Warning: Permanently added '[localhost]:25985' (ECDSA) to the list of known hosts. 2025/07/04 10:54:41 fuzzer started 2025/07/04 10:54:41 dialing manager at localhost:42083 2025/07/04 10:54:41 checking machine... 2025/07/04 10:54:41 checking revisions... syzkaller login: [ 50.407298] kmemleak: Automatic memory scanning thread ended 2025/07/04 10:54:41 testing simple program... [ 50.488910] cgroup: Unknown subsys name 'net' [ 50.563216] cgroup: Unknown subsys name 'cpuset' [ 50.576586] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 60.834559] audit: type=1400 audit(1751626492.068:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 61.971822] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.975377] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.978316] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.982075] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.986346] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 64.007313] Bluetooth: hci0: command tx timeout executing program [ 66.055193] Bluetooth: hci0: command tx timeout [ 68.102786] Bluetooth: hci0: command tx timeout executing program [ 70.150869] Bluetooth: hci0: command tx timeout executing program executing program executing program [ 77.945930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.947138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.979423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.980622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/04 10:55:09 building call list... executing program [ 81.481756] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.967231] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list 2025/07/04 10:55:14 syscalls: 2214 2025/07/04 10:55:14 code coverage: enabled 2025/07/04 10:55:14 comparison tracing: enabled 2025/07/04 10:55:14 extra coverage: enabled 2025/07/04 10:55:14 setuid sandbox: enabled 2025/07/04 10:55:14 namespace sandbox: enabled 2025/07/04 10:55:14 Android sandbox: enabled 2025/07/04 10:55:14 fault injection: enabled 2025/07/04 10:55:14 leak checking: enabled 2025/07/04 10:55:14 net packet injection: enabled 2025/07/04 10:55:14 net device setup: enabled 2025/07/04 10:55:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:55:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:55:14 USB emulation: enabled 2025/07/04 10:55:14 hci packet injection: enabled 2025/07/04 10:55:14 wifi device emulation: enabled 2025/07/04 10:55:14 802.15.4 emulation: enabled 2025/07/04 10:55:14 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:55:14 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:55:15 starting 8 fuzzer processes 10:55:15 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000300)=0xffff7fff, 0x4) 10:55:15 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="200705000002000019000000900100000f000000000000000000000004000000000002000020000020000000e0f4655fe0f4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000018000000c28500002b02", 0x66, 0x400}, {&(0x7f0000010100)="000000000000000000000000ab7a0e3e026c4410ac9856e86774ba11010040", 0x1f, 0x4e0}], 0x0, &(0x7f0000012a00)) 10:55:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x16, 0x0, &(0x7f00000018c0)) 10:55:15 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$sock_int(r0, 0x1, 0x2a, 0x0, &(0x7f0000000180)) 10:55:15 executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={{r0}}) 10:55:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() r1 = pidfd_open(r0, 0x0) pidfd_getfd(r1, r1, 0x0) 10:55:15 executing program 6: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000000040)="ff4344303031", 0x6, 0x8800}, {&(0x7f0000010900)="8800170000000000001700080000000008007809140b2a3a080200", 0x1b, 0xb800}], 0x0, &(0x7f0000011700)) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) syncfs(r0) 10:55:15 executing program 7: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) bind(r0, &(0x7f00000007c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80) [ 85.656315] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.658632] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.661075] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.665359] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.667980] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.670685] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.677555] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.687946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.692909] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.695470] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.797924] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.810362] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.812926] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.814688] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 85.819566] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.821986] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.822384] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 85.822902] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.830192] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 85.834846] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 85.838192] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 85.839765] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.841016] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 85.848316] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.849992] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 85.850950] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.850972] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 85.855602] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.858742] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.859245] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 85.861072] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.865037] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 85.866284] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.869359] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.872899] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 85.873791] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.875903] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 85.878735] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 85.894029] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 85.910367] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.006842] [ 86.007626] ============================= [ 86.008444] WARNING: suspicious RCU usage [ 86.009073] 6.16.0-rc4-next-20250704 #1 Not tainted [ 86.010545] ----------------------------- [ 86.011548] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 86.013619] [ 86.013619] other info that might help us debug this: [ 86.013619] [ 86.015643] [ 86.015643] rcu_scheduler_active = 2, debug_locks = 1 [ 86.017411] 3 locks held by syz-executor.5/849: [ 86.019074] #0: ffff88800a316400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 86.021295] #1: ffff888009312618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 86.024124] #2: ffff888019312248 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 86.025571] [ 86.025571] stack backtrace: [ 86.026288] CPU: 1 UID: 0 PID: 849 Comm: syz-executor.5 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 86.026317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 86.026330] Call Trace: [ 86.026338] [ 86.026347] dump_stack_lvl+0xfa/0x120 [ 86.026374] lockdep_rcu_suspicious+0x152/0x1c0 [ 86.026402] proc_sys_compare+0x28a/0x340 [ 86.026423] ? __pfx_proc_sys_compare+0x10/0x10 [ 86.026447] d_same_name+0x229/0x2e0 [ 86.026484] d_alloc_parallel+0x7c1/0x1330 [ 86.026522] ? __pfx_d_alloc_parallel+0x10/0x10 [ 86.026550] ? __pfx_default_wake_function+0x10/0x10 [ 86.026583] ? __d_lookup+0x25f/0x490 [ 86.026617] lookup_open.isra.0+0x64f/0x1530 [ 86.026651] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 86.026696] ? mnt_get_write_access+0x81/0x2d0 [ 86.026731] ? mnt_get_write_access+0x1ea/0x2d0 [ 86.026760] path_openat+0xc26/0x2880 [ 86.026801] ? __lock_acquire+0x694/0x1b70 [ 86.026824] ? __pfx_path_openat+0x10/0x10 [ 86.026865] do_filp_open+0x1e8/0x450 [ 86.026896] ? __pfx_do_filp_open+0x10/0x10 [ 86.026939] ? find_held_lock+0x2b/0x80 [ 86.026969] ? alloc_fd+0x2c1/0x560 [ 86.026996] ? lock_release+0xc8/0x290 [ 86.027025] ? alloc_fd+0x2c1/0x560 [ 86.027063] do_sys_openat2+0x104/0x1b0 [ 86.027094] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.027121] ? __fput+0x67b/0xb50 [ 86.027151] __x64_sys_openat+0x142/0x200 [ 86.027176] ? __pfx___x64_sys_openat+0x10/0x10 [ 86.027202] ? __pfx_fput_close_sync+0x10/0x10 [ 86.027240] do_syscall_64+0xbf/0x360 [ 86.027267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.027291] RIP: 0033:0x7fd227088a04 [ 86.027310] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 86.027332] RSP: 002b:00007ffcd572dc90 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 86.027355] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 00007fd227088a04 [ 86.027371] RDX: 0000000000080001 RSI: 00007fd22713f2eb RDI: 00000000ffffff9c [ 86.027386] RBP: 00007fd22713f2eb R08: 0000000000000000 R09: 00007ffcd572dc80 [ 86.027402] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 86.027417] R13: 00007ffcd572dd30 R14: 0000000000000000 R15: 00000000000000f8 [ 86.027447] [ 87.750325] Bluetooth: hci1: command tx timeout [ 87.751693] Bluetooth: hci0: command tx timeout [ 87.878656] Bluetooth: hci4: command tx timeout [ 87.942238] Bluetooth: hci6: command tx timeout [ 87.943318] Bluetooth: hci5: command tx timeout [ 87.944355] Bluetooth: hci3: command tx timeout [ 88.006350] Bluetooth: hci7: command tx timeout [ 88.006970] Bluetooth: hci2: command tx timeout [ 89.798202] Bluetooth: hci1: command tx timeout [ 89.798267] Bluetooth: hci0: command tx timeout [ 89.926893] Bluetooth: hci4: command tx timeout [ 89.990188] Bluetooth: hci5: command tx timeout [ 89.990281] Bluetooth: hci6: command tx timeout [ 89.991245] Bluetooth: hci3: command tx timeout [ 90.056116] Bluetooth: hci2: command tx timeout [ 90.056220] Bluetooth: hci7: command tx timeout [ 91.846179] Bluetooth: hci1: command tx timeout [ 91.846322] Bluetooth: hci0: command tx timeout [ 91.974306] Bluetooth: hci4: command tx timeout [ 92.038346] Bluetooth: hci6: command tx timeout [ 92.039348] Bluetooth: hci3: command tx timeout [ 92.040044] Bluetooth: hci5: command tx timeout [ 92.102402] Bluetooth: hci7: command tx timeout [ 92.102427] Bluetooth: hci2: command tx timeout [ 93.894586] Bluetooth: hci0: command tx timeout [ 93.894679] Bluetooth: hci1: command tx timeout [ 94.024156] Bluetooth: hci4: command tx timeout [ 94.086218] Bluetooth: hci3: command tx timeout [ 94.086292] Bluetooth: hci6: command tx timeout [ 94.088127] Bluetooth: hci5: command tx timeout [ 94.150316] Bluetooth: hci2: command tx timeout [ 94.150372] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 10:55:17 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000000 RCX=25508ca8f3079cb5 RDX=0000000085b43e03 RSI=000000007e136c90 RDI=00000000240df03a RBP=ffffffff85c1cc40 RSP=ffff88803681f7b0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=0000000000000200 RIP=ffffffff8151b0fb RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa214d50048 CR3=0000000035e7f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000ff000000000000000000ff00 XMM01=ffffffff00ffffffffffffffffff00ff XMM02=4c420037312e325f44494b4c42003531 XMM03=00000000000000000000000000003531 XMM04=44494b4c420037312e325f44494b4c42 XMM05=00007fa21451800000007fa2145198c0 XMM06=00007fa2145192f000007fa21467e950 XMM07=00007fa214518cf000007fa214518760 XMM08=00007fa21451800000007fa21467e950 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000078 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5a45 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff888036787298 R8 =0000000000000000 R9 =ffffed10014e1046 R10=0000000000000078 R11=0000000000000001 R12=0000000000000078 R13=0000000000000010 R14=ffffffff8871dea0 R15=ffffffff828b5a30 RIP=ffffffff828b5a9d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555572061400 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe2800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa2148ed000 CR3=0000000035e46000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000ff0000000000000000000000 XMM01=ffffffff00ffffffffffffffffffffff XMM02=42494c4700342e332e325f4342494c47 XMM03=000000000000000000005f7265776f6c XMM04=006c5f6d7266787363775f5f00636f6c XMM05=00007fa21451800000007fa2145198c0 XMM06=00007fa2145192f000007fa21467e950 XMM07=00007fa214518cf000007fa214518760 XMM08=00007fa21451800000007fa21467e950 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000