Warning: Permanently added '[localhost]:7156' (ECDSA) to the list of known hosts. 2025/09/01 11:09:49 fuzzer started 2025/09/01 11:09:49 dialing manager at localhost:35473 syzkaller login: [ 51.543426] cgroup: Unknown subsys name 'net' [ 51.601837] cgroup: Unknown subsys name 'cpuset' [ 51.628001] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:10:01 syscalls: 2214 2025/09/01 11:10:01 code coverage: enabled 2025/09/01 11:10:01 comparison tracing: enabled 2025/09/01 11:10:01 extra coverage: enabled 2025/09/01 11:10:01 setuid sandbox: enabled 2025/09/01 11:10:01 namespace sandbox: enabled 2025/09/01 11:10:01 Android sandbox: enabled 2025/09/01 11:10:01 fault injection: enabled 2025/09/01 11:10:01 leak checking: enabled 2025/09/01 11:10:01 net packet injection: enabled 2025/09/01 11:10:01 net device setup: enabled 2025/09/01 11:10:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:10:01 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:10:01 USB emulation: enabled 2025/09/01 11:10:01 hci packet injection: enabled 2025/09/01 11:10:01 wifi device emulation: enabled 2025/09/01 11:10:01 802.15.4 emulation: enabled 2025/09/01 11:10:01 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:10:01 fetching corpus: 41, signal 20458/24031 (executing program) 2025/09/01 11:10:01 fetching corpus: 91, signal 28755/33811 (executing program) 2025/09/01 11:10:01 fetching corpus: 141, signal 37229/43665 (executing program) 2025/09/01 11:10:01 fetching corpus: 191, signal 43394/51091 (executing program) 2025/09/01 11:10:01 fetching corpus: 241, signal 48192/57149 (executing program) 2025/09/01 11:10:01 fetching corpus: 291, signal 54284/64248 (executing program) 2025/09/01 11:10:01 fetching corpus: 341, signal 56761/67874 (executing program) 2025/09/01 11:10:01 fetching corpus: 391, signal 60238/72385 (executing program) 2025/09/01 11:10:02 fetching corpus: 441, signal 65602/78527 (executing program) 2025/09/01 11:10:02 fetching corpus: 490, signal 68759/82623 (executing program) 2025/09/01 11:10:02 fetching corpus: 540, signal 73320/87881 (executing program) 2025/09/01 11:10:02 fetching corpus: 590, signal 76562/91855 (executing program) 2025/09/01 11:10:02 fetching corpus: 640, signal 78040/94261 (executing program) 2025/09/01 11:10:02 fetching corpus: 690, signal 80534/97576 (executing program) 2025/09/01 11:10:02 fetching corpus: 740, signal 82117/100011 (executing program) 2025/09/01 11:10:02 fetching corpus: 789, signal 83938/102644 (executing program) 2025/09/01 11:10:02 fetching corpus: 839, signal 85938/105374 (executing program) 2025/09/01 11:10:02 fetching corpus: 889, signal 89099/108978 (executing program) 2025/09/01 11:10:03 fetching corpus: 939, signal 93389/113441 (executing program) 2025/09/01 11:10:03 fetching corpus: 989, signal 94584/115409 (executing program) 2025/09/01 11:10:03 fetching corpus: 1039, signal 96220/117645 (executing program) 2025/09/01 11:10:03 fetching corpus: 1088, signal 98241/120163 (executing program) 2025/09/01 11:10:03 fetching corpus: 1138, signal 99668/122198 (executing program) 2025/09/01 11:10:03 fetching corpus: 1187, signal 101092/124183 (executing program) 2025/09/01 11:10:03 fetching corpus: 1237, signal 102395/126021 (executing program) 2025/09/01 11:10:03 fetching corpus: 1287, signal 103779/127906 (executing program) 2025/09/01 11:10:03 fetching corpus: 1337, signal 104674/129432 (executing program) 2025/09/01 11:10:03 fetching corpus: 1387, signal 105892/131098 (executing program) 2025/09/01 11:10:03 fetching corpus: 1437, signal 107185/132843 (executing program) 2025/09/01 11:10:04 fetching corpus: 1487, signal 108709/134748 (executing program) 2025/09/01 11:10:04 fetching corpus: 1537, signal 110096/136504 (executing program) 2025/09/01 11:10:04 fetching corpus: 1587, signal 111199/138052 (executing program) 2025/09/01 11:10:04 fetching corpus: 1637, signal 112864/139940 (executing program) 2025/09/01 11:10:04 fetching corpus: 1687, signal 113899/141389 (executing program) 2025/09/01 11:10:04 fetching corpus: 1737, signal 114634/142638 (executing program) 2025/09/01 11:10:04 fetching corpus: 1787, signal 115371/143880 (executing program) 2025/09/01 11:10:04 fetching corpus: 1837, signal 116567/145377 (executing program) 2025/09/01 11:10:04 fetching corpus: 1887, signal 117240/146485 (executing program) 2025/09/01 11:10:04 fetching corpus: 1937, signal 120058/148892 (executing program) 2025/09/01 11:10:05 fetching corpus: 1987, signal 120900/150160 (executing program) 2025/09/01 11:10:05 fetching corpus: 2037, signal 121990/151479 (executing program) 2025/09/01 11:10:05 fetching corpus: 2087, signal 123077/152780 (executing program) 2025/09/01 11:10:05 fetching corpus: 2137, signal 123941/153976 (executing program) 2025/09/01 11:10:05 fetching corpus: 2187, signal 124471/154965 (executing program) 2025/09/01 11:10:05 fetching corpus: 2237, signal 125327/156094 (executing program) 2025/09/01 11:10:05 fetching corpus: 2287, signal 126982/157562 (executing program) 2025/09/01 11:10:05 fetching corpus: 2337, signal 127880/158679 (executing program) 2025/09/01 11:10:05 fetching corpus: 2387, signal 128970/159916 (executing program) 2025/09/01 11:10:05 fetching corpus: 2437, signal 129741/160928 (executing program) 2025/09/01 11:10:06 fetching corpus: 2487, signal 130926/162154 (executing program) 2025/09/01 11:10:06 fetching corpus: 2537, signal 131671/163062 (executing program) 2025/09/01 11:10:06 fetching corpus: 2587, signal 133425/164416 (executing program) 2025/09/01 11:10:06 fetching corpus: 2637, signal 134229/165337 (executing program) 2025/09/01 11:10:06 fetching corpus: 2687, signal 135173/166346 (executing program) 2025/09/01 11:10:06 fetching corpus: 2737, signal 136240/167375 (executing program) 2025/09/01 11:10:06 fetching corpus: 2787, signal 136772/168156 (executing program) 2025/09/01 11:10:06 fetching corpus: 2837, signal 137568/169023 (executing program) 2025/09/01 11:10:06 fetching corpus: 2887, signal 138376/169858 (executing program) 2025/09/01 11:10:06 fetching corpus: 2937, signal 139325/170778 (executing program) 2025/09/01 11:10:07 fetching corpus: 2986, signal 140204/171698 (executing program) 2025/09/01 11:10:07 fetching corpus: 3036, signal 140891/172428 (executing program) 2025/09/01 11:10:07 fetching corpus: 3085, signal 141270/173078 (executing program) 2025/09/01 11:10:07 fetching corpus: 3135, signal 141846/173780 (executing program) 2025/09/01 11:10:07 fetching corpus: 3185, signal 142495/174449 (executing program) 2025/09/01 11:10:07 fetching corpus: 3235, signal 143133/175108 (executing program) 2025/09/01 11:10:07 fetching corpus: 3285, signal 143691/175770 (executing program) 2025/09/01 11:10:07 fetching corpus: 3335, signal 144268/176436 (executing program) 2025/09/01 11:10:07 fetching corpus: 3385, signal 144676/177018 (executing program) 2025/09/01 11:10:07 fetching corpus: 3434, signal 145083/177578 (executing program) 2025/09/01 11:10:07 fetching corpus: 3484, signal 145792/178188 (executing program) 2025/09/01 11:10:07 fetching corpus: 3534, signal 146276/178771 (executing program) 2025/09/01 11:10:08 fetching corpus: 3584, signal 146639/179338 (executing program) 2025/09/01 11:10:08 fetching corpus: 3633, signal 147187/179901 (executing program) 2025/09/01 11:10:08 fetching corpus: 3683, signal 147753/180430 (executing program) 2025/09/01 11:10:08 fetching corpus: 3733, signal 148392/180981 (executing program) 2025/09/01 11:10:08 fetching corpus: 3783, signal 148776/181555 (executing program) 2025/09/01 11:10:08 fetching corpus: 3833, signal 149179/182041 (executing program) 2025/09/01 11:10:08 fetching corpus: 3882, signal 149915/182683 (executing program) 2025/09/01 11:10:08 fetching corpus: 3932, signal 150327/183168 (executing program) 2025/09/01 11:10:08 fetching corpus: 3982, signal 150842/183694 (executing program) 2025/09/01 11:10:08 fetching corpus: 4032, signal 151596/184196 (executing program) 2025/09/01 11:10:09 fetching corpus: 4082, signal 151958/184642 (executing program) 2025/09/01 11:10:09 fetching corpus: 4132, signal 152436/185100 (executing program) 2025/09/01 11:10:09 fetching corpus: 4182, signal 153099/185603 (executing program) 2025/09/01 11:10:09 fetching corpus: 4232, signal 153822/186034 (executing program) 2025/09/01 11:10:09 fetching corpus: 4282, signal 154808/186484 (executing program) 2025/09/01 11:10:09 fetching corpus: 4332, signal 155352/186867 (executing program) 2025/09/01 11:10:09 fetching corpus: 4382, signal 155692/187261 (executing program) 2025/09/01 11:10:09 fetching corpus: 4432, signal 156032/187640 (executing program) 2025/09/01 11:10:09 fetching corpus: 4482, signal 156347/188027 (executing program) 2025/09/01 11:10:09 fetching corpus: 4532, signal 156953/188417 (executing program) 2025/09/01 11:10:10 fetching corpus: 4582, signal 157472/188714 (executing program) 2025/09/01 11:10:10 fetching corpus: 4631, signal 158188/188741 (executing program) 2025/09/01 11:10:10 fetching corpus: 4680, signal 158796/188745 (executing program) 2025/09/01 11:10:10 fetching corpus: 4730, signal 159089/188752 (executing program) 2025/09/01 11:10:10 fetching corpus: 4780, signal 160903/188754 (executing program) 2025/09/01 11:10:10 fetching corpus: 4830, signal 161542/188762 (executing program) 2025/09/01 11:10:10 fetching corpus: 4880, signal 161966/188764 (executing program) 2025/09/01 11:10:10 fetching corpus: 4930, signal 162476/188774 (executing program) 2025/09/01 11:10:11 fetching corpus: 4979, signal 162984/188780 (executing program) 2025/09/01 11:10:11 fetching corpus: 5029, signal 163542/188784 (executing program) 2025/09/01 11:10:11 fetching corpus: 5079, signal 163948/188809 (executing program) 2025/09/01 11:10:11 fetching corpus: 5129, signal 164362/188877 (executing program) 2025/09/01 11:10:11 fetching corpus: 5179, signal 164885/188877 (executing program) 2025/09/01 11:10:11 fetching corpus: 5229, signal 165328/188877 (executing program) 2025/09/01 11:10:11 fetching corpus: 5278, signal 165639/188881 (executing program) 2025/09/01 11:10:11 fetching corpus: 5328, signal 166020/188886 (executing program) 2025/09/01 11:10:11 fetching corpus: 5378, signal 166377/188891 (executing program) 2025/09/01 11:10:11 fetching corpus: 5428, signal 166797/188892 (executing program) 2025/09/01 11:10:11 fetching corpus: 5478, signal 167124/188895 (executing program) 2025/09/01 11:10:12 fetching corpus: 5528, signal 167495/188895 (executing program) 2025/09/01 11:10:12 fetching corpus: 5578, signal 167907/188898 (executing program) 2025/09/01 11:10:12 fetching corpus: 5628, signal 168236/188966 (executing program) 2025/09/01 11:10:12 fetching corpus: 5678, signal 168716/188975 (executing program) 2025/09/01 11:10:12 fetching corpus: 5728, signal 169043/188987 (executing program) 2025/09/01 11:10:12 fetching corpus: 5777, signal 169497/188999 (executing program) 2025/09/01 11:10:12 fetching corpus: 5827, signal 170059/189032 (executing program) 2025/09/01 11:10:12 fetching corpus: 5877, signal 170535/189035 (executing program) 2025/09/01 11:10:12 fetching corpus: 5927, signal 171377/189049 (executing program) 2025/09/01 11:10:12 fetching corpus: 5977, signal 171727/189049 (executing program) 2025/09/01 11:10:12 fetching corpus: 6027, signal 172007/189066 (executing program) 2025/09/01 11:10:13 fetching corpus: 6077, signal 172315/189068 (executing program) 2025/09/01 11:10:13 fetching corpus: 6127, signal 172697/189070 (executing program) 2025/09/01 11:10:13 fetching corpus: 6177, signal 173063/189071 (executing program) 2025/09/01 11:10:13 fetching corpus: 6227, signal 173416/189074 (executing program) 2025/09/01 11:10:13 fetching corpus: 6277, signal 173659/189082 (executing program) 2025/09/01 11:10:13 fetching corpus: 6327, signal 174008/189093 (executing program) 2025/09/01 11:10:13 fetching corpus: 6376, signal 174217/189100 (executing program) 2025/09/01 11:10:13 fetching corpus: 6426, signal 174571/189109 (executing program) 2025/09/01 11:10:13 fetching corpus: 6476, signal 174901/189120 (executing program) 2025/09/01 11:10:13 fetching corpus: 6526, signal 175199/189125 (executing program) 2025/09/01 11:10:13 fetching corpus: 6576, signal 175432/189149 (executing program) 2025/09/01 11:10:13 fetching corpus: 6626, signal 175676/189150 (executing program) 2025/09/01 11:10:13 fetching corpus: 6676, signal 176023/189182 (executing program) 2025/09/01 11:10:14 fetching corpus: 6726, signal 176238/189194 (executing program) 2025/09/01 11:10:14 fetching corpus: 6776, signal 176597/189194 (executing program) 2025/09/01 11:10:14 fetching corpus: 6826, signal 176933/189195 (executing program) 2025/09/01 11:10:14 fetching corpus: 6875, signal 177108/189197 (executing program) 2025/09/01 11:10:14 fetching corpus: 6925, signal 177632/189201 (executing program) 2025/09/01 11:10:14 fetching corpus: 6975, signal 177936/189210 (executing program) 2025/09/01 11:10:14 fetching corpus: 7025, signal 178102/189218 (executing program) 2025/09/01 11:10:14 fetching corpus: 7074, signal 178479/189219 (executing program) 2025/09/01 11:10:14 fetching corpus: 7124, signal 178813/189262 (executing program) 2025/09/01 11:10:14 fetching corpus: 7174, signal 179314/189265 (executing program) 2025/09/01 11:10:15 fetching corpus: 7224, signal 179667/189266 (executing program) 2025/09/01 11:10:15 fetching corpus: 7274, signal 180018/189272 (executing program) 2025/09/01 11:10:15 fetching corpus: 7324, signal 180373/189274 (executing program) 2025/09/01 11:10:15 fetching corpus: 7374, signal 180621/189278 (executing program) 2025/09/01 11:10:15 fetching corpus: 7423, signal 180937/189280 (executing program) 2025/09/01 11:10:15 fetching corpus: 7473, signal 181223/189282 (executing program) 2025/09/01 11:10:15 fetching corpus: 7522, signal 181556/189291 (executing program) 2025/09/01 11:10:15 fetching corpus: 7572, signal 181901/189301 (executing program) 2025/09/01 11:10:15 fetching corpus: 7622, signal 182494/189306 (executing program) 2025/09/01 11:10:15 fetching corpus: 7671, signal 182915/189314 (executing program) 2025/09/01 11:10:15 fetching corpus: 7721, signal 183251/189320 (executing program) 2025/09/01 11:10:16 fetching corpus: 7771, signal 183635/189332 (executing program) 2025/09/01 11:10:16 fetching corpus: 7821, signal 183878/189339 (executing program) 2025/09/01 11:10:16 fetching corpus: 7870, signal 184142/189343 (executing program) 2025/09/01 11:10:16 fetching corpus: 7920, signal 184372/189346 (executing program) 2025/09/01 11:10:16 fetching corpus: 7970, signal 184636/189347 (executing program) 2025/09/01 11:10:16 fetching corpus: 8020, signal 184921/189356 (executing program) 2025/09/01 11:10:16 fetching corpus: 8070, signal 185187/189402 (executing program) 2025/09/01 11:10:16 fetching corpus: 8120, signal 185604/189404 (executing program) 2025/09/01 11:10:16 fetching corpus: 8170, signal 186086/189411 (executing program) 2025/09/01 11:10:16 fetching corpus: 8220, signal 186309/189413 (executing program) 2025/09/01 11:10:16 fetching corpus: 8270, signal 186580/189421 (executing program) 2025/09/01 11:10:16 fetching corpus: 8320, signal 186893/189431 (executing program) 2025/09/01 11:10:16 fetching corpus: 8339, signal 186962/189432 (executing program) 2025/09/01 11:10:16 fetching corpus: 8339, signal 186962/189432 (executing program) 2025/09/01 11:10:19 starting 8 fuzzer processes 11:10:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{0x5}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 11:10:19 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000001c0)={0x5, {{0x2, 0x0, @multicast2}}, 0x1, 0x1, [{{0x2, 0x0, @multicast1}}]}, 0x110) 11:10:19 executing program 6: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r1) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x80, r2, 0x425, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_batadv\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:fuse_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}]}, 0x80}}, 0x0) 11:10:19 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_readv(r0, &(0x7f0000000700)=[{&(0x7f0000000000)=""/246, 0xf6}, {0x0}, {&(0x7f0000000140)=""/201, 0xc9}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0, 0x0, 0x0) 11:10:19 executing program 2: creat(&(0x7f00000003c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB, @ANYRESHEX, @ANYRESDEC]) 11:10:19 executing program 3: futex(0x0, 0xa, 0x0, 0x0, 0x0, 0x0) [ 81.296558] audit: type=1400 audit(1756725019.636:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:10:19 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x12, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000100), 0x0, 0x4) syz_io_uring_setup(0x2b43, &(0x7f0000000140)={0x0, 0x0, 0x2, 0x0, 0xd8}, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0) 11:10:19 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/igmp6\x00') pread64(r0, &(0x7f0000000200)=""/183, 0xb7, 0x0) [ 82.588860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.591459] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.594733] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.599132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.601657] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.612365] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.621684] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.623675] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.637986] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.648545] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.659121] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.661812] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.664041] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.666987] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.668667] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.676166] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.687780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.690215] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.694865] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.702801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.751877] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.753455] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 82.756551] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.758137] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 82.761760] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.764180] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 82.773612] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.782900] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 82.784950] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 82.786580] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 82.787827] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 82.790618] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 82.792301] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 82.793629] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 82.793727] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 82.800163] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 82.803930] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 82.814448] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.828728] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 82.831141] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 84.683464] Bluetooth: hci1: command tx timeout [ 84.683470] Bluetooth: hci0: command tx timeout [ 84.809357] Bluetooth: hci2: command tx timeout [ 84.810467] Bluetooth: hci3: command tx timeout [ 84.874965] Bluetooth: hci7: command tx timeout [ 84.875018] Bluetooth: hci6: command tx timeout [ 84.876836] Bluetooth: hci4: command tx timeout [ 84.877016] Bluetooth: hci5: command tx timeout [ 86.729336] Bluetooth: hci0: command tx timeout [ 86.729847] Bluetooth: hci1: command tx timeout [ 86.857334] Bluetooth: hci2: command tx timeout [ 86.858300] Bluetooth: hci3: command tx timeout [ 86.921382] Bluetooth: hci6: command tx timeout [ 86.921476] Bluetooth: hci5: command tx timeout [ 86.921854] Bluetooth: hci4: command tx timeout [ 86.922805] Bluetooth: hci7: command tx timeout [ 88.777454] Bluetooth: hci1: command tx timeout [ 88.778028] Bluetooth: hci0: command tx timeout [ 88.905319] Bluetooth: hci3: command tx timeout [ 88.905732] Bluetooth: hci2: command tx timeout [ 88.969425] Bluetooth: hci5: command tx timeout [ 88.969841] Bluetooth: hci6: command tx timeout [ 88.970217] Bluetooth: hci4: command tx timeout [ 88.970630] Bluetooth: hci7: command tx timeout [ 90.825350] Bluetooth: hci0: command tx timeout [ 90.825808] Bluetooth: hci1: command tx timeout [ 90.953380] Bluetooth: hci2: command tx timeout [ 90.953967] Bluetooth: hci3: command tx timeout [ 91.018284] Bluetooth: hci7: command tx timeout [ 91.018714] Bluetooth: hci4: command tx timeout [ 91.019103] Bluetooth: hci6: command tx timeout [ 91.019907] Bluetooth: hci5: command tx timeout [ 121.714396] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.715065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.798663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.799555] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.928564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.929204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.023575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.024215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.143522] audit: type=1400 audit(1756725060.488:8): avc: denied { open } for pid=3831 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.146018] audit: type=1400 audit(1756725060.488:9): avc: denied { kernel } for pid=3831 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.150014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.150690] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.190580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.191175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.198643] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 122.200393] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 122.201670] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 122.202711] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [ 122.203912] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 122.206859] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.207773] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.208567] Buffer I/O error on dev sr0, logical block 0, async page read [ 122.218518] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.218993] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.219842] Buffer I/O error on dev sr0, logical block 1, async page read [ 122.233621] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.234098] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.234903] Buffer I/O error on dev sr0, logical block 2, async page read [ 122.249990] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.250504] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.251187] Buffer I/O error on dev sr0, logical block 3, async page read [ 122.258348] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.258826] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.259543] Buffer I/O error on dev sr0, logical block 4, async page read [ 122.265358] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.265833] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.266556] Buffer I/O error on dev sr0, logical block 5, async page read [ 122.268343] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.268820] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.269534] Buffer I/O error on dev sr0, logical block 6, async page read [ 122.272354] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.272833] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.273656] Buffer I/O error on dev sr0, logical block 7, async page read [ 122.282815] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.283484] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 122.284330] Buffer I/O error on dev sr0, logical block 0, async page read [ 122.288946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.289557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.292637] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.293117] Buffer I/O error on dev sr0, logical block 1, async page read [ 122.295364] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.296076] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.306457] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.307065] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.310965] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.311627] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.336539] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.337149] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.355668] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.361840] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.362558] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.363139] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 122.381747] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 11:11:00 executing program 4: syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4000, 0x0) [ 122.460952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.462270] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:11:00 executing program 4: syz_emit_ethernet(0x12, &(0x7f0000000040)={@empty, @broadcast, @val={@void}, {@generic={0x8100}}}, 0x0) 11:11:00 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[]) mount_setattr(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x20000}, 0x20) [ 122.669561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.670175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:11:01 executing program 5: r0 = socket$inet(0x2, 0x3, 0x6) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000000)={{{@in=@multicast2, @in6=@loopback}}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, @in=@multicast1}}, 0xe8) [ 122.741651] 9pnet_fd: Insufficient options for proto=fd 11:11:01 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000080)='J', 0x7ffff000}], 0x2, 0x0) [ 122.749536] 9pnet_fd: Insufficient options for proto=fd [ 122.756059] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.756773] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:11:01 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE2(r0, 0x5322, 0x0) 11:11:01 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000080)='J', 0x7ffff000}], 0x2, 0x0) 11:11:01 executing program 2: creat(&(0x7f00000003c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB, @ANYRESHEX, @ANYRESDEC]) [ 122.893118] 9pnet_fd: Insufficient options for proto=fd [ 123.016075] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.016979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.123955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.125961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.514799] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.516110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.516669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.517735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.577023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.578215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.626826] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.627557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:11:02 executing program 2: creat(&(0x7f00000003c0)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB, @ANYRESHEX, @ANYRESDEC]) 11:11:02 executing program 4: semget$private(0x0, 0x3, 0x0) 11:11:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) 11:11:02 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000080)='J', 0x7ffff000}], 0x2, 0x0) 11:11:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000001c0)={0x5, {{0x2, 0x0, @multicast2}}, 0x1, 0x1, [{{0x2, 0x0, @multicast1}}]}, 0x110) 11:11:02 executing program 3: futex(0x0, 0xa, 0x0, 0x0, 0x0, 0x0) 11:11:02 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_readv(r0, &(0x7f0000000700)=[{&(0x7f0000000000)=""/246, 0xf6}, {0x0}, {&(0x7f0000000140)=""/201, 0xc9}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0, 0x0, 0x0) 11:11:02 executing program 6: r0 = io_uring_setup(0x5053, &(0x7f0000000140)) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x15, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) [ 124.088258] 9pnet_fd: Insufficient options for proto=fd 11:11:02 executing program 3: futex(0x0, 0xa, 0x0, 0x0, 0x0, 0x0) [ 124.122681] kmemleak: Found object by alias at 0x607f1a639b74 [ 124.122697] CPU: 0 UID: 0 PID: 3926 Comm: syz-executor.2 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 124.122715] Tainted: [W]=WARN [ 124.122719] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.122726] Call Trace: [ 124.122730] [ 124.122735] dump_stack_lvl+0xca/0x120 [ 124.122766] __lookup_object+0x94/0xb0 [ 124.122785] delete_object_full+0x27/0x70 [ 124.122801] free_percpu+0x30/0x1160 [ 124.122823] ? arch_uprobe_clear_state+0x16/0x140 [ 124.122843] futex_hash_free+0x38/0xc0 [ 124.122858] mmput+0x2d3/0x390 [ 124.122877] do_exit+0x79d/0x2970 [ 124.122895] ? __pfx_do_exit+0x10/0x10 [ 124.122910] ? find_held_lock+0x2b/0x80 [ 124.122928] ? get_signal+0x835/0x2340 [ 124.122948] do_group_exit+0xd3/0x2a0 [ 124.122963] get_signal+0x2315/0x2340 [ 124.122981] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 124.122999] ? __pfx_get_signal+0x10/0x10 [ 124.123016] ? __schedule+0xe91/0x3590 [ 124.123038] arch_do_signal_or_restart+0x80/0x790 [ 124.123056] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 124.123073] ? __x64_sys_futex+0x1c9/0x4d0 [ 124.123085] ? __x64_sys_futex+0x1d2/0x4d0 [ 124.123104] ? __pfx___x64_sys_futex+0x10/0x10 [ 124.123118] ? xfd_validate_state+0x55/0x180 [ 124.123140] exit_to_user_mode_loop+0x8b/0x110 [ 124.123153] do_syscall_64+0x2f7/0x360 [ 124.123166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.123179] RIP: 0033:0x7f4ddf889b19 [ 124.123188] Code: Unable to access opcode bytes at 0x7f4ddf889aef. [ 124.123193] RSP: 002b:00007f4ddcdff218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.123205] RAX: 0000000000000001 RBX: 00007f4ddf99cf68 RCX: 00007f4ddf889b19 [ 124.123213] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4ddf99cf6c [ 124.123220] RBP: 00007f4ddf99cf60 R08: 000000000000005c R09: 0000000000000000 [ 124.123227] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f4ddf99cf6c [ 124.123235] R13: 00007ffdca6aac6f R14: 00007f4ddcdff300 R15: 0000000000022000 [ 124.123251] [ 124.123255] kmemleak: Object (percpu) 0x607f1a639b70 (size 8): [ 124.123262] kmemleak: comm "syz-executor.6", pid 283, jiffies 4294789823 [ 124.123269] kmemleak: min_count = 1 [ 124.123273] kmemleak: count = 0 [ 124.123276] kmemleak: flags = 0x21 [ 124.123280] kmemleak: checksum = 0 [ 124.123284] kmemleak: backtrace: [ 124.123287] pcpu_alloc_noprof+0x87a/0x1170 [ 124.123303] __alloc_workqueue+0x74b/0x1820 [ 124.123321] alloc_workqueue_noprof+0xc7/0x200 [ 124.123331] ieee80211_register_hw+0x1ec5/0x3e00 [ 124.123344] mac80211_hwsim_new_radio+0x2758/0x4ef0 [ 124.123358] hwsim_new_radio_nl+0xb0d/0x1250 [ 124.123370] genl_family_rcv_msg_doit+0x1fe/0x2f0 [ 124.123382] genl_rcv_msg+0x532/0x7e0 [ 124.123392] netlink_rcv_skb+0x147/0x430 [ 124.123409] genl_rcv+0x28/0x40 [ 124.123418] netlink_unicast+0x5a7/0x870 [ 124.123434] netlink_sendmsg+0x8ac/0xd80 [ 124.123450] __sys_sendto+0x506/0x570 [ 124.123465] __x64_sys_sendto+0xe1/0x1c0 [ 124.123480] do_syscall_64+0xbf/0x360 [ 124.123489] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:11:02 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_secret(0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000002, 0x13, r0, 0x0) mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) syz_open_procfs(0xffffffffffffffff, 0x0) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) 11:11:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000001c0)={0x5, {{0x2, 0x0, @multicast2}}, 0x1, 0x1, [{{0x2, 0x0, @multicast1}}]}, 0x110) 11:11:02 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x18, &(0x7f0000000000), 0x4) 11:11:02 executing program 7: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_readv(r0, &(0x7f0000000700)=[{&(0x7f0000000000)=""/246, 0xf6}, {0x0}, {&(0x7f0000000140)=""/201, 0xc9}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0, 0x0, 0x0) 11:11:02 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000080)='J', 0x7ffff000}], 0x2, 0x0) [ 124.216115] Oops: general protection fault, probably for non-canonical address 0xedfffc0000000032: 0000 [#1] SMP KASAN NOPTI [ 124.217030] KASAN: maybe wild-memory-access in range [0x7000000000000190-0x7000000000000197] [ 124.217673] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.4 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 124.219049] Tainted: [W]=WARN [ 124.219769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.221405] RIP: 0010:perf_tp_event+0x175/0xe70 11:11:02 executing program 6: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000380)='net/ip_tables_names\x00') [ 124.222483] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.226011] RSP: 0018:ffff88804598f780 EFLAGS: 00010012 [ 124.226444] RAX: 0e00000000000032 RBX: 6fffffffffffffa0 RCX: ffffc90005a0a000 [ 124.227043] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 7000000000000190 [ 124.227639] RBP: ffff88804598f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc11b70 [ 124.228233] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 124.228842] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 124.229434] FS: 00007f7cff533700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 124.230125] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.230603] CR2: 00007f7d020d1018 CR3: 000000001eb0c000 CR4: 0000000000350ef0 [ 124.231183] Call Trace: [ 124.231400] [ 124.231594] ? __pfx_perf_tp_event+0x10/0x10 [ 124.232006] ? __asan_memcpy+0x3d/0x60 [ 124.232343] ? __pfx_visit_groups_merge.constprop.0.isra.0+0x10/0x10 [ 124.232877] ? lock_is_held_type+0x9e/0x120 [ 124.233254] ? ctx_sched_in+0x134/0x9b0 [ 124.233590] ? css_rstat_updated+0x1b8/0x4d0 [ 124.233975] ? __pfx_css_rstat_updated+0x10/0x10 [ 124.234382] ? lock_is_held_type+0x9e/0x120 [ 124.234756] ? perf_trace_run_bpf_submit+0xef/0x180 [ 124.235174] ? lock_is_held_type+0x9e/0x120 [ 124.235542] perf_trace_run_bpf_submit+0xef/0x180 [ 124.235975] perf_trace_preemptirq_template+0x259/0x430 [ 124.236412] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.236883] ? lock_is_held_type+0x9e/0x120 [ 124.237250] ? find_held_lock+0x2b/0x80 [ 124.237593] ? try_to_wake_up+0x8ae/0x11d0 [ 124.237954] ? _raw_spin_unlock_irqrestore+0x2c/0x50 [ 124.238381] trace_irq_enable.constprop.0+0xa6/0x100 [ 124.238815] trace_hardirqs_on+0x26/0x40 [ 124.239159] _raw_spin_unlock_irqrestore+0x2c/0x50 [ 124.239602] try_to_wake_up+0x8ae/0x11d0 [ 124.239975] ? __pfx_try_to_wake_up+0x10/0x10 [ 124.240361] ? plist_del+0x122/0x270 [ 124.240686] ? find_held_lock+0x2b/0x80 [ 124.241044] ? futex_wake+0x474/0x540 [ 124.241376] wake_up_q+0xa1/0x130 [ 124.241681] futex_wake+0x47e/0x540 [ 124.242002] ? __pfx_futex_wake+0x10/0x10 [ 124.242362] ? __do_sys_perf_event_open+0x44d/0x2c20 [ 124.242784] ? lock_release+0xc8/0x290 [ 124.243124] do_futex+0x26d/0x370 [ 124.243428] ? __pfx_do_futex+0x10/0x10 [ 124.243775] __x64_sys_futex+0x1c9/0x4d0 [ 124.244142] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.244640] ? __pfx___x64_sys_futex+0x10/0x10 [ 124.245040] ? xfd_validate_state+0x55/0x180 [ 124.245446] do_syscall_64+0xbf/0x360 [ 124.245769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.246208] RIP: 0033:0x7f7d01fbdb19 [ 124.246518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.248028] RSP: 002b:00007f7cff533218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.248629] RAX: ffffffffffffffda RBX: 00007f7d020d0f68 RCX: 00007f7d01fbdb19 [ 124.249298] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7d020d0f6c [ 124.250026] RBP: 00007f7d020d0f60 R08: 000000000000000e R09: 0000000000000000 [ 124.250754] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7d020d0f6c [ 124.251458] R13: 00007ffc7f27cf0f R14: 00007f7cff533300 R15: 0000000000022000 [ 124.252132] [ 124.252337] Modules linked in: [ 124.252610] ---[ end trace 0000000000000000 ]--- [ 124.253012] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.253427] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.254944] RSP: 0018:ffff88804598f780 EFLAGS: 00010012 [ 124.255397] RAX: 0e00000000000032 RBX: 6fffffffffffffa0 RCX: ffffc90005a0a000 [ 124.255998] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 7000000000000190 [ 124.256541] RBP: ffff88804598f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc11b70 [ 124.257092] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 124.257676] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 124.258253] FS: 00007f7cff533700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 124.258904] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.259376] CR2: 00007f7d020d1018 CR3: 000000001eb0c000 CR4: 0000000000350ef0 [ 124.259973] note: syz-executor.4[3939] exited with irqs disabled [ 124.260502] Oops: general protection fault, probably for non-canonical address 0xedfffc0000000032: 0000 [#2] SMP KASAN NOPTI [ 124.261380] KASAN: maybe wild-memory-access in range [0x7000000000000190-0x7000000000000197] [ 124.262049] CPU: 0 UID: 0 PID: 3939 Comm: syz-executor.4 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 124.262990] Tainted: [D]=DIE, [W]=WARN [ 124.263298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 124.263957] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.264338] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.265775] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012 [ 124.266200] RAX: 0e00000000000032 RBX: 6fffffffffffffa0 RCX: ffffffff818998a3 [ 124.266765] RDX: ffff888044b59b80 RSI: ffffffff8189a4e7 RDI: 7000000000000190 [ 124.267328] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc11b70 [ 124.267898] R10: 0000000000000000 R11: ffff88806ce37018 R12: dffffc0000000000 [ 124.268460] R13: 0000000000000000 R14: ffff88806ce313e8 R15: dffffc0000000000 [ 124.269033] FS: 00007f7cff533700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 124.269690] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.270163] CR2: 00007f7d020d1018 CR3: 000000001eb0c000 CR4: 0000000000350ef0 [ 124.270756] Call Trace: [ 124.270968] [ 124.271155] ? __pfx_perf_tp_event+0x10/0x10 [ 124.271522] ? check_preempt_wakeup_fair+0x6e/0x950 [ 124.272015] ? wakeup_preempt+0x140/0x2a0 [ 124.272350] ? lock_release+0x1c7/0x290 [ 124.272676] ? lock_release+0x1c7/0x290 [ 124.273001] ? do_raw_spin_unlock+0x53/0x220 [ 124.273360] ? _raw_spin_unlock_irqrestore+0x22/0x50 [ 124.273777] ? try_to_wake_up+0x8ae/0x11d0 [ 124.274121] ? do_raw_spin_lock+0x123/0x260 [ 124.274469] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 124.274861] ? perf_trace_run_bpf_submit+0xef/0x180 [ 124.275262] perf_trace_run_bpf_submit+0xef/0x180 [ 124.275654] perf_trace_preemptirq_template+0x259/0x430 [ 124.276109] ? read_tsc+0x9/0x20 [ 124.276407] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 124.276894] ? clockevents_program_event+0x135/0x360 [ 124.277323] ? tick_program_event+0xac/0x140 [ 124.277697] ? handle_softirqs+0x16e/0x770 [ 124.278053] trace_irq_enable.constprop.0+0xa6/0x100 [ 124.278475] trace_hardirqs_on+0x26/0x40 [ 124.278829] handle_softirqs+0x16e/0x770 [ 124.279180] __irq_exit_rcu+0xc4/0x100 [ 124.279502] irq_exit_rcu+0x9/0x20 [ 124.279794] sysvec_apic_timer_interrupt+0x70/0x80 [ 124.280201] [ 124.280382] [ 124.280564] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 124.280988] RIP: 0010:make_task_dead+0xa2/0x3b0 [ 124.281365] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de [ 124.282814] RSP: 0018:ffff88804598ff28 EFLAGS: 00000246 [ 124.283231] RAX: 0000000000000001 RBX: ffff888044b59b80 RCX: ffffffff817c3ab6 [ 124.283795] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234 [ 124.284368] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 124.284935] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff888044b59b80 [ 124.285496] R13: 0000000000000000 R14: edfffc0000000032 R15: 0000000000000000 [ 124.286063] ? trace_irq_enable.constprop.0+0x26/0x100 [ 124.286480] ? make_task_dead+0x214/0x3b0 [ 124.286826] ? make_task_dead+0x214/0x3b0 [ 124.287160] ? do_syscall_64+0xbf/0x360 [ 124.287477] rewind_stack_and_make_dead+0x16/0x20 [ 124.287883] RIP: 0033:0x7f7d01fbdb19 [ 124.288186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.289658] RSP: 002b:00007f7cff533218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.290285] RAX: ffffffffffffffda RBX: 00007f7d020d0f68 RCX: 00007f7d01fbdb19 [ 124.290881] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7d020d0f6c [ 124.291459] RBP: 00007f7d020d0f60 R08: 000000000000000e R09: 0000000000000000 [ 124.292046] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7d020d0f6c [ 124.292607] R13: 00007ffc7f27cf0f R14: 00007f7cff533300 R15: 0000000000022000 [ 124.293190] [ 124.293383] Modules linked in: [ 124.293635] ---[ end trace 0000000000000000 ]--- [ 124.293993] RIP: 0010:perf_tp_event+0x175/0xe70 [ 124.294349] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01 [ 124.295688] RSP: 0018:ffff88804598f780 EFLAGS: 00010012 [ 124.296095] RAX: 0e00000000000032 RBX: 6fffffffffffffa0 RCX: ffffc90005a0a000 [ 124.296620] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 7000000000000190 [ 124.297150] RBP: ffff88804598f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc11b70 [ 124.297683] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 124.298205] R13: 0000000000000000 R14: ffff88806ce31340 R15: dffffc0000000000 [ 124.298740] FS: 00007f7cff533700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000 [ 124.299329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.299763] CR2: 00007f7d020d1018 CR3: 000000001eb0c000 CR4: 0000000000350ef0 [ 124.300300] Kernel panic - not syncing: Fatal exception in interrupt [ 124.301022] Kernel Offset: disabled [ 124.301319] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- VM DIAGNOSIS: 11:11:02 Registers: info registers vcpu 0 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff828e5070 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88804598f078 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000065646f43 R12=00000000000000d7 R13=ffffffff88729290 R14=ffffffff88729240 R15=ffffffff88729500 RIP=ffffffff828e50c5 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7cff533700 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe5800000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7d020d1018 CR3=000000001eb0c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f7d020a47c000007f7d020a47c8 XMM02=00007f7d020a47e000007f7d020a47c0 XMM03=00007f7d020a47c800007f7d020a47c0 XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=1ffff1100383ef66 RBX=0000000000000009 RCX=0000000000000001 RDX=0000000000002800 RSI=000000000000000f RDI=ffff88801c1f7b30 RBP=dffffc0000000000 RSP=ffff88801c1f7a58 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000003 R12=000000000000000f R13=0000000000002800 R14=ffff88801c1f7ae8 R15=ffff888008c41780 RIP=ffffffff8160895a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555573ed9400 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe4c00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7bb4f593a4 CR3=000000003793f000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00000000ff000000000000000000ff XMM01=25252525252525252525252525252525 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000