Warning: Permanently added '[localhost]:62919' (ECDSA) to the list of known hosts. 2025/07/04 10:54:31 fuzzer started 2025/07/04 10:54:32 dialing manager at localhost:42083 2025/07/04 10:54:32 checking machine... 2025/07/04 10:54:32 checking revisions... syzkaller login: [ 51.170510] kmemleak: Automatic memory scanning thread ended 2025/07/04 10:54:32 testing simple program... [ 51.249734] cgroup: Unknown subsys name 'net' [ 51.319595] cgroup: Unknown subsys name 'cpuset' [ 51.349281] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 61.410231] audit: type=1400 audit(1751626482.469:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 62.469323] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.472086] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.474408] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.479180] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.485823] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 64.559574] Bluetooth: hci0: command tx timeout executing program [ 66.606790] Bluetooth: hci0: command tx timeout [ 68.655943] Bluetooth: hci0: command tx timeout executing program [ 70.703050] Bluetooth: hci0: command tx timeout executing program executing program [ 77.873206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.874587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.903640] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.905203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program 2025/07/04 10:54:59 building call list... executing program [ 81.404977] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.150072] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 2025/07/04 10:55:04 syscalls: 2214 2025/07/04 10:55:04 code coverage: enabled 2025/07/04 10:55:04 comparison tracing: enabled 2025/07/04 10:55:04 extra coverage: enabled 2025/07/04 10:55:04 setuid sandbox: enabled 2025/07/04 10:55:04 namespace sandbox: enabled 2025/07/04 10:55:04 Android sandbox: enabled 2025/07/04 10:55:04 fault injection: enabled 2025/07/04 10:55:04 leak checking: enabled 2025/07/04 10:55:04 net packet injection: enabled 2025/07/04 10:55:04 net device setup: enabled 2025/07/04 10:55:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:55:04 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:55:04 USB emulation: enabled 2025/07/04 10:55:04 hci packet injection: enabled 2025/07/04 10:55:04 wifi device emulation: enabled 2025/07/04 10:55:04 802.15.4 emulation: enabled 2025/07/04 10:55:04 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:55:04 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:55:06 starting 8 fuzzer processes 10:55:06 executing program 0: creat(&(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0) write(r0, 0x0, 0xeffdffff) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 10:55:06 executing program 1: pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) 10:55:06 executing program 3: r0 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x30]}}}}]}) mknodat$loop(r0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 10:55:06 executing program 2: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x107000, 0x0) 10:55:06 executing program 4: syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @val={0x25, 0x3}, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @val={0x71, 0x7}, @void}, 0x4a) 10:55:06 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f00000017c0)=ANY=[], &(0x7f00000018c0)=0x28) 10:55:06 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgid(0x0) r1 = getpid() kcmp(r0, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$msdos(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:55:06 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="ee", 0x1}], 0x1}, 0x0) [ 86.206003] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.208276] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.210652] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.213031] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.215827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.218096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.219605] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.221346] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.224661] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.233417] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.235023] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.237767] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.239386] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.239537] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.244219] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.298748] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.300992] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.303415] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 86.305261] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 86.306790] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 86.310353] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.314761] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 86.315901] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.317400] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 86.320212] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.323501] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 86.329109] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 86.330965] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.335976] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.338653] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.341518] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 86.358939] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.364318] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 86.368467] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.368631] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 86.380958] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 86.382212] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 86.422433] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 86.433357] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 86.435257] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.754494] [ 86.755349] ============================= [ 86.756167] WARNING: suspicious RCU usage [ 86.756919] 6.16.0-rc4-next-20250704 #1 Not tainted [ 86.758568] ----------------------------- [ 86.759597] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 86.761305] [ 86.761305] other info that might help us debug this: [ 86.761305] [ 86.762936] [ 86.762936] rcu_scheduler_active = 2, debug_locks = 1 [ 86.764330] 3 locks held by syz-executor.7/851: [ 86.765323] #0: ffff88800f854400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 86.767147] #1: ffff88800bdba618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 86.769661] #2: ffff88800928c6b0 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 86.771660] [ 86.771660] stack backtrace: [ 86.772654] CPU: 1 UID: 0 PID: 851 Comm: syz-executor.7 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 86.772688] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 86.772700] Call Trace: [ 86.772710] [ 86.772719] dump_stack_lvl+0xfa/0x120 [ 86.772747] lockdep_rcu_suspicious+0x152/0x1c0 [ 86.772773] proc_sys_compare+0x28a/0x340 [ 86.772794] ? __pfx_proc_sys_compare+0x10/0x10 [ 86.772816] d_same_name+0x229/0x2e0 [ 86.772851] d_alloc_parallel+0x7c1/0x1330 [ 86.772886] ? __pfx_d_alloc_parallel+0x10/0x10 [ 86.772913] ? __pfx_default_wake_function+0x10/0x10 [ 86.772943] ? __d_lookup+0x25f/0x490 [ 86.772974] lookup_open.isra.0+0x64f/0x1530 [ 86.773006] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 86.773049] ? mnt_get_write_access+0x81/0x2d0 [ 86.773068] ? mnt_get_write_access+0x1ea/0x2d0 [ 86.773096] path_openat+0xc26/0x2880 [ 86.773134] ? __lock_acquire+0x694/0x1b70 [ 86.773155] ? __pfx_path_openat+0x10/0x10 [ 86.773194] do_filp_open+0x1e8/0x450 [ 86.773223] ? __pfx_do_filp_open+0x10/0x10 [ 86.773263] ? find_held_lock+0x2b/0x80 [ 86.773291] ? alloc_fd+0x2c1/0x560 [ 86.773316] ? lock_release+0xc8/0x290 [ 86.773343] ? alloc_fd+0x2c1/0x560 [ 86.773378] do_sys_openat2+0x104/0x1b0 [ 86.773402] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.773426] ? rcu_read_unlock+0x2d/0xb0 [ 86.773582] ? lock_release+0xc8/0x290 [ 86.773610] __x64_sys_openat+0x142/0x200 [ 86.773634] ? __pfx___x64_sys_openat+0x10/0x10 [ 86.773665] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 86.773701] do_syscall_64+0xbf/0x360 [ 86.773726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.773749] RIP: 0033:0x7f5ca41f0a04 [ 86.773767] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 86.773787] RSP: 002b:00007ffc7da07880 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 86.773807] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f5ca41f0a04 [ 86.773820] RDX: 0000000000080001 RSI: 00007f5ca4296f61 RDI: 00000000ffffff9c [ 86.773833] RBP: 00007f5ca4296f61 R08: 0000000000000000 R09: 00007ffc7da07870 [ 86.773846] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 86.773858] R13: 00007ffc7da07920 R14: 0000000000000000 R15: 00000000000000f8 [ 86.773886] [ 88.303731] Bluetooth: hci0: command tx timeout [ 88.304618] Bluetooth: hci2: command tx timeout [ 88.305327] Bluetooth: hci1: command tx timeout [ 88.366890] Bluetooth: hci6: command tx timeout [ 88.430750] Bluetooth: hci5: command tx timeout [ 88.431424] Bluetooth: hci4: command tx timeout [ 88.432031] Bluetooth: hci3: command tx timeout [ 88.495757] Bluetooth: hci7: command tx timeout [ 90.350945] Bluetooth: hci1: command tx timeout [ 90.351555] Bluetooth: hci2: command tx timeout [ 90.352339] Bluetooth: hci0: command tx timeout [ 90.414784] Bluetooth: hci6: command tx timeout [ 90.480719] Bluetooth: hci5: command tx timeout [ 90.481394] Bluetooth: hci4: command tx timeout [ 90.482336] Bluetooth: hci3: command tx timeout [ 90.542984] Bluetooth: hci7: command tx timeout [ 92.399888] Bluetooth: hci0: command tx timeout [ 92.401767] Bluetooth: hci1: command tx timeout [ 92.402521] Bluetooth: hci2: command tx timeout [ 92.462892] Bluetooth: hci6: command tx timeout [ 92.526822] Bluetooth: hci3: command tx timeout [ 92.527622] Bluetooth: hci4: command tx timeout [ 92.528451] Bluetooth: hci5: command tx timeout [ 92.591652] Bluetooth: hci7: command tx timeout [ 94.447877] Bluetooth: hci0: command tx timeout [ 94.448332] Bluetooth: hci2: command tx timeout [ 94.449095] Bluetooth: hci1: command tx timeout [ 94.510862] Bluetooth: hci6: command tx timeout [ 94.574746] Bluetooth: hci4: command tx timeout [ 94.575195] Bluetooth: hci3: command tx timeout [ 94.575574] Bluetooth: hci5: command tx timeout [ 94.639728] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 10:55:08 Registers: info registers vcpu 0 RAX=fffff9400036f180 RBX=fffff9400036f181 RCX=ffffffff818c530f RDX=fffff9400036f181 RSI=0000000000000008 RDI=ffffea0001b78c00 RBP=fffff9400036f180 RSP=ffff888036877b00 R8 =0000000000000000 R9 =fffff9400036f180 R10=ffffea0001b78c07 R11=0000000000000001 R12=0000000000000034 R13=dffffc0000000000 R14=0000000000000001 R15=ffff888036877d88 RIP=ffffffff81aeb6a1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff1760c6540 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff176115b90 CR3=00000000363bd000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=1ffffffff0aba40e RBX=00000000000000f3 RCX=0000000000000004 RDX=0000000000000000 RSI=ffffffff81685899 RDI=ffffffff855d2076 RBP=ffffffff8536e1fb RSP=ffff8880366beba8 R8 =ffff8880366bec70 R9 =ffff8880366bed90 R10=0000000000000008 R11=0000000000000001 R12=0000000000000000 R13=ffff8880366bed90 R14=0000000000000200 R15=dffffc0000000000 RIP=ffffffff816858d3 RFL=00000013 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555fbb4400 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe0e00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000560ce70eb7ec CR3=0000000036028000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=7465677261742e79636e656772656d65 XMM02=ffffffffffff0f0e0d0c0b0a09080706 XMM03=00000000000000610000656369767265 XMM04=2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e XMM05=00000005000000060000560ce712dd70 XMM06=000000000000006563697665642e3069 XMM07=00000000000000000000000000000000 XMM08=732f6563696c732e6d65747379732f3a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000