Warning: Permanently added '[localhost]:1569' (ECDSA) to the list of known hosts. 2025/07/02 10:24:19 fuzzer started 2025/07/02 10:24:20 dialing manager at localhost:45015 2025/07/02 10:24:20 checking machine... 2025/07/02 10:24:20 checking revisions... syzkaller login: [ 49.777413] kmemleak: Automatic memory scanning thread ended 2025/07/02 10:24:20 testing simple program... [ 49.856823] cgroup: Unknown subsys name 'net' [ 49.932398] cgroup: Unknown subsys name 'cpuset' [ 49.964235] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 59.474271] audit: type=1400 audit(1751451870.040:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 60.557478] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.560016] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.562394] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.570983] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.576536] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 62.649093] Bluetooth: hci0: command tx timeout executing program [ 64.697662] Bluetooth: hci0: command tx timeout [ 66.745365] Bluetooth: hci0: command tx timeout executing program [ 68.792670] Bluetooth: hci0: command tx timeout executing program executing program [ 76.538240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.539742] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.587155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.588452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program 2025/07/02 10:24:47 building call list... executing program [ 80.337705] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.236658] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list executing program 2025/07/02 10:24:56 syscalls: 2214 2025/07/02 10:24:56 code coverage: enabled 2025/07/02 10:24:56 comparison tracing: enabled 2025/07/02 10:24:56 extra coverage: enabled 2025/07/02 10:24:56 setuid sandbox: enabled 2025/07/02 10:24:56 namespace sandbox: enabled 2025/07/02 10:24:56 Android sandbox: enabled 2025/07/02 10:24:56 fault injection: enabled 2025/07/02 10:24:56 leak checking: enabled 2025/07/02 10:24:56 net packet injection: enabled 2025/07/02 10:24:56 net device setup: enabled 2025/07/02 10:24:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/02 10:24:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/02 10:24:56 USB emulation: enabled 2025/07/02 10:24:56 hci packet injection: enabled 2025/07/02 10:24:56 wifi device emulation: enabled 2025/07/02 10:24:56 802.15.4 emulation: enabled 2025/07/02 10:24:56 fetching corpus: 0, signal 0/0 (executing program) 2025/07/02 10:24:56 fetching corpus: 0, signal 0/0 (executing program) 2025/07/02 10:24:58 starting 8 fuzzer processes 10:24:58 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000540)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)) 10:24:58 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000200)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) 10:24:58 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$sock_int(r0, 0x1, 0x32, &(0x7f0000000140), 0x8) 10:24:58 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{}]}) 10:24:58 executing program 4: r0 = io_uring_setup(0x4e6f, &(0x7f0000000000)) io_uring_enter(r0, 0x7a03, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x36db, 0x0, 0x0, 0x0, 0x0) 10:24:58 executing program 5: r0 = add_key$fscrypt_v1(&(0x7f0000002980), &(0x7f00000029c0)={'fscrypt:', @desc2}, &(0x7f0000002a00)={0x0, "b2cc144d103542ba6d542373ff1435970ee5d830eb735a252e47dbfbfd3609bbe534e11d59415c046713be902185207bca37fd0abff17c9834fc55c44e1420b2"}, 0x48, 0xfffffffffffffffd) keyctl$set_timeout(0xf, r0, 0x583) 10:24:58 executing program 6: set_mempolicy(0x8000, 0x0, 0x0) 10:24:58 executing program 7: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') lseek(r0, 0x4, 0x0) [ 89.096965] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.102035] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.105932] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.110458] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.113085] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.171243] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.180256] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.181860] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.183457] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.188446] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.189841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.191028] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.195868] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.199541] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.204044] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.211999] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.213814] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.215095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.223275] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.224838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.226911] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.228513] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.229990] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.235777] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.236121] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.239789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.241832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.243028] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.243273] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.247355] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.254187] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.255987] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.258432] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.265867] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.269121] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.271213] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.278627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.280552] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.291342] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.326070] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 89.541746] [ 89.542481] ============================= [ 89.543133] WARNING: suspicious RCU usage [ 89.543778] 6.16.0-rc4-next-20250702 #1 Not tainted [ 89.544795] ----------------------------- [ 89.546203] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 89.548251] [ 89.548251] other info that might help us debug this: [ 89.548251] [ 89.550783] [ 89.550783] rcu_scheduler_active = 2, debug_locks = 1 [ 89.553377] 3 locks held by syz-executor.6/849: [ 89.555234] #0: ffff88800f880400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 89.556776] #1: ffff88800f02a618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 89.558228] #2: ffff88801c07de30 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 89.559588] [ 89.559588] stack backtrace: [ 89.560256] CPU: 1 UID: 0 PID: 849 Comm: syz-executor.6 Not tainted 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 89.560283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 89.560295] Call Trace: [ 89.560302] [ 89.560311] dump_stack_lvl+0xfa/0x120 [ 89.560335] lockdep_rcu_suspicious+0x152/0x1c0 [ 89.560362] proc_sys_compare+0x28a/0x340 [ 89.560384] ? __pfx_proc_sys_compare+0x10/0x10 [ 89.560408] d_same_name+0x229/0x2e0 [ 89.560430] d_alloc_parallel+0x7c1/0x1330 [ 89.560468] ? __pfx_d_alloc_parallel+0x10/0x10 [ 89.560496] ? __pfx_default_wake_function+0x10/0x10 [ 89.560528] ? __d_lookup+0x25f/0x490 [ 89.560561] lookup_open.isra.0+0x64f/0x1530 [ 89.560601] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 89.560646] ? mnt_get_write_access+0x81/0x2d0 [ 89.560667] ? mnt_get_write_access+0x1ea/0x2d0 [ 89.560697] path_openat+0xc26/0x2880 [ 89.560738] ? __lock_acquire+0x694/0x1b70 [ 89.560759] ? __pfx_path_openat+0x10/0x10 [ 89.560800] do_filp_open+0x1e8/0x450 [ 89.560831] ? __pfx_do_filp_open+0x10/0x10 [ 89.560874] ? find_held_lock+0x2b/0x80 [ 89.560903] ? alloc_fd+0x2c1/0x560 [ 89.560930] ? lock_release+0xc8/0x290 [ 89.560957] ? alloc_fd+0x2c1/0x560 [ 89.560995] do_sys_openat2+0x104/0x1b0 [ 89.561020] ? __pfx_do_sys_openat2+0x10/0x10 [ 89.561047] ? rcu_read_unlock+0x2d/0xb0 [ 89.561070] ? lock_release+0xc8/0x290 [ 89.561098] __x64_sys_openat+0x142/0x200 [ 89.561123] ? __pfx___x64_sys_openat+0x10/0x10 [ 89.561155] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 89.561194] do_syscall_64+0xbf/0x360 [ 89.561218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.561239] RIP: 0033:0x7fe78c076a04 [ 89.561257] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 89.561276] RSP: 002b:00007fff0e5523f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 89.561296] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fe78c076a04 [ 89.561310] RDX: 0000000000080001 RSI: 00007fe78c11cf61 RDI: 00000000ffffff9c [ 89.561323] RBP: 00007fe78c11cf61 R08: 0000000000000000 R09: 00007fff0e5523e0 [ 89.561336] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 89.561348] R13: 00007fff0e552490 R14: 0000000000000000 R15: 00000000000000f8 [ 89.561377] [ 91.192666] Bluetooth: hci0: command tx timeout [ 91.320861] Bluetooth: hci2: command tx timeout [ 91.322174] Bluetooth: hci6: command tx timeout [ 91.385749] Bluetooth: hci7: command tx timeout [ 91.386775] Bluetooth: hci1: command tx timeout [ 91.387748] Bluetooth: hci4: command tx timeout [ 91.387884] Bluetooth: hci5: command tx timeout [ 91.388837] Bluetooth: hci3: command tx timeout [ 93.241761] Bluetooth: hci0: command tx timeout [ 93.370609] Bluetooth: hci6: command tx timeout [ 93.371046] Bluetooth: hci2: command tx timeout [ 93.432664] Bluetooth: hci1: command tx timeout [ 93.433094] Bluetooth: hci5: command tx timeout [ 93.433471] Bluetooth: hci3: command tx timeout [ 93.434774] Bluetooth: hci7: command tx timeout [ 93.435175] Bluetooth: hci4: command tx timeout [ 95.288779] Bluetooth: hci0: command tx timeout [ 95.416742] Bluetooth: hci2: command tx timeout [ 95.417485] Bluetooth: hci6: command tx timeout [ 95.480652] Bluetooth: hci3: command tx timeout [ 95.481353] Bluetooth: hci4: command tx timeout [ 95.482327] Bluetooth: hci7: command tx timeout [ 95.483432] Bluetooth: hci5: command tx timeout [ 95.483653] Bluetooth: hci1: command tx timeout [ 97.337699] Bluetooth: hci0: command tx timeout [ 97.465762] Bluetooth: hci6: command tx timeout [ 97.465895] Bluetooth: hci2: command tx timeout [ 97.528875] Bluetooth: hci1: command tx timeout [ 97.529005] Bluetooth: hci3: command tx timeout [ 97.531969] Bluetooth: hci5: command tx timeout [ 97.532357] Bluetooth: hci4: command tx timeout [ 97.532654] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 10:25:00 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffff8880e55ef000 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff81354012 RDI=ffff88806ce31850 RBP=ffffffff85c1ccc0 RSP=ffff88801f317700 R8 =0000000000000001 R9 =ffff88801f317858 R10=000000000003bb04 R11=0000000000006bdc R12=ffffffff81354012 R13=ffff88801f317860 R14=ffff88801f3177e8 R15=ffff88801f317818 RIP=ffffffff815abce0 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55ef000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffd2487add8 CR3=0000000033430000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f50b0ddc7c000007f50b0ddc7c8 XMM02=00007f50b0ddc7e000007f50b0ddc7c0 XMM03=00007f50b0ddc7c800007f50b0ddc7c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88801f395280 RCX=ffff888033900000 RDX=ffff88801f395280 RSI=ffff88801f395280 RDI=ffff88806cf089c8 RBP=ffff88806cf08a18 RSP=ffff88806cf08988 R8 =0000000000000001 R9 =0000000000000000 R10=ffff88806cf08a18 R11=0000000000000000 R12=ffff88806cf089c8 R13=ffff88806cf08a40 R14=ffff88806cf08a60 R15=ffff88806cf08a18 RIP=ffffffff84b80d72 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555563dd4400 00000000 00000000 GS =0000 ffff8880e56ef000 00000000 00000000 LDT=0000 fffffe6d00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f83a6d511f0 CR3=0000000035c8b000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6461657268747062696c2f756e672d78 XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000