+0x67b/0xb50 [ 87.716438] __x64_sys_openat+0x142/0x200 [ 87.716463] ? __pfx___x64_sys_openat+0x10/0x10 [ 87.716487] ? __pfx_fput_close_sync+0x10/0x10 [ 87.716523] do_syscall_64+0xbf/0x360 [ 87.716545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.716567] RIP: 0033:0x7fd6f6697a04 [ 87.716583] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 87.716602] RSP: 002b:00007ffe31b37710 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 87.716622] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 00007fd6f6697a04 [ 87.716636] RDX: 0000000000080001 RSI: 00007fd6f674e2eb RDI: 00000000ffffff9c [ 87.716649] RBP: 00007fd6f674e2eb R08: 0000000000000000 R09: 00007ffe31b37700 [ 87.716662] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 87.716675] R13: 00007ffe31b377b0 R14: 0000000000000000 R15: 00000000000000f8 [ 87.716703] [ 89.600454] Bluetooth: hci5: command tx timeout [ 89.600484] Bluetooth: hci1: command tx timeout [ 89.601325] Bluetooth: hci4: command tx timeout [ 89.602315] Bluetooth: hci2: command tx timeout [ 89.602645] Bluetooth: hci0: command tx timeout [ 89.664029] Bluetooth: hci7: command tx timeout [ 89.665111] Bluetooth: hci3: command tx timeout [ 89.665652] Bluetooth: hci6: command tx timeout [ 91.647521] Bluetooth: hci4: command tx timeout [ 91.647562] Bluetooth: hci2: command tx timeout [ 91.647971] Bluetooth: hci0: command tx timeout [ 91.649114] Bluetooth: hci1: command tx timeout [ 91.649218] Bluetooth: hci5: command tx timeout [ 91.711536] Bluetooth: hci3: command tx timeout [ 91.711976] Bluetooth: hci6: command tx timeout [ 91.712352] Bluetooth: hci7: command tx timeout [ 93.695458] Bluetooth: hci2: command tx timeout [ 93.695888] Bluetooth: hci5: command tx timeout [ 93.696715] Bluetooth: hci1: command tx timeout [ 93.697096] Bluetooth: hci0: command tx timeout [ 93.697692] Bluetooth: hci4: command tx timeout [ 93.759552] Bluetooth: hci3: command tx timeout [ 93.759934] Bluetooth: hci7: command tx timeout [ 93.760303] Bluetooth: hci6: command tx timeout [ 95.743583] Bluetooth: hci1: command tx timeout [ 95.744606] Bluetooth: hci4: command tx timeout [ 95.745336] Bluetooth: hci0: command tx timeout [ 95.746243] Bluetooth: hci2: command tx timeout [ 95.746269] Bluetooth: hci5: command tx timeout [ 95.809438] Bluetooth: hci6: command tx timeout [ 95.809568] Bluetooth: hci7: command tx timeout [ 95.809860] Bluetooth: hci3: command tx timeout VM DIAGNOSIS: 09:15:16 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84ba7d8e RDX=ffffed100370da7b RSI=0000000000000004 RDI=ffff88801b86d3d0 RBP=ffff88801b86d3d0 RSP=ffff888030b17900 R8 =0000000000000000 R9 =ffffed100370da7a R10=ffff88801b86d3d3 R11=0000000000000001 R12=1ffff11006162f21 R13=0000000000000003 R14=ffffed100370da7a R15=ffff888030b17938 RIP=ffffffff84ba7f20 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555700b9400 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd0b6dd5260 CR3=0000000033dda000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffff0000000000 XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff828b91f0 RDI=ffffffff8871efa0 RBP=ffffffff8871ef60 RSP=ffff888030b0f260 R8 =0000000000000000 R9 =ffffed10014ea046 R10=00000000000fe503 R11=0000000000000001 R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10e3e46 R15=dffffc0000000000 RIP=ffffffff828b9245 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555561677400 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055d0391fbb70 CR3=0000000032a45000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=25252525252525252525252525252525 XMM01=0000000000ff000000000000000000ff XMM02=0000000000ff000000000000000000ff XMM03=ac8bc31478ec851100000000000aefa0 XMM04=9d574315162c8f580000000000137c18 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=fa19a9d8428c788800000000000ae988 XMM07=a1fcdcf819d7e1e500000000000ae728 XMM08=636f72702f0064696e6f697373657300 XMM09=00000000000000000000000000000000 XMM10=20000000000000002000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000