Warning: Permanently added '[localhost]:1569' (ECDSA) to the list of known hosts. 2025/07/04 10:54:20 fuzzer started 2025/07/04 10:54:20 dialing manager at localhost:42083 2025/07/04 10:54:20 checking machine... 2025/07/04 10:54:20 checking revisions... syzkaller login: [ 49.864239] kmemleak: Automatic memory scanning thread ended 2025/07/04 10:54:21 testing simple program... [ 49.944929] cgroup: Unknown subsys name 'net' [ 49.988710] cgroup: Unknown subsys name 'cpuset' [ 50.002248] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 59.347643] audit: type=1400 audit(1751626470.568:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 60.432514] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.435104] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.437914] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.445922] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.449889] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 62.523748] Bluetooth: hci0: command tx timeout [ 64.572882] Bluetooth: hci0: command tx timeout executing program [ 66.619913] Bluetooth: hci0: command tx timeout executing program [ 68.666881] Bluetooth: hci0: command tx timeout executing program executing program [ 76.131396] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.132568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.191079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.192169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/04 10:54:47 building call list... executing program executing program [ 79.836780] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 80.700933] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 2025/07/04 10:54:56 syscalls: 2214 2025/07/04 10:54:56 code coverage: enabled 2025/07/04 10:54:56 comparison tracing: enabled 2025/07/04 10:54:56 extra coverage: enabled 2025/07/04 10:54:56 setuid sandbox: enabled 2025/07/04 10:54:56 namespace sandbox: enabled 2025/07/04 10:54:56 Android sandbox: enabled 2025/07/04 10:54:56 fault injection: enabled 2025/07/04 10:54:56 leak checking: enabled 2025/07/04 10:54:56 net packet injection: enabled 2025/07/04 10:54:56 net device setup: enabled 2025/07/04 10:54:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:54:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:54:56 USB emulation: enabled 2025/07/04 10:54:56 hci packet injection: enabled 2025/07/04 10:54:56 wifi device emulation: enabled 2025/07/04 10:54:56 802.15.4 emulation: enabled 2025/07/04 10:54:56 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:54:56 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:54:58 starting 8 fuzzer processes 10:54:58 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev\x00') pread64(r0, &(0x7f0000000080)=""/187, 0xbb, 0xe0000000) 10:54:58 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x18, r0, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x4}]}, 0x18}}, 0x0) 10:54:58 executing program 2: prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffb000/0x4000)=nil) 10:54:58 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) setresuid(0x0, 0xee01, 0x0) ioctl$KDSETLED(r0, 0x5412, 0x0) 10:54:58 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) connect$bt_l2cap(r0, &(0x7f0000001b00)={0x1f, 0x0, @fixed, 0x0, 0x2}, 0xe) 10:54:58 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000000)=0x9, 0x4) 10:54:58 executing program 6: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) rename(&(0x7f00000040c0)='./file0/file0\x00', &(0x7f0000000200)='./file1\x00') 10:54:58 executing program 7: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/raw\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) pread64(r0, &(0x7f0000000040)=""/72, 0x48, 0x73) [ 88.398093] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.400114] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.404042] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.408394] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.414477] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.416663] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.418634] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.420623] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.423333] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.429613] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.431749] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.433578] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.436520] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.439787] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.442103] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 88.444565] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.446381] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.452200] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.453665] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 88.458498] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 88.461358] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.463490] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.466219] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.468094] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.473555] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.481537] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 88.484508] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.489521] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 88.494063] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 88.496773] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 88.501564] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.502775] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 88.505585] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 88.509009] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 88.516308] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.518584] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 88.519938] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 88.529268] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 88.542163] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 88.560998] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 88.656926] [ 88.657642] ============================= [ 88.658508] WARNING: suspicious RCU usage [ 88.659206] 6.16.0-rc4-next-20250704 #1 Not tainted [ 88.660344] ----------------------------- [ 88.666117] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 88.667693] [ 88.667693] other info that might help us debug this: [ 88.667693] [ 88.668957] [ 88.668957] rcu_scheduler_active = 2, debug_locks = 1 [ 88.669988] 3 locks held by syz-executor.3/846: [ 88.670711] #0: ffff88800f8ee400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 88.672126] #1: ffff8880093fa618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 88.673686] #2: ffff888018b6a248 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 88.675120] [ 88.675120] stack backtrace: [ 88.675858] CPU: 0 UID: 0 PID: 846 Comm: syz-executor.3 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 88.675887] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 88.675899] Call Trace: [ 88.675907] [ 88.675916] dump_stack_lvl+0xfa/0x120 [ 88.675944] lockdep_rcu_suspicious+0x152/0x1c0 [ 88.675972] proc_sys_compare+0x28a/0x340 [ 88.675994] ? __pfx_proc_sys_compare+0x10/0x10 [ 88.676018] d_same_name+0x229/0x2e0 [ 88.676055] d_alloc_parallel+0x7c1/0x1330 [ 88.676094] ? __pfx_d_alloc_parallel+0x10/0x10 [ 88.676126] ? __pfx_default_wake_function+0x10/0x10 [ 88.676158] ? __d_lookup+0x25f/0x490 [ 88.676192] lookup_open.isra.0+0x64f/0x1530 [ 88.676226] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 88.676271] ? mnt_get_write_access+0x81/0x2d0 [ 88.676292] ? mnt_get_write_access+0x1ea/0x2d0 [ 88.676322] path_openat+0xc26/0x2880 [ 88.676363] ? __lock_acquire+0x694/0x1b70 [ 88.676386] ? __pfx_path_openat+0x10/0x10 [ 88.676427] do_filp_open+0x1e8/0x450 [ 88.676458] ? __pfx_do_filp_open+0x10/0x10 [ 88.676501] ? find_held_lock+0x2b/0x80 [ 88.676531] ? alloc_fd+0x2c1/0x560 [ 88.676558] ? lock_release+0xc8/0x290 [ 88.676597] ? alloc_fd+0x2c1/0x560 [ 88.676635] do_sys_openat2+0x104/0x1b0 [ 88.676660] ? __pfx_do_sys_openat2+0x10/0x10 [ 88.676687] ? __fput+0x67b/0xb50 [ 88.676717] __x64_sys_openat+0x142/0x200 [ 88.676742] ? __pfx___x64_sys_openat+0x10/0x10 [ 88.676767] ? __pfx_fput_close_sync+0x10/0x10 [ 88.676810] do_syscall_64+0xbf/0x360 [ 88.676837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.676860] RIP: 0033:0x7f02bce41a04 [ 88.676877] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 88.676898] RSP: 002b:00007ffc57b16930 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 88.676919] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f02bce41a04 [ 88.676933] RDX: 0000000000080001 RSI: 00007f02bcef8264 RDI: 00000000ffffff9c [ 88.676947] RBP: 00007f02bcef8264 R08: 0000000000000000 R09: 00007ffc57b16920 [ 88.676961] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 88.676974] R13: 00007ffc57b169d0 R14: 0000000000000000 R15: 00000000000000f8 [ 88.677005] [ 90.490868] Bluetooth: hci0: command tx timeout [ 90.555841] Bluetooth: hci1: command tx timeout [ 90.556701] Bluetooth: hci3: command tx timeout [ 90.557428] Bluetooth: hci7: command tx timeout [ 90.558909] Bluetooth: hci2: command tx timeout [ 90.620954] Bluetooth: hci4: command tx timeout [ 90.621750] Bluetooth: hci6: command tx timeout [ 90.622393] Bluetooth: hci5: command tx timeout [ 92.538889] Bluetooth: hci0: command tx timeout [ 92.604265] Bluetooth: hci1: command tx timeout [ 92.605110] Bluetooth: hci7: command tx timeout [ 92.606350] Bluetooth: hci3: command tx timeout [ 92.607136] Bluetooth: hci2: command tx timeout [ 92.668864] Bluetooth: hci5: command tx timeout [ 92.669602] Bluetooth: hci6: command tx timeout [ 92.670517] Bluetooth: hci4: command tx timeout [ 94.587867] Bluetooth: hci0: command tx timeout [ 94.652095] Bluetooth: hci7: command tx timeout [ 94.652556] Bluetooth: hci1: command tx timeout [ 94.652983] Bluetooth: hci3: command tx timeout [ 94.653359] Bluetooth: hci2: command tx timeout [ 94.715869] Bluetooth: hci4: command tx timeout [ 94.716324] Bluetooth: hci6: command tx timeout [ 94.716713] Bluetooth: hci5: command tx timeout [ 96.636177] Bluetooth: hci0: command tx timeout [ 96.701008] Bluetooth: hci3: command tx timeout [ 96.701478] Bluetooth: hci7: command tx timeout [ 96.702830] Bluetooth: hci2: command tx timeout [ 96.703217] Bluetooth: hci1: command tx timeout [ 96.763877] Bluetooth: hci4: command tx timeout [ 96.764339] Bluetooth: hci6: command tx timeout [ 96.764726] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 10:55:00 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5a45 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff888016ce72b8 R8 =0000000000000000 R9 =ffffed10016d0046 R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=0000000000000010 R14=ffffffff8871dea0 R15=ffffffff828b5a30 RIP=ffffffff828b5a9d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558f937400 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055e5ccbcda58 CR3=000000003001a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffffff81994caf RDX=1ffff110016f1ec4 RSI=ffffffff81994ecc RDI=0000000000000007 RBP=ffff88800b78f620 RSP=ffff888015f3f820 R8 =0000000000000001 R9 =ffffed1001a062ac R10=0000000000000000 R11=0000000000000001 R12=0000000000000001 R13=ffff888036d038f0 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81994ee1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1693f69540 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fca6f801a40 CR3=000000000d237000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000ff0000000000000000000000ff00 XMM01=ffff00ffffffffffffffffffffff00ff XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000