Warning: Permanently added '[localhost]:25985' (ECDSA) to the list of known hosts. 2025/07/02 10:24:40 fuzzer started 2025/07/02 10:24:40 dialing manager at localhost:45015 2025/07/02 10:24:40 checking machine... 2025/07/02 10:24:40 checking revisions... syzkaller login: [ 50.524736] kmemleak: Automatic memory scanning thread ended 2025/07/02 10:24:41 testing simple program... [ 50.612053] cgroup: Unknown subsys name 'net' [ 50.690326] cgroup: Unknown subsys name 'cpuset' [ 50.713247] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 61.186833] audit: type=1400 audit(1751451891.676:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 62.278391] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.280393] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.282678] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.287964] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.290215] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 64.374295] Bluetooth: hci0: command tx timeout executing program [ 66.421735] Bluetooth: hci0: command tx timeout executing program [ 68.471123] Bluetooth: hci0: command tx timeout [ 70.517573] Bluetooth: hci0: command tx timeout executing program executing program executing program [ 78.616600] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.617776] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.650567] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.651609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/02 10:25:09 building call list... executing program [ 82.453443] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.352391] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list executing program 2025/07/02 10:25:15 syscalls: 2214 2025/07/02 10:25:15 code coverage: enabled 2025/07/02 10:25:15 comparison tracing: enabled 2025/07/02 10:25:15 extra coverage: enabled 2025/07/02 10:25:15 setuid sandbox: enabled 2025/07/02 10:25:15 namespace sandbox: enabled 2025/07/02 10:25:15 Android sandbox: enabled 2025/07/02 10:25:15 fault injection: enabled 2025/07/02 10:25:15 leak checking: enabled 2025/07/02 10:25:15 net packet injection: enabled 2025/07/02 10:25:15 net device setup: enabled 2025/07/02 10:25:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/02 10:25:15 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/02 10:25:15 USB emulation: enabled 2025/07/02 10:25:15 hci packet injection: enabled 2025/07/02 10:25:15 wifi device emulation: enabled 2025/07/02 10:25:15 802.15.4 emulation: enabled 2025/07/02 10:25:15 fetching corpus: 0, signal 0/0 (executing program) 2025/07/02 10:25:15 fetching corpus: 0, signal 0/0 (executing program) 2025/07/02 10:25:16 starting 8 fuzzer processes 10:25:16 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000040)) 10:25:16 executing program 4: r0 = fsopen(&(0x7f00000000c0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f0000000000)='hu\x86\x87\xc0\nbfs\x00', &(0x7f0000000080)='%^+\x00', 0x0) 10:25:16 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_get$uid(0x3, 0x0) fork() 10:25:16 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x8000, 0x0) 10:25:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$SO_BINDTODEVICE(r1, 0x29, 0x17, &(0x7f0000000000)='lo\x00', 0x10) 10:25:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736676209600088020", 0xf}, {0x0, 0x0, 0x9e0}], 0x0, &(0x7f0000011000)) 10:25:16 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) setrlimit(0x0, &(0x7f0000000040)) 10:25:16 executing program 7: creat(&(0x7f00000003c0)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) truncate(&(0x7f0000000000)='./file0\x00', 0x0) [ 87.685407] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.688837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.691193] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.694032] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.696911] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.701363] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.704656] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.709275] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.711420] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.714370] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.760180] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.762891] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.764307] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.771849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.774668] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.778749] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.778811] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.782293] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.783963] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.785726] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.786860] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.788267] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.789749] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.791118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.797377] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.799423] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.801044] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.803706] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.805321] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.807093] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.808180] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.809269] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.812711] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.821695] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.825628] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.827142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.829746] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.831115] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.837258] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.847520] [ 87.848338] ============================= [ 87.849037] WARNING: suspicious RCU usage [ 87.849664] 6.16.0-rc4-next-20250702 #1 Not tainted [ 87.852825] ----------------------------- [ 87.854855] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 87.855955] [ 87.855955] other info that might help us debug this: [ 87.855955] [ 87.857133] [ 87.857133] rcu_scheduler_active = 2, debug_locks = 1 [ 87.857968] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.858194] 3 locks held by syz-executor.2/842: [ 87.859538] #0: ffff888007058400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 87.860864] #1: ffff88800b90a618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 87.862361] #2: ffff88801c03c538 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 87.863733] [ 87.863733] stack backtrace: [ 87.864379] CPU: 1 UID: 0 PID: 842 Comm: syz-executor.2 Not tainted 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 87.864406] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 87.864418] Call Trace: [ 87.864426] [ 87.864435] dump_stack_lvl+0xfa/0x120 [ 87.864467] lockdep_rcu_suspicious+0x152/0x1c0 [ 87.864495] proc_sys_compare+0x28a/0x340 [ 87.864524] ? __pfx_proc_sys_compare+0x10/0x10 [ 87.864555] d_same_name+0x229/0x2e0 [ 87.864578] d_alloc_parallel+0x7c1/0x1330 [ 87.864616] ? __pfx_d_alloc_parallel+0x10/0x10 [ 87.864639] ? lock_is_held_type+0x9e/0x120 [ 87.864675] ? __pfx_default_wake_function+0x10/0x10 [ 87.864706] ? __d_lookup+0x25f/0x490 [ 87.864739] lookup_open.isra.0+0x64f/0x1530 [ 87.864773] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 87.864818] ? mnt_get_write_access+0x81/0x2d0 [ 87.864839] ? mnt_get_write_access+0x1ea/0x2d0 [ 87.864868] path_openat+0xc26/0x2880 [ 87.864908] ? __lock_acquire+0x694/0x1b70 [ 87.864930] ? __pfx_path_openat+0x10/0x10 [ 87.864970] do_filp_open+0x1e8/0x450 [ 87.865001] ? __pfx_do_filp_open+0x10/0x10 [ 87.865043] ? find_held_lock+0x2b/0x80 [ 87.865072] ? alloc_fd+0x2c1/0x560 [ 87.865100] ? lock_release+0xc8/0x290 [ 87.865127] ? alloc_fd+0x2c1/0x560 [ 87.865165] do_sys_openat2+0x104/0x1b0 [ 87.865190] ? __pfx_do_sys_openat2+0x10/0x10 [ 87.865216] ? rcu_read_unlock+0x2d/0xb0 [ 87.865239] ? lock_release+0xc8/0x290 [ 87.865267] __x64_sys_openat+0x142/0x200 [ 87.865292] ? __pfx___x64_sys_openat+0x10/0x10 [ 87.865324] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 87.865362] do_syscall_64+0xbf/0x360 [ 87.865386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.865407] RIP: 0033:0x7fa3799bba04 [ 87.865424] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 87.865443] RSP: 002b:00007ffff68089b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 87.865463] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa3799bba04 [ 87.865476] RDX: 0000000000080001 RSI: 00007fa379a61f61 RDI: 00000000ffffff9c [ 87.865490] RBP: 00007fa379a61f61 R08: 0000000000000000 R09: 00007ffff68089a0 [ 87.865503] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 87.865515] R13: 00007ffff6808a50 R14: 0000000000000000 R15: 00000000000000f8 [ 87.865544] [ 89.781598] Bluetooth: hci0: command tx timeout [ 89.781937] Bluetooth: hci1: command tx timeout [ 89.845566] Bluetooth: hci2: command tx timeout [ 89.909708] Bluetooth: hci5: command tx timeout [ 89.909737] Bluetooth: hci7: command tx timeout [ 89.911068] Bluetooth: hci4: command tx timeout [ 89.973550] Bluetooth: hci6: command tx timeout [ 89.974584] Bluetooth: hci3: command tx timeout [ 91.829519] Bluetooth: hci1: command tx timeout [ 91.829971] Bluetooth: hci0: command tx timeout [ 91.895629] Bluetooth: hci2: command tx timeout [ 91.957608] Bluetooth: hci4: command tx timeout [ 91.958050] Bluetooth: hci5: command tx timeout [ 91.958724] Bluetooth: hci7: command tx timeout [ 92.022085] Bluetooth: hci3: command tx timeout [ 92.023293] Bluetooth: hci6: command tx timeout [ 93.877538] Bluetooth: hci1: command tx timeout [ 93.878061] Bluetooth: hci0: command tx timeout [ 93.942563] Bluetooth: hci2: command tx timeout [ 94.005607] Bluetooth: hci7: command tx timeout [ 94.006051] Bluetooth: hci5: command tx timeout [ 94.006414] Bluetooth: hci4: command tx timeout [ 94.069536] Bluetooth: hci6: command tx timeout [ 94.069977] Bluetooth: hci3: command tx timeout [ 95.926523] Bluetooth: hci1: command tx timeout [ 95.927008] Bluetooth: hci0: command tx timeout [ 95.990047] Bluetooth: hci2: command tx timeout [ 96.053708] Bluetooth: hci4: command tx timeout [ 96.054205] Bluetooth: hci5: command tx timeout [ 96.054820] Bluetooth: hci7: command tx timeout [ 96.117538] Bluetooth: hci3: command tx timeout [ 96.118036] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 10:25:18 Registers: info registers vcpu 0 RAX=ffff888036f1d280 RBX=0000000000000000 RCX=ffffffff81291789 RDX=0000000000000000 RSI=0000000000000008 RDI=ffff888036f1d280 RBP=ffff888015749b80 RSP=ffff888035d37938 R8 =0000000000000001 R9 =ffffed100118c27a R10=0000000000000000 R11=0000000000000001 R12=ffff888036f1d280 R13=ffff888036f1d200 R14=ffff88806ce36f00 R15=ffff888036f1e8a8 RIP=ffffffff81aef3b2 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55ef000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005595fc7ea848 CR3=0000000036029000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f548ac5c7c000007f548ac5c7c8 XMM02=00007f548ac5c7e000007f548ac5c7c0 XMM03=00007f548ac5c7c800007f548ac5c7c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828ba350 RDI=ffffffff88722060 RBP=ffffffff88722020 RSP=ffff8880188172c0 R8 =0000000000000001 R9 =ffffed1003102e49 R10=0000000000000000 R11=0000000000000001 R12=000000000000002d R13=ffffffff88722070 R14=ffffffff88722020 R15=ffffffff887222e0 RIP=ffffffff828ba3a5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555579955400 00000000 00000000 GS =0000 ffff8880e56ef000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1871d5a27c CR3=0000000030bea000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffffffffff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000