Warning: Permanently added '[localhost]:61241' (ECDSA) to the list of known hosts. 2025/07/04 10:54:52 fuzzer started 2025/07/04 10:54:52 dialing manager at localhost:42083 2025/07/04 10:54:52 checking machine... 2025/07/04 10:54:52 checking revisions... syzkaller login: [ 51.257116] kmemleak: Automatic memory scanning thread ended 2025/07/04 10:54:52 testing simple program... [ 51.338750] cgroup: Unknown subsys name 'net' [ 51.405741] cgroup: Unknown subsys name 'cpuset' [ 51.424339] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program [ 61.244787] audit: type=1400 audit(1751626502.421:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 62.349340] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.353698] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.356106] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.360577] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.363464] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 64.378973] Bluetooth: hci0: command tx timeout executing program [ 66.426780] Bluetooth: hci0: command tx timeout [ 68.474170] Bluetooth: hci0: command tx timeout executing program [ 70.522207] Bluetooth: hci0: command tx timeout executing program executing program executing program [ 78.466517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.467828] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.516446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.517546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/07/04 10:55:20 building call list... executing program [ 82.200404] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.009111] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list executing program 2025/07/04 10:55:25 syscalls: 2214 2025/07/04 10:55:25 code coverage: enabled 2025/07/04 10:55:25 comparison tracing: enabled 2025/07/04 10:55:25 extra coverage: enabled 2025/07/04 10:55:25 setuid sandbox: enabled 2025/07/04 10:55:25 namespace sandbox: enabled 2025/07/04 10:55:25 Android sandbox: enabled 2025/07/04 10:55:25 fault injection: enabled 2025/07/04 10:55:25 leak checking: enabled 2025/07/04 10:55:25 net packet injection: enabled 2025/07/04 10:55:25 net device setup: enabled 2025/07/04 10:55:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/04 10:55:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/04 10:55:25 USB emulation: enabled 2025/07/04 10:55:25 hci packet injection: enabled 2025/07/04 10:55:25 wifi device emulation: enabled 2025/07/04 10:55:25 802.15.4 emulation: enabled 2025/07/04 10:55:25 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:55:25 fetching corpus: 0, signal 0/0 (executing program) 2025/07/04 10:55:27 starting 8 fuzzer processes 10:55:27 executing program 0: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001}) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0xffff, 0xc97c}) 10:55:27 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x21, &(0x7f0000000000)="92f46193", 0x4) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) 10:55:27 executing program 1: lsetxattr$trusted_overlay_nlink(&(0x7f0000007c00)='./file0/file0\x00', &(0x7f0000007c40), 0x0, 0x0, 0x0) 10:55:27 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002cc0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000180)={{}, {0x3}}) 10:55:27 executing program 4: prctl$PR_SET_MM_MAP(0x4b, 0xe, &(0x7f0000000380)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0xc000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff4000/0x2000)=nil, 0x0}, 0x68) 10:55:27 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x13, 0x0, 0x0) 10:55:27 executing program 6: madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) mmap$IORING_OFF_SQ_RING(&(0x7f0000875000/0x3000)=nil, 0x3000, 0x0, 0x4034051, r1, 0x0) mremap(&(0x7f0000871000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffd000/0x1000)=nil) munmap(&(0x7f0000871000/0x2000)=nil, 0x2000) mbind(&(0x7f0000872000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3) 10:55:27 executing program 7: pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 87.304579] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.309478] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.311850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.319549] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.326190] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.375332] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.377726] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.379828] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.384426] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.385520] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.387839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.392970] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.395689] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.397872] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.400651] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.434809] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.440304] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.445264] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.448496] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.449719] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.453581] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.465461] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.466724] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.474494] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.475492] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.479346] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.481799] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.484765] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.486782] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.487477] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.489707] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.490533] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.491600] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.497309] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.498473] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.504412] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.506988] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.508384] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.510874] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.529233] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.830063] [ 87.830826] ============================= [ 87.831743] WARNING: suspicious RCU usage [ 87.832646] 6.16.0-rc4-next-20250704 #1 Not tainted [ 87.837342] ----------------------------- [ 87.837950] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 87.839256] [ 87.839256] other info that might help us debug this: [ 87.839256] [ 87.840533] [ 87.840533] rcu_scheduler_active = 2, debug_locks = 1 [ 87.841507] 3 locks held by syz-executor.4/849: [ 87.842214] #0: ffff88800b66c400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 87.843502] #1: ffff88800ba22618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 87.844942] #2: ffff8880154363c0 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 87.846306] [ 87.846306] stack backtrace: [ 87.846954] CPU: 0 UID: 0 PID: 849 Comm: syz-executor.4 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 87.846981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 87.846993] Call Trace: [ 87.847007] [ 87.847016] dump_stack_lvl+0xfa/0x120 [ 87.847042] lockdep_rcu_suspicious+0x152/0x1c0 [ 87.847068] proc_sys_compare+0x28a/0x340 [ 87.847089] ? __pfx_proc_sys_compare+0x10/0x10 [ 87.847111] d_same_name+0x229/0x2e0 [ 87.847146] d_alloc_parallel+0x7c1/0x1330 [ 87.847181] ? __pfx_d_alloc_parallel+0x10/0x10 [ 87.847208] ? __pfx_default_wake_function+0x10/0x10 [ 87.847238] ? __d_lookup+0x25f/0x490 [ 87.847270] lookup_open.isra.0+0x64f/0x1530 [ 87.847302] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 87.847344] ? mnt_get_write_access+0x81/0x2d0 [ 87.847364] ? mnt_get_write_access+0x1ea/0x2d0 [ 87.847391] path_openat+0xc26/0x2880 [ 87.847429] ? __lock_acquire+0x694/0x1b70 [ 87.847451] ? __pfx_path_openat+0x10/0x10 [ 87.847489] do_filp_open+0x1e8/0x450 [ 87.847518] ? __pfx_do_filp_open+0x10/0x10 [ 87.847559] ? find_held_lock+0x2b/0x80 [ 87.847586] ? alloc_fd+0x2c1/0x560 [ 87.847612] ? lock_release+0xc8/0x290 [ 87.847639] ? alloc_fd+0x2c1/0x560 [ 87.847674] do_sys_openat2+0x104/0x1b0 [ 87.847698] ? __pfx_do_sys_openat2+0x10/0x10 [ 87.847723] ? __fput+0x67b/0xb50 [ 87.847751] __x64_sys_openat+0x142/0x200 [ 87.847775] ? __pfx___x64_sys_openat+0x10/0x10 [ 87.847798] ? __pfx_fput_close_sync+0x10/0x10 [ 87.847832] do_syscall_64+0xbf/0x360 [ 87.847857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.847878] RIP: 0033:0x7ff2228b1a04 [ 87.847894] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 87.847914] RSP: 002b:00007ffcd6f90960 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 87.847933] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007ff2228b1a04 [ 87.847947] RDX: 0000000000080001 RSI: 00007ff222968264 RDI: 00000000ffffff9c [ 87.847959] RBP: 00007ff222968264 R08: 0000000000000000 R09: 00007ffcd6f90950 [ 87.847972] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 87.847984] R13: 00007ffcd6f90a00 R14: 0000000000000000 R15: 00000000000000f8 [ 87.848013] [ 89.403058] Bluetooth: hci0: command tx timeout [ 89.466090] Bluetooth: hci2: command tx timeout [ 89.466717] Bluetooth: hci3: command tx timeout [ 89.532107] Bluetooth: hci7: command tx timeout [ 89.594085] Bluetooth: hci1: command tx timeout [ 89.594700] Bluetooth: hci6: command tx timeout [ 89.595209] Bluetooth: hci5: command tx timeout [ 89.595663] Bluetooth: hci4: command tx timeout [ 91.450085] Bluetooth: hci0: command tx timeout [ 91.516043] Bluetooth: hci3: command tx timeout [ 91.516449] Bluetooth: hci2: command tx timeout [ 91.579125] Bluetooth: hci7: command tx timeout [ 91.643223] Bluetooth: hci4: command tx timeout [ 91.643623] Bluetooth: hci5: command tx timeout [ 91.644034] Bluetooth: hci6: command tx timeout [ 91.644410] Bluetooth: hci1: command tx timeout [ 93.499068] Bluetooth: hci0: command tx timeout [ 93.562113] Bluetooth: hci2: command tx timeout [ 93.562519] Bluetooth: hci3: command tx timeout [ 93.626161] Bluetooth: hci7: command tx timeout [ 93.691091] Bluetooth: hci1: command tx timeout [ 93.691498] Bluetooth: hci6: command tx timeout [ 93.691878] Bluetooth: hci5: command tx timeout [ 93.692294] Bluetooth: hci4: command tx timeout [ 95.546137] Bluetooth: hci0: command tx timeout [ 95.610212] Bluetooth: hci3: command tx timeout [ 95.610610] Bluetooth: hci2: command tx timeout [ 95.675185] Bluetooth: hci7: command tx timeout [ 95.739078] Bluetooth: hci4: command tx timeout [ 95.739479] Bluetooth: hci5: command tx timeout [ 95.739849] Bluetooth: hci6: command tx timeout [ 95.740258] Bluetooth: hci1: command tx timeout VM DIAGNOSIS: 10:55:29 Registers: info registers vcpu 0 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5a45 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff88803312f2b8 R8 =0000000000000000 R9 =ffffed1001308046 R10=0000000000000032 R11=0000000000000001 R12=0000000000000032 R13=0000000000000010 R14=ffffffff8871dea0 R15=ffffffff828b5a30 RIP=ffffffff828b5a9d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555586005400 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7492857028 CR3=00000000358cc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000ff000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffffff81909321 RDX=1ffffd400003a398 RSI=0000000000000000 RDI=0000000000000000 RBP=ffffea00001d1cc0 RSP=ffff88801f2b7840 R8 =0000000000000000 R9 =fffff9400003a398 R10=ffffea00001d1cc7 R11=0000000000000001 R12=0000000007473025 R13=00007fa6ca7b8000 R14=ffff88801f2b7ce0 R15=0000000000000000 RIP=ffffffff81735918 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa6caa406f4 CR3=000000003584f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fa6caa4f47000007fa6caa4ef20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000