Warning: Permanently added '[localhost]:1569' (ECDSA) to the list of known hosts. 2025/07/03 09:44:13 fuzzer started 2025/07/03 09:44:13 dialing manager at localhost:33709 2025/07/03 09:44:13 checking machine... 2025/07/03 09:44:13 checking revisions... syzkaller login: [ 50.984812] kmemleak: Automatic memory scanning thread ended 2025/07/03 09:44:13 testing simple program... [ 51.054734] cgroup: Unknown subsys name 'net' [ 51.102646] cgroup: Unknown subsys name 'cpuset' [ 51.111941] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 61.168826] audit: type=1400 audit(1751535863.708:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 62.295289] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.297662] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.300523] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.304123] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.307271] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 64.329137] Bluetooth: hci0: command tx timeout executing program [ 66.376768] Bluetooth: hci0: command tx timeout [ 68.424232] Bluetooth: hci0: command tx timeout executing program [ 70.473222] Bluetooth: hci0: command tx timeout executing program executing program [ 77.733699] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.734963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.790051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.791193] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program 2025/07/03 09:44:40 building call list... executing program [ 81.597831] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.394327] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 2025/07/03 09:44:49 syscalls: 2214 2025/07/03 09:44:49 code coverage: enabled 2025/07/03 09:44:49 comparison tracing: enabled 2025/07/03 09:44:49 extra coverage: enabled 2025/07/03 09:44:49 setuid sandbox: enabled 2025/07/03 09:44:49 namespace sandbox: enabled 2025/07/03 09:44:49 Android sandbox: enabled 2025/07/03 09:44:49 fault injection: enabled 2025/07/03 09:44:49 leak checking: enabled 2025/07/03 09:44:49 net packet injection: enabled 2025/07/03 09:44:49 net device setup: enabled 2025/07/03 09:44:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/03 09:44:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/03 09:44:49 USB emulation: enabled 2025/07/03 09:44:49 hci packet injection: enabled 2025/07/03 09:44:49 wifi device emulation: enabled 2025/07/03 09:44:49 802.15.4 emulation: enabled 2025/07/03 09:44:49 fetching corpus: 0, signal 0/0 (executing program) 2025/07/03 09:44:49 fetching corpus: 0, signal 0/0 (executing program) 2025/07/03 09:44:51 starting 8 fuzzer processes 09:44:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x3e, 0x0, &(0x7f00000018c0)) 09:44:51 executing program 1: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) getdents(r0, &(0x7f0000000040)=""/214, 0x18) 09:44:51 executing program 2: syz_mount_image$iso9660(&(0x7f00000025c0), &(0x7f0000002600)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003a80)={[{@iocharset={'iocharset', 0x3d, 'iso8859-13'}}, {@utf8}]}) 09:44:51 executing program 3: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x107000, 0x0) 09:44:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x18, &(0x7f0000002b00)={0x5, {{0x2, 0x0, @multicast1}}}, 0x90) 09:44:51 executing program 5: r0 = io_uring_setup(0x4c45, &(0x7f0000000100)) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) 09:44:51 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x1267, &(0x7f0000000000)) 09:44:51 executing program 7: kexec_load(0x0, 0x0, 0x0, 0x3e0000) [ 90.078214] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.081786] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.085381] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.087332] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.089723] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.091615] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.096680] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.099265] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.101008] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.106371] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.106457] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.109676] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.112640] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.115774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.126689] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.128512] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.144878] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.146338] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.158443] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.161906] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.164114] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.166089] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.170714] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.172332] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 90.172453] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.176959] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.177241] [ 90.178494] ============================= [ 90.179033] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 90.179094] WARNING: suspicious RCU usage [ 90.179105] 6.16.0-rc4-next-20250703 #1 Not tainted [ 90.181380] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.181729] ----------------------------- [ 90.188708] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 90.189786] [ 90.189786] other info that might help us debug this: [ 90.189786] [ 90.190962] [ 90.190962] rcu_scheduler_active = 2, debug_locks = 1 [ 90.191925] 3 locks held by syz-executor.2/845: [ 90.192487] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.192622] #0: ffff88800c782400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 90.194034] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 90.194848] #1: ffff88800934e618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 90.197231] #2: ffff88801b1176d8 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 90.198593] [ 90.198593] stack backtrace: [ 90.199270] CPU: 1 UID: 0 PID: 845 Comm: syz-executor.2 Not tainted 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 90.199298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 90.199311] Call Trace: [ 90.199318] [ 90.199327] dump_stack_lvl+0xfa/0x120 [ 90.199365] lockdep_rcu_suspicious+0x152/0x1c0 [ 90.199392] proc_sys_compare+0x28a/0x340 [ 90.199412] ? __pfx_proc_sys_compare+0x10/0x10 [ 90.199435] d_same_name+0x229/0x2e0 [ 90.199471] d_alloc_parallel+0x7c1/0x1330 [ 90.199508] ? __pfx_d_alloc_parallel+0x10/0x10 [ 90.199531] ? lock_is_held_type+0x9e/0x120 [ 90.199565] ? __pfx_default_wake_function+0x10/0x10 [ 90.199597] ? __d_lookup+0x25f/0x490 [ 90.199629] lookup_open.isra.0+0x64f/0x1530 [ 90.199662] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 90.199706] ? mnt_get_write_access+0x81/0x2d0 [ 90.199726] ? mnt_get_write_access+0x1ea/0x2d0 [ 90.199758] path_openat+0xc26/0x2880 [ 90.199799] ? __lock_acquire+0x694/0x1b70 [ 90.199821] ? __pfx_path_openat+0x10/0x10 [ 90.199860] do_filp_open+0x1e8/0x450 [ 90.199891] ? __pfx_do_filp_open+0x10/0x10 [ 90.199933] ? find_held_lock+0x2b/0x80 [ 90.199962] ? alloc_fd+0x2c1/0x560 [ 90.199988] ? lock_release+0xc8/0x290 [ 90.200016] ? alloc_fd+0x2c1/0x560 [ 90.200053] do_sys_openat2+0x104/0x1b0 [ 90.200077] ? __pfx_do_sys_openat2+0x10/0x10 [ 90.200103] ? __fput+0x67b/0xb50 [ 90.200132] __x64_sys_openat+0x142/0x200 [ 90.200163] ? __pfx___x64_sys_openat+0x10/0x10 [ 90.200186] ? __pfx_fput_close_sync+0x10/0x10 [ 90.200221] do_syscall_64+0xbf/0x360 [ 90.200245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.200267] RIP: 0033:0x7f00105cfa04 [ 90.200283] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 90.200303] RSP: 002b:00007fff78a34e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 90.200323] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f00105cfa04 [ 90.200336] RDX: 0000000000080001 RSI: 00007f00106862d3 RDI: 00000000ffffff9c [ 90.200350] RBP: 00007f00106862d3 R08: 0000000000000000 R09: 00007fff78a34df0 [ 90.200363] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 90.200375] R13: 00007fff78a34ea0 R14: 0000000000000000 R15: 00000000000000f8 [ 90.200404] [ 90.203095] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 90.203659] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.207589] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 90.245612] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.248721] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 90.254517] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.264683] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.271393] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.275618] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 90.283461] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 92.168260] Bluetooth: hci0: command tx timeout [ 92.169109] Bluetooth: hci2: command tx timeout [ 92.296331] Bluetooth: hci1: command tx timeout [ 92.297042] Bluetooth: hci3: command tx timeout [ 92.297543] Bluetooth: hci4: command tx timeout [ 92.360341] Bluetooth: hci5: command tx timeout [ 92.360980] Bluetooth: hci7: command tx timeout [ 92.424963] Bluetooth: hci6: command tx timeout [ 94.217256] Bluetooth: hci2: command tx timeout [ 94.217760] Bluetooth: hci0: command tx timeout [ 94.344318] Bluetooth: hci3: command tx timeout [ 94.344802] Bluetooth: hci4: command tx timeout [ 94.345696] Bluetooth: hci1: command tx timeout [ 94.409730] Bluetooth: hci7: command tx timeout [ 94.410211] Bluetooth: hci5: command tx timeout [ 94.472749] Bluetooth: hci6: command tx timeout [ 96.266199] Bluetooth: hci0: command tx timeout [ 96.266876] Bluetooth: hci2: command tx timeout [ 96.392342] Bluetooth: hci3: command tx timeout [ 96.392982] Bluetooth: hci4: command tx timeout [ 96.393871] Bluetooth: hci1: command tx timeout [ 96.456254] Bluetooth: hci5: command tx timeout [ 96.456315] Bluetooth: hci7: command tx timeout [ 96.520207] Bluetooth: hci6: command tx timeout [ 98.312307] Bluetooth: hci2: command tx timeout [ 98.312457] Bluetooth: hci0: command tx timeout [ 98.441237] Bluetooth: hci1: command tx timeout [ 98.441325] Bluetooth: hci4: command tx timeout [ 98.441818] Bluetooth: hci3: command tx timeout [ 98.504331] Bluetooth: hci7: command tx timeout [ 98.504381] Bluetooth: hci5: command tx timeout [ 98.569223] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 09:44:52 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5535 RDI=ffffffff8871ef20 RBP=ffffffff8871eee0 RSP=ffff8880369b7500 R8 =0000000000000000 R9 =ffffed1001459046 R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=0000000000000010 R14=ffffffff8871eee0 R15=ffffffff828b5520 RIP=ffffffff828b558d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe6000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4d82da2070 CR3=000000002d83c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f83e32e57c000007f83e32e57c8 XMM02=00007f83e32e57e000007f83e32e57c0 XMM03=00007f83e32e57c800007f83e32e57c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=1ffff11002cd8ebd RCX=ffffffff81549540 RDX=ffff88801c31d280 RSI=ffffffff8154952e RDI=0000000000000001 RBP=0000000000000001 RSP=ffff8880166c75e0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=000000000000001d R13=0000000000000200 R14=ffff888020115280 R15=ffff8880166c76a0 RIP=ffffffff81549530 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555564934400 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f001060bca0 CR3=000000003262f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffff0000000000 XMM02=ffffffffffffffffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000