Warning: Permanently added '[localhost]:62919' (ECDSA) to the list of known hosts. 2025/07/03 09:44:22 fuzzer started 2025/07/03 09:44:23 dialing manager at localhost:33709 2025/07/03 09:44:23 checking machine... 2025/07/03 09:44:23 checking revisions... syzkaller login: [ 50.764196] kmemleak: Automatic memory scanning thread ended 2025/07/03 09:44:23 testing simple program... [ 50.857529] cgroup: Unknown subsys name 'net' [ 50.914551] cgroup: Unknown subsys name 'cpuset' [ 50.937809] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 61.208754] audit: type=1400 audit(1751535873.717:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 62.318007] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.320285] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.324159] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.330094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.332683] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 64.350776] Bluetooth: hci0: command tx timeout executing program [ 66.400075] Bluetooth: hci0: command tx timeout [ 68.446602] Bluetooth: hci0: command tx timeout executing program [ 70.494281] Bluetooth: hci0: command tx timeout executing program executing program executing program [ 78.259845] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.261050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.304748] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.305843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/03 09:44:51 building call list... executing program [ 81.989954] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.821393] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list executing program 2025/07/03 09:44:56 syscalls: 2214 2025/07/03 09:44:56 code coverage: enabled 2025/07/03 09:44:56 comparison tracing: enabled 2025/07/03 09:44:56 extra coverage: enabled 2025/07/03 09:44:56 setuid sandbox: enabled 2025/07/03 09:44:56 namespace sandbox: enabled 2025/07/03 09:44:56 Android sandbox: enabled 2025/07/03 09:44:56 fault injection: enabled 2025/07/03 09:44:56 leak checking: enabled 2025/07/03 09:44:56 net packet injection: enabled 2025/07/03 09:44:56 net device setup: enabled 2025/07/03 09:44:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/03 09:44:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/03 09:44:56 USB emulation: enabled 2025/07/03 09:44:56 hci packet injection: enabled 2025/07/03 09:44:56 wifi device emulation: enabled 2025/07/03 09:44:56 802.15.4 emulation: enabled 2025/07/03 09:44:56 fetching corpus: 0, signal 0/0 (executing program) 2025/07/03 09:44:56 fetching corpus: 0, signal 0/0 (executing program) 2025/07/03 09:44:58 starting 8 fuzzer processes 09:44:58 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000080)) 09:44:58 executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)) timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_getoverrun(0x0) 09:44:58 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000470008000f801", 0x17}, {&(0x7f0000000140)="53595a4b414c4c45522020080000ea80325132510000ea80325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202f4a02653bb1906c3c6ad2ca0fe278427c9e5db65007c48904c5e9a1dd1951ae821d", 0x6d, 0xa20}], 0x0, &(0x7f0000000300)=ANY=[]) openat$incfs(r0, &(0x7f0000000000)='.log\x00', 0x0, 0x0) 09:44:58 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/120, 0x78}], 0x1) 09:44:58 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'lo\x00', &(0x7f0000000000)=@ethtool_ringparam={0x11}}) 09:44:58 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000440), 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x8ee2, 0x0, 0x0, 0x4, 0x8, 0x5, "de604a44f5f2d0f54ff8327c0dfccf7318a5c9535b090ac39c5277a5735d220626d7b6e3626702b39c58de83c1533c5e1ba717f4251d0e4509c2f7b48866219d", "38bbbb38a0112f5307e2ed65082947efce11187154cfa5c120dee9226db2ae1cefa19bd16183328a84aaa394bc86f706c2e9cae8eb8bda821bf218e7a7f0112f", "31277bccb21d21fe3b828be15cfc4b360e7d62456b7738fa4d4cb31066dc72d6", [0x1, 0x100]}) 09:44:58 executing program 6: r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x8008662c, &(0x7f0000000000)={0x13}) 09:44:58 executing program 7: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_WKALM_RD(r0, 0x8008700b, &(0x7f0000000040)) [ 87.158567] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.178680] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.180501] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.182846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.184957] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.188991] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.190586] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.192291] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.193790] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.194295] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.195121] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.196732] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.197654] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.201694] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.203057] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.204870] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.205040] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.209989] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.211757] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.213771] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.215452] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.216861] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.220353] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.222956] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.223818] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.227803] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.229456] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.230793] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.232957] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.234320] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.235595] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.237062] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.242053] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.242236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.245564] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.247680] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.249686] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.249861] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.256889] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.260481] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.395474] [ 87.396656] ============================= [ 87.397317] WARNING: suspicious RCU usage [ 87.397907] 6.16.0-rc4-next-20250703 #1 Not tainted [ 87.399680] ----------------------------- [ 87.401231] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 87.404501] [ 87.404501] other info that might help us debug this: [ 87.404501] [ 87.407267] [ 87.407267] rcu_scheduler_active = 2, debug_locks = 1 [ 87.408224] 3 locks held by syz-executor.6/848: [ 87.408913] #0: ffff88800b6d2400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 87.410205] #1: ffff88800b9f6618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 87.411644] #2: ffff88801b2540d0 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 87.412992] [ 87.412992] stack backtrace: [ 87.413677] CPU: 1 UID: 0 PID: 848 Comm: syz-executor.6 Not tainted 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 87.413704] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 87.413716] Call Trace: [ 87.413724] [ 87.413733] dump_stack_lvl+0xfa/0x120 [ 87.413772] lockdep_rcu_suspicious+0x152/0x1c0 [ 87.413799] proc_sys_compare+0x28a/0x340 [ 87.413820] ? __pfx_proc_sys_compare+0x10/0x10 [ 87.413844] d_same_name+0x229/0x2e0 [ 87.413880] d_alloc_parallel+0x7c1/0x1330 [ 87.413917] ? __pfx_d_alloc_parallel+0x10/0x10 [ 87.413944] ? __pfx_default_wake_function+0x10/0x10 [ 87.413977] ? __d_lookup+0x25f/0x490 [ 87.414009] lookup_open.isra.0+0x64f/0x1530 [ 87.414043] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 87.414087] ? mnt_get_write_access+0x81/0x2d0 [ 87.414107] ? mnt_get_write_access+0x1ea/0x2d0 [ 87.414136] path_openat+0xc26/0x2880 [ 87.414182] ? __lock_acquire+0x694/0x1b70 [ 87.414205] ? __pfx_path_openat+0x10/0x10 [ 87.414245] do_filp_open+0x1e8/0x450 [ 87.414275] ? __pfx_do_filp_open+0x10/0x10 [ 87.414317] ? find_held_lock+0x2b/0x80 [ 87.414347] ? alloc_fd+0x2c1/0x560 [ 87.414375] ? lock_release+0xc8/0x290 [ 87.414403] ? alloc_fd+0x2c1/0x560 [ 87.414439] do_sys_openat2+0x104/0x1b0 [ 87.414464] ? __pfx_do_sys_openat2+0x10/0x10 [ 87.414491] ? __fput+0x67b/0xb50 [ 87.414520] __x64_sys_openat+0x142/0x200 [ 87.414545] ? __pfx___x64_sys_openat+0x10/0x10 [ 87.414568] ? __pfx_fput_close_sync+0x10/0x10 [ 87.414604] do_syscall_64+0xbf/0x360 [ 87.414627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.414650] RIP: 0033:0x7f722313da04 [ 87.414667] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 87.414687] RSP: 002b:00007ffdd20906d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 87.414708] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f722313da04 [ 87.414721] RDX: 0000000000080001 RSI: 00007f72231f429e RDI: 00000000ffffff9c [ 87.414735] RBP: 00007f72231f429e R08: 0000000000000000 R09: 00007ffdd20906c0 [ 87.414748] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 87.414761] R13: 00007ffdd2090770 R14: 0000000000000000 R15: 00000000000000f8 [ 87.414790] [ 89.310515] Bluetooth: hci6: command tx timeout [ 89.311951] Bluetooth: hci2: command tx timeout [ 89.312078] Bluetooth: hci7: command tx timeout [ 89.313564] Bluetooth: hci0: command tx timeout [ 89.314604] Bluetooth: hci4: command tx timeout [ 89.315430] Bluetooth: hci5: command tx timeout [ 89.316454] Bluetooth: hci1: command tx timeout [ 89.377270] Bluetooth: hci3: command tx timeout [ 91.358303] Bluetooth: hci7: command tx timeout [ 91.358766] Bluetooth: hci5: command tx timeout [ 91.359142] Bluetooth: hci1: command tx timeout [ 91.359554] Bluetooth: hci0: command tx timeout [ 91.359931] Bluetooth: hci4: command tx timeout [ 91.360345] Bluetooth: hci6: command tx timeout [ 91.360725] Bluetooth: hci2: command tx timeout [ 91.422939] Bluetooth: hci3: command tx timeout [ 93.406388] Bluetooth: hci4: command tx timeout [ 93.406837] Bluetooth: hci2: command tx timeout [ 93.407478] Bluetooth: hci6: command tx timeout [ 93.407852] Bluetooth: hci0: command tx timeout [ 93.408280] Bluetooth: hci1: command tx timeout [ 93.408668] Bluetooth: hci5: command tx timeout [ 93.409059] Bluetooth: hci7: command tx timeout [ 93.470491] Bluetooth: hci3: command tx timeout [ 95.454253] Bluetooth: hci0: command tx timeout [ 95.454314] Bluetooth: hci7: command tx timeout [ 95.454699] Bluetooth: hci5: command tx timeout [ 95.455109] Bluetooth: hci1: command tx timeout [ 95.456204] Bluetooth: hci6: command tx timeout [ 95.456374] Bluetooth: hci2: command tx timeout [ 95.456724] Bluetooth: hci4: command tx timeout [ 95.518275] Bluetooth: hci3: command tx timeout VM DIAGNOSIS: 09:45:00 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84ba3d8e RDX=ffffed100364a818 RSI=0000000000000004 RDI=ffff88801b2540b8 RBP=ffff88801b2540b8 RSP=ffff888015d97900 R8 =0000000000000000 R9 =ffffed100364a817 R10=ffff88801b2540bb R11=0000000000000001 R12=1ffff11002bb2f21 R13=0000000000000003 R14=ffffed100364a817 R15=ffff888015d97938 RIP=ffffffff84ba3f20 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555834f4400 00000000 00000000 GS =0000 ffff8880e55f2000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f53458a4efc CR3=0000000032fea000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffffffffff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5535 RDI=ffffffff8871ef20 RBP=ffffffff8871eee0 RSP=ffff8880201a72b8 R8 =0000000000000000 R9 =ffffed10013f4046 R10=000000000000002e R11=0000000000000001 R12=000000000000002e R13=0000000000000010 R14=ffffffff8871eee0 R15=ffffffff828b5520 RIP=ffffffff828b558d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555606e7400 00000000 00000000 GS =0000 ffff8880e56f2000 00000000 00000000 LDT=0000 fffffe5100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000558da29c6b88 CR3=0000000035523000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffff00000000000000000000 XMM02=00007fb85a10cbf000007fb85a10cbf0 XMM03=00000000000068746f6f7465756c622f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000200000000000000020000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000