Debian GNU/Linux 11 syzkaller ttyS0
Warning: Permanently added '[localhost]:9308' (ECDSA) to the list of known hosts.
2025/09/01 11:46:10 fuzzer started
2025/09/01 11:46:10 dialing manager at localhost:35473
syzkaller login: [ 50.941250] cgroup: Unknown subsys name 'net'
[ 50.991695] cgroup: Unknown subsys name 'cpuset'
[ 51.008565] cgroup: Unknown subsys name 'rlimit'
2025/09/01 11:46:21 syscalls: 2214
2025/09/01 11:46:21 code coverage: enabled
2025/09/01 11:46:21 comparison tracing: enabled
2025/09/01 11:46:21 extra coverage: enabled
2025/09/01 11:46:21 setuid sandbox: enabled
2025/09/01 11:46:21 namespace sandbox: enabled
2025/09/01 11:46:21 Android sandbox: enabled
2025/09/01 11:46:21 fault injection: enabled
2025/09/01 11:46:21 leak checking: enabled
2025/09/01 11:46:21 net packet injection: enabled
2025/09/01 11:46:21 net device setup: enabled
2025/09/01 11:46:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2025/09/01 11:46:21 devlink PCI setup: PCI device 0000:00:10.0 is not available
2025/09/01 11:46:21 USB emulation: enabled
2025/09/01 11:46:21 hci packet injection: enabled
2025/09/01 11:46:21 wifi device emulation: enabled
2025/09/01 11:46:21 802.15.4 emulation: enabled
2025/09/01 11:46:21 fetching corpus: 0, signal 0/2000 (executing program)
2025/09/01 11:46:21 fetching corpus: 50, signal 19168/22747 (executing program)
2025/09/01 11:46:21 fetching corpus: 100, signal 31339/36376 (executing program)
2025/09/01 11:46:21 fetching corpus: 150, signal 38729/45116 (executing program)
2025/09/01 11:46:21 fetching corpus: 200, signal 46941/54511 (executing program)
2025/09/01 11:46:21 fetching corpus: 250, signal 53948/62601 (executing program)
2025/09/01 11:46:21 fetching corpus: 300, signal 56683/66584 (executing program)
2025/09/01 11:46:21 fetching corpus: 350, signal 61010/72018 (executing program)
2025/09/01 11:46:21 fetching corpus: 400, signal 64689/76716 (executing program)
2025/09/01 11:46:22 fetching corpus: 450, signal 68318/81275 (executing program)
2025/09/01 11:46:22 fetching corpus: 500, signal 71967/85780 (executing program)
2025/09/01 11:46:22 fetching corpus: 550, signal 74321/89098 (executing program)
2025/09/01 11:46:22 fetching corpus: 600, signal 77741/93280 (executing program)
2025/09/01 11:46:22 fetching corpus: 650, signal 79130/95654 (executing program)
2025/09/01 11:46:22 fetching corpus: 700, signal 80730/98184 (executing program)
2025/09/01 11:46:22 fetching corpus: 750, signal 83844/101924 (executing program)
2025/09/01 11:46:22 fetching corpus: 800, signal 85766/104656 (executing program)
2025/09/01 11:46:22 fetching corpus: 850, signal 87700/107356 (executing program)
2025/09/01 11:46:23 fetching corpus: 900, signal 89809/110127 (executing program)
2025/09/01 11:46:23 fetching corpus: 950, signal 91532/112569 (executing program)
2025/09/01 11:46:23 fetching corpus: 1000, signal 93536/115184 (executing program)
2025/09/01 11:46:23 fetching corpus: 1050, signal 94999/117387 (executing program)
2025/09/01 11:46:23 fetching corpus: 1100, signal 96980/119827 (executing program)
2025/09/01 11:46:23 fetching corpus: 1150, signal 98557/121977 (executing program)
2025/09/01 11:46:23 fetching corpus: 1200, signal 99997/124012 (executing program)
2025/09/01 11:46:23 fetching corpus: 1250, signal 101023/125765 (executing program)
2025/09/01 11:46:23 fetching corpus: 1300, signal 103111/128255 (executing program)
2025/09/01 11:46:23 fetching corpus: 1350, signal 105904/131157 (executing program)
2025/09/01 11:46:24 fetching corpus: 1400, signal 107198/132959 (executing program)
2025/09/01 11:46:24 fetching corpus: 1450, signal 109026/135150 (executing program)
2025/09/01 11:46:24 fetching corpus: 1500, signal 110555/137078 (executing program)
2025/09/01 11:46:24 fetching corpus: 1550, signal 111656/138624 (executing program)
2025/09/01 11:46:24 fetching corpus: 1600, signal 112451/139942 (executing program)
2025/09/01 11:46:24 fetching corpus: 1650, signal 113578/141505 (executing program)
2025/09/01 11:46:24 fetching corpus: 1700, signal 115239/143395 (executing program)
2025/09/01 11:46:24 fetching corpus: 1750, signal 119351/146803 (executing program)
2025/09/01 11:46:24 fetching corpus: 1800, signal 120521/148319 (executing program)
2025/09/01 11:46:24 fetching corpus: 1850, signal 122020/149957 (executing program)
2025/09/01 11:46:25 fetching corpus: 1900, signal 123086/151321 (executing program)
2025/09/01 11:46:25 fetching corpus: 1950, signal 124028/152625 (executing program)
2025/09/01 11:46:25 fetching corpus: 2000, signal 124723/153743 (executing program)
2025/09/01 11:46:25 fetching corpus: 2050, signal 125521/154932 (executing program)
2025/09/01 11:46:25 fetching corpus: 2100, signal 126551/156216 (executing program)
2025/09/01 11:46:25 fetching corpus: 2150, signal 127593/157457 (executing program)
2025/09/01 11:46:25 fetching corpus: 2200, signal 128510/158594 (executing program)
2025/09/01 11:46:25 fetching corpus: 2250, signal 129205/159692 (executing program)
2025/09/01 11:46:25 fetching corpus: 2300, signal 130436/161044 (executing program)
2025/09/01 11:46:25 fetching corpus: 2350, signal 131392/162290 (executing program)
2025/09/01 11:46:25 fetching corpus: 2400, signal 132005/163260 (executing program)
2025/09/01 11:46:26 fetching corpus: 2450, signal 132921/164319 (executing program)
2025/09/01 11:46:26 fetching corpus: 2500, signal 133875/165417 (executing program)
2025/09/01 11:46:26 fetching corpus: 2550, signal 134830/166506 (executing program)
2025/09/01 11:46:26 fetching corpus: 2600, signal 135567/167488 (executing program)
2025/09/01 11:46:26 fetching corpus: 2650, signal 136307/168398 (executing program)
2025/09/01 11:46:26 fetching corpus: 2700, signal 136886/169197 (executing program)
2025/09/01 11:46:26 fetching corpus: 2750, signal 137715/170187 (executing program)
2025/09/01 11:46:26 fetching corpus: 2800, signal 138383/171079 (executing program)
2025/09/01 11:46:26 fetching corpus: 2850, signal 139296/172011 (executing program)
2025/09/01 11:46:26 fetching corpus: 2900, signal 139940/172835 (executing program)
2025/09/01 11:46:27 fetching corpus: 2950, signal 140575/173649 (executing program)
2025/09/01 11:46:27 fetching corpus: 3000, signal 141180/174412 (executing program)
2025/09/01 11:46:27 fetching corpus: 3050, signal 142238/175333 (executing program)
2025/09/01 11:46:27 fetching corpus: 3100, signal 142720/176038 (executing program)
2025/09/01 11:46:27 fetching corpus: 3150, signal 143598/176853 (executing program)
2025/09/01 11:46:27 fetching corpus: 3200, signal 144247/177574 (executing program)
2025/09/01 11:46:27 fetching corpus: 3250, signal 145084/178356 (executing program)
2025/09/01 11:46:27 fetching corpus: 3300, signal 145498/178962 (executing program)
2025/09/01 11:46:27 fetching corpus: 3350, signal 145959/179591 (executing program)
2025/09/01 11:46:27 fetching corpus: 3400, signal 146850/180327 (executing program)
2025/09/01 11:46:28 fetching corpus: 3450, signal 147707/181060 (executing program)
2025/09/01 11:46:28 fetching corpus: 3500, signal 148367/181679 (executing program)
2025/09/01 11:46:28 fetching corpus: 3550, signal 148850/182278 (executing program)
2025/09/01 11:46:28 fetching corpus: 3600, signal 149314/182830 (executing program)
2025/09/01 11:46:28 fetching corpus: 3650, signal 149890/183405 (executing program)
2025/09/01 11:46:28 fetching corpus: 3700, signal 150571/184023 (executing program)
2025/09/01 11:46:28 fetching corpus: 3750, signal 151219/184579 (executing program)
2025/09/01 11:46:28 fetching corpus: 3800, signal 151647/185115 (executing program)
2025/09/01 11:46:28 fetching corpus: 3850, signal 152252/185690 (executing program)
2025/09/01 11:46:28 fetching corpus: 3900, signal 152719/186214 (executing program)
2025/09/01 11:46:28 fetching corpus: 3950, signal 153345/186764 (executing program)
2025/09/01 11:46:29 fetching corpus: 4000, signal 153853/187309 (executing program)
2025/09/01 11:46:29 fetching corpus: 4050, signal 154650/187900 (executing program)
2025/09/01 11:46:29 fetching corpus: 4100, signal 155318/188397 (executing program)
2025/09/01 11:46:29 fetching corpus: 4150, signal 155693/188888 (executing program)
2025/09/01 11:46:29 fetching corpus: 4200, signal 156191/189386 (executing program)
2025/09/01 11:46:29 fetching corpus: 4250, signal 156786/189844 (executing program)
2025/09/01 11:46:29 fetching corpus: 4300, signal 157188/190246 (executing program)
2025/09/01 11:46:29 fetching corpus: 4350, signal 157707/190654 (executing program)
2025/09/01 11:46:29 fetching corpus: 4400, signal 158165/191088 (executing program)
2025/09/01 11:46:29 fetching corpus: 4450, signal 158664/191518 (executing program)
2025/09/01 11:46:30 fetching corpus: 4500, signal 159091/191909 (executing program)
2025/09/01 11:46:30 fetching corpus: 4550, signal 159561/192369 (executing program)
2025/09/01 11:46:30 fetching corpus: 4600, signal 159924/192721 (executing program)
2025/09/01 11:46:30 fetching corpus: 4650, signal 160328/193064 (executing program)
2025/09/01 11:46:30 fetching corpus: 4700, signal 160800/193531 (executing program)
2025/09/01 11:46:30 fetching corpus: 4750, signal 161208/193691 (executing program)
2025/09/01 11:46:30 fetching corpus: 4800, signal 161558/193707 (executing program)
2025/09/01 11:46:30 fetching corpus: 4850, signal 162262/193719 (executing program)
2025/09/01 11:46:30 fetching corpus: 4900, signal 162706/193725 (executing program)
2025/09/01 11:46:30 fetching corpus: 4950, signal 163115/193726 (executing program)
2025/09/01 11:46:30 fetching corpus: 5000, signal 163424/193731 (executing program)
2025/09/01 11:46:30 fetching corpus: 5050, signal 163835/193731 (executing program)
2025/09/01 11:46:30 fetching corpus: 5100, signal 164103/193733 (executing program)
2025/09/01 11:46:31 fetching corpus: 5150, signal 164496/193734 (executing program)
2025/09/01 11:46:31 fetching corpus: 5200, signal 164815/193744 (executing program)
2025/09/01 11:46:31 fetching corpus: 5250, signal 165317/193745 (executing program)
2025/09/01 11:46:31 fetching corpus: 5300, signal 165657/193799 (executing program)
2025/09/01 11:46:31 fetching corpus: 5350, signal 166089/193810 (executing program)
2025/09/01 11:46:31 fetching corpus: 5400, signal 166450/193812 (executing program)
2025/09/01 11:46:31 fetching corpus: 5450, signal 167187/193895 (executing program)
2025/09/01 11:46:31 fetching corpus: 5500, signal 167595/193955 (executing program)
2025/09/01 11:46:31 fetching corpus: 5550, signal 167920/193990 (executing program)
2025/09/01 11:46:31 fetching corpus: 5600, signal 168208/194002 (executing program)
2025/09/01 11:46:31 fetching corpus: 5650, signal 168451/194008 (executing program)
2025/09/01 11:46:31 fetching corpus: 5700, signal 168921/194022 (executing program)
2025/09/01 11:46:31 fetching corpus: 5750, signal 169274/194045 (executing program)
2025/09/01 11:46:32 fetching corpus: 5800, signal 169453/194056 (executing program)
2025/09/01 11:46:32 fetching corpus: 5850, signal 169833/194061 (executing program)
2025/09/01 11:46:32 fetching corpus: 5900, signal 170234/194067 (executing program)
2025/09/01 11:46:32 fetching corpus: 5950, signal 170788/194105 (executing program)
2025/09/01 11:46:32 fetching corpus: 6000, signal 171089/194120 (executing program)
2025/09/01 11:46:32 fetching corpus: 6050, signal 171539/194126 (executing program)
2025/09/01 11:46:32 fetching corpus: 6100, signal 171971/194139 (executing program)
2025/09/01 11:46:32 fetching corpus: 6150, signal 172309/194150 (executing program)
2025/09/01 11:46:32 fetching corpus: 6200, signal 172693/194151 (executing program)
2025/09/01 11:46:32 fetching corpus: 6250, signal 173159/194178 (executing program)
2025/09/01 11:46:32 fetching corpus: 6300, signal 173642/194181 (executing program)
2025/09/01 11:46:33 fetching corpus: 6350, signal 174125/194188 (executing program)
2025/09/01 11:46:33 fetching corpus: 6400, signal 174439/194188 (executing program)
2025/09/01 11:46:33 fetching corpus: 6450, signal 174788/194189 (executing program)
2025/09/01 11:46:33 fetching corpus: 6500, signal 175093/194189 (executing program)
2025/09/01 11:46:33 fetching corpus: 6550, signal 175429/194191 (executing program)
2025/09/01 11:46:33 fetching corpus: 6600, signal 175668/194195 (executing program)
2025/09/01 11:46:33 fetching corpus: 6650, signal 176348/194205 (executing program)
2025/09/01 11:46:33 fetching corpus: 6700, signal 176642/194212 (executing program)
2025/09/01 11:46:33 fetching corpus: 6750, signal 176946/194228 (executing program)
2025/09/01 11:46:33 fetching corpus: 6800, signal 177369/194231 (executing program)
2025/09/01 11:46:33 fetching corpus: 6850, signal 177646/194232 (executing program)
2025/09/01 11:46:33 fetching corpus: 6900, signal 177923/194237 (executing program)
2025/09/01 11:46:33 fetching corpus: 6950, signal 178282/194275 (executing program)
2025/09/01 11:46:34 fetching corpus: 7000, signal 178514/194280 (executing program)
2025/09/01 11:46:34 fetching corpus: 7050, signal 178934/194284 (executing program)
2025/09/01 11:46:34 fetching corpus: 7100, signal 179246/194290 (executing program)
2025/09/01 11:46:34 fetching corpus: 7150, signal 179497/194301 (executing program)
2025/09/01 11:46:34 fetching corpus: 7200, signal 179718/194308 (executing program)
2025/09/01 11:46:34 fetching corpus: 7250, signal 179969/194309 (executing program)
2025/09/01 11:46:34 fetching corpus: 7300, signal 180391/194322 (executing program)
2025/09/01 11:46:34 fetching corpus: 7350, signal 180909/194341 (executing program)
2025/09/01 11:46:34 fetching corpus: 7400, signal 181299/194348 (executing program)
2025/09/01 11:46:34 fetching corpus: 7450, signal 181546/194356 (executing program)
2025/09/01 11:46:34 fetching corpus: 7500, signal 181844/194365 (executing program)
2025/09/01 11:46:34 fetching corpus: 7550, signal 182075/194370 (executing program)
2025/09/01 11:46:35 fetching corpus: 7600, signal 182285/194370 (executing program)
2025/09/01 11:46:35 fetching corpus: 7650, signal 182563/194371 (executing program)
2025/09/01 11:46:35 fetching corpus: 7700, signal 183369/194398 (executing program)
2025/09/01 11:46:35 fetching corpus: 7750, signal 183666/194419 (executing program)
2025/09/01 11:46:35 fetching corpus: 7800, signal 183988/194425 (executing program)
2025/09/01 11:46:35 fetching corpus: 7850, signal 184718/194445 (executing program)
2025/09/01 11:46:35 fetching corpus: 7900, signal 185011/194446 (executing program)
2025/09/01 11:46:35 fetching corpus: 7950, signal 185390/194447 (executing program)
2025/09/01 11:46:35 fetching corpus: 8000, signal 185640/194447 (executing program)
2025/09/01 11:46:35 fetching corpus: 8050, signal 185908/194447 (executing program)
2025/09/01 11:46:35 fetching corpus: 8100, signal 186097/194449 (executing program)
2025/09/01 11:46:36 fetching corpus: 8150, signal 186728/194454 (executing program)
2025/09/01 11:46:36 fetching corpus: 8200, signal 187065/194460 (executing program)
2025/09/01 11:46:36 fetching corpus: 8250, signal 187248/194462 (executing program)
2025/09/01 11:46:36 fetching corpus: 8300, signal 187489/194471 (executing program)
2025/09/01 11:46:36 fetching corpus: 8350, signal 187892/194476 (executing program)
2025/09/01 11:46:36 fetching corpus: 8400, signal 188168/194476 (executing program)
2025/09/01 11:46:36 fetching corpus: 8450, signal 188374/194476 (executing program)
2025/09/01 11:46:36 fetching corpus: 8500, signal 188675/194488 (executing program)
2025/09/01 11:46:36 fetching corpus: 8550, signal 189167/194505 (executing program)
2025/09/01 11:46:36 fetching corpus: 8600, signal 189337/194506 (executing program)
2025/09/01 11:46:36 fetching corpus: 8650, signal 189592/194507 (executing program)
2025/09/01 11:46:37 fetching corpus: 8700, signal 189836/194508 (executing program)
2025/09/01 11:46:37 fetching corpus: 8750, signal 190134/194553 (executing program)
2025/09/01 11:46:37 fetching corpus: 8800, signal 190376/194559 (executing program)
2025/09/01 11:46:37 fetching corpus: 8850, signal 190669/194573 (executing program)
2025/09/01 11:46:37 fetching corpus: 8900, signal 190856/194574 (executing program)
2025/09/01 11:46:37 fetching corpus: 8950, signal 191080/194596 (executing program)
2025/09/01 11:46:37 fetching corpus: 9000, signal 191346/194596 (executing program)
2025/09/01 11:46:37 fetching corpus: 9050, signal 191583/194600 (executing program)
2025/09/01 11:46:37 fetching corpus: 9075, signal 191744/194600 (executing program)
2025/09/01 11:46:37 fetching corpus: 9075, signal 191744/194600 (executing program)
2025/09/01 11:46:40 starting 8 fuzzer processes
11:46:40 executing program 0:
syz_emit_ethernet(0x36, &(0x7f0000000180)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @timestamp}}}}, 0x0)
11:46:40 executing program 1:
r0 = epoll_create(0x7ff)
fcntl$addseals(r0, 0x409, 0x0)
11:46:40 executing program 6:
munmap(&(0x7f0000000000/0x2000)=nil, 0x2000)
ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0)
11:46:40 executing program 2:
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000100))
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r1, r2, 0x0, 0xa0103)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6002, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendfile(r3, r4, 0x0, 0xa0103)
11:46:40 executing program 7:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0xff)
close(r0)
r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff)
poll(0x0, 0x0, 0x0)
11:46:40 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x34, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}}, 0x0)
11:46:40 executing program 4:
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @local={0xac, 0x28}, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x8}}}}}}, 0x0)
[ 80.277818] audit: type=1400 audit(1756727200.338:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:46:40 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_buf(r1, 0x0, 0x29, 0x0, 0x1000000)
[ 81.524190] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.529177] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.531457] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.538688] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.541645] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 81.646433] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 81.657148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 81.661153] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 81.664285] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 81.669112] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 81.670346] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 81.681234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 81.682599] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 81.684386] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 81.685514] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 81.686461] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 81.688985] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 81.691465] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 81.693159] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 81.695370] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 81.696104] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 81.697174] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 81.698497] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 81.703407] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 81.705171] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 81.706160] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 81.717199] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 81.719396] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 81.733961] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 81.744971] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 81.748092] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 81.750220] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 81.751759] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 81.752490] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 81.754351] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 81.758093] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 81.760263] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 81.768665] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 81.783078] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 81.791102] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 83.618749] Bluetooth: hci0: command tx timeout
[ 83.748892] Bluetooth: hci4: command tx timeout
[ 83.749071] Bluetooth: hci2: command tx timeout
[ 83.749551] Bluetooth: hci1: command tx timeout
[ 83.810288] Bluetooth: hci7: command tx timeout
[ 83.810787] Bluetooth: hci5: command tx timeout
[ 83.811628] Bluetooth: hci3: command tx timeout
[ 83.873954] Bluetooth: hci6: command tx timeout
[ 85.665968] Bluetooth: hci0: command tx timeout
[ 85.793900] Bluetooth: hci1: command tx timeout
[ 85.793984] Bluetooth: hci2: command tx timeout
[ 85.794322] Bluetooth: hci4: command tx timeout
[ 85.857982] Bluetooth: hci5: command tx timeout
[ 85.859042] Bluetooth: hci3: command tx timeout
[ 85.859148] Bluetooth: hci7: command tx timeout
[ 85.922857] Bluetooth: hci6: command tx timeout
[ 87.713942] Bluetooth: hci0: command tx timeout
[ 87.843009] Bluetooth: hci4: command tx timeout
[ 87.843034] Bluetooth: hci2: command tx timeout
[ 87.843090] Bluetooth: hci1: command tx timeout
[ 87.906088] Bluetooth: hci3: command tx timeout
[ 87.906507] Bluetooth: hci5: command tx timeout
[ 87.907297] Bluetooth: hci7: command tx timeout
[ 87.969890] Bluetooth: hci6: command tx timeout
[ 89.762062] Bluetooth: hci0: command tx timeout
[ 89.890002] Bluetooth: hci1: command tx timeout
[ 89.890769] Bluetooth: hci2: command tx timeout
[ 89.891530] Bluetooth: hci4: command tx timeout
[ 89.954925] Bluetooth: hci7: command tx timeout
[ 89.955640] Bluetooth: hci5: command tx timeout
[ 89.956588] Bluetooth: hci3: command tx timeout
[ 90.017956] Bluetooth: hci6: command tx timeout
[ 118.734550] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.735603] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.813412] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.814880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.966910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.967537] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.161547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.162180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.284120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.284734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.353925] audit: type=1400 audit(1756727239.414:8): avc: denied { open } for pid=3755 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 119.360804] audit: type=1400 audit(1756727239.414:9): avc: denied { kernel } for pid=3755 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 119.403737] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.404324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:47:19 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000d4f4655fd4f4655fd4f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000000040)="80641c0000180000d4f4655fd4f4655fd4f4655f000000000000010080e50000100008feff0000000a", 0x29, 0x4c00}, {&(0x7f0000013900)="111fc0d901", 0x5, 0x30000}], 0x0, &(0x7f0000014a00))
[ 119.559847] loop7: detected capacity change from 0 to 4096
[ 119.590084] EXT4-fs error (device loop7): ext4_quota_enable:7134: inode #4: comm syz-executor.7: casefold flag without casefold feature
[ 119.593043] EXT4-fs error (device loop7): ext4_quota_enable:7136: comm syz-executor.7: Bad quota inode: 4, type: 1
[ 119.596787] EXT4-fs warning (device loop7): ext4_enable_quotas:7174: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 119.609137] EXT4-fs (loop7): mount failed
11:47:19 executing program 4:
syz_open_dev$sg(&(0x7f0000000180), 0x0, 0xc2a83)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
11:47:19 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000d4f4655fd4f4655fd4f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000000040)="80641c0000180000d4f4655fd4f4655fd4f4655f000000000000010080e50000100008feff0000000a", 0x29, 0x4c00}, {&(0x7f0000013900)="111fc0d901", 0x5, 0x30000}], 0x0, &(0x7f0000014a00))
[ 120.428469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.429177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.536878] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.537485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.605883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.606455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.658463] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.659053] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.691958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.692496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.731893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.732525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.824707] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.825662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.856764] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.858182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.190458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.191400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.232199] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.232761] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.311160] syz-executor.2 (3896) used greatest stack depth: 24416 bytes left
[ 123.443168] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 123.446686] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 123.448428] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 123.453690] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 123.456157] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 125.473976] Bluetooth: hci4: command tx timeout
[ 127.521915] Bluetooth: hci4: command tx timeout
[ 129.570414] Bluetooth: hci4: command tx timeout
[ 131.617918] Bluetooth: hci4: command tx timeout
[ 138.929818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 138.930433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 138.966528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 138.967164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
11:47:39 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000080)={0x2, {0x2, 0x0, 0x0, 0x0, 0x401}})
11:47:39 executing program 4:
syz_open_dev$sg(&(0x7f0000000180), 0x0, 0xc2a83)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
11:47:39 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000d4f4655fd4f4655fd4f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000000040)="80641c0000180000d4f4655fd4f4655fd4f4655f000000000000010080e50000100008feff0000000a", 0x29, 0x4c00}, {&(0x7f0000013900)="111fc0d901", 0x5, 0x30000}], 0x0, &(0x7f0000014a00))
11:47:39 executing program 6:
munmap(&(0x7f0000000000/0x2000)=nil, 0x2000)
ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0)
11:47:39 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x34, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}}, 0x0)
11:47:39 executing program 2:
r0 = memfd_create(&(0x7f0000000000)=':^/\x00', 0x0)
ftruncate(r0, 0x8800000)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0xc681, 0x7})
lseek(r0, 0x0, 0x4)
11:47:39 executing program 1:
r0 = epoll_create(0x7ff)
fcntl$addseals(r0, 0x409, 0x0)
11:47:39 executing program 5:
prctl$PR_SET_MM_MAP(0x27, 0xe, 0x0, 0x0)
[ 139.119105] loop7: detected capacity change from 0 to 4096
11:47:39 executing program 1:
r0 = epoll_create(0x7ff)
fcntl$addseals(r0, 0x409, 0x0)
11:47:39 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x34, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}}, 0x0)
[ 139.165301] EXT4-fs error (device loop7): ext4_quota_enable:7134: inode #4: comm syz-executor.7: casefold flag without casefold feature
[ 139.166120] EXT4-fs error (device loop7): ext4_quota_enable:7136: comm syz-executor.7: Bad quota inode: 4, type: 1
[ 139.167106] EXT4-fs warning (device loop7): ext4_enable_quotas:7174: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 139.169762] EXT4-fs (loop7): mount failed
11:47:39 executing program 6:
munmap(&(0x7f0000000000/0x2000)=nil, 0x2000)
ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0)
[ 139.296410] kmemleak: Found object by alias at 0x607f1a63e614
[ 139.296427] CPU: 0 UID: 0 PID: 4360 Comm: syz-executor.7 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 139.296445] Tainted: [W]=WARN
[ 139.296449] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 139.296456] Call Trace:
[ 139.296460]
[ 139.296464] dump_stack_lvl+0xca/0x120
[ 139.296487] __lookup_object+0x94/0xb0
[ 139.296504] delete_object_full+0x27/0x70
[ 139.296520] free_percpu+0x30/0x1160
[ 139.296538] ? arch_uprobe_clear_state+0x16/0x140
[ 139.296558] futex_hash_free+0x38/0xc0
[ 139.296573] mmput+0x2d3/0x390
[ 139.296592] do_exit+0x79d/0x2970
[ 139.296606] ? signal_wake_up_state+0x85/0x120
[ 139.296622] ? zap_other_threads+0x2b9/0x3a0
[ 139.296638] ? __pfx_do_exit+0x10/0x10
[ 139.296651] ? do_group_exit+0x1c3/0x2a0
[ 139.296665] ? lock_release+0xc8/0x290
[ 139.296682] do_group_exit+0xd3/0x2a0
[ 139.296697] __x64_sys_exit_group+0x3e/0x50
[ 139.296711] x64_sys_call+0x18c5/0x18d0
[ 139.296727] do_syscall_64+0xbf/0x360
[ 139.296740] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.296751] RIP: 0033:0x7f3ce60e8b19
[ 139.296760] Code: Unable to access opcode bytes at 0x7f3ce60e8aef.
[ 139.296765] RSP: 002b:00007ffe38375438 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 139.296777] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f3ce60e8b19
[ 139.296785] RDX: 00007f3ce609b72b RSI: ffffffffffffffbc RDI: 0000000000000000
[ 139.296792] RBP: 0000000000000000 R08: 0000001b2d22001c R09: 0000000000000000
[ 139.296799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 139.296806] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe38375520
[ 139.296824]
[ 139.296828] kmemleak: Object (percpu) 0x607f1a63e610 (size 8):
[ 139.296835] kmemleak: comm "syz-executor.6", pid 282, jiffies 4294787891
[ 139.296842] kmemleak: min_count = 1
[ 139.296846] kmemleak: count = 1
[ 139.296850] kmemleak: flags = 0x21
[ 139.296853] kmemleak: checksum = 0
[ 139.296857] kmemleak: backtrace:
[ 139.296860] pcpu_alloc_noprof+0x87a/0x1170
[ 139.296876] percpu_ref_init+0x37/0x400
[ 139.296887] cgroup_apply_control_enable+0x4a6/0x9f0
[ 139.296901] cgroup_mkdir+0x86e/0x1110
[ 139.296913] kernfs_iop_mkdir+0x111/0x190
[ 139.296929] vfs_mkdir+0x59a/0x8d0
[ 139.296945] do_mkdirat+0x19f/0x3d0
[ 139.296956] __x64_sys_mkdir+0xf3/0x140
[ 139.296967] do_syscall_64+0xbf/0x360
[ 139.296977] entry_SYSCALL_64_after_hwframe+0x77/0x7f
11:47:40 executing program 4:
syz_open_dev$sg(&(0x7f0000000180), 0x0, 0xc2a83)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
11:47:40 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000cc0)=0x42, 0x4)
11:47:40 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r1, 0x301, 0x0, 0x0, {{}, {@val={0x15, 0x117}, @void}}}, 0x1c}}, 0x0)
11:47:40 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x34, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}}, 0x0)
11:47:40 executing program 6:
munmap(&(0x7f0000000000/0x2000)=nil, 0x2000)
ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0)
11:47:40 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000091b73ef4b8d944c4be6aeaa0d6c47e6c010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="0300000004", 0x5, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f0000012800)="8081000000180000d4f4655fd4f4655fd4f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030", 0x3d, 0x4800}, {&(0x7f0000000040)="80641c0000180000d4f4655fd4f4655fd4f4655f000000000000010080e50000100008feff0000000a", 0x29, 0x4c00}, {&(0x7f0000013900)="111fc0d901", 0x5, 0x30000}], 0x0, &(0x7f0000014a00))
11:47:40 executing program 5:
prctl$PR_SET_MM_MAP(0x27, 0xe, 0x0, 0x0)
11:47:40 executing program 1:
r0 = epoll_create(0x7ff)
fcntl$addseals(r0, 0x409, 0x0)
[ 139.985659] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#1] SMP KASAN NOPTI
[ 139.986560] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 139.987171] CPU: 0 UID: 0 PID: 4413 Comm: syz-executor.6 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 139.988398] Tainted: [W]=WARN
[ 139.992119] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 139.992768] RIP: 0010:perf_tp_event+0x175/0xe70
[ 139.993152] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 139.994607] RSP: 0018:ffff88801d95f780 EFLAGS: 00010012
[ 139.995045] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90002ca0000
[ 139.995634] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 139.996215] RBP: ffff88801d95f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16618
[ 139.996762] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 139.997311] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 139.997860] FS: 00007f3b45e0b700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 139.998484] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 139.998934] CR2: 00007f9b9d531018 CR3: 00000000465b4000 CR4: 0000000000350ef0
[ 139.999489] Call Trace:
[ 139.999695]
[ 139.999876] ? stack_trace_save+0x8e/0xc0
[ 140.000211] ? __pfx_perf_tp_event+0x10/0x10
[ 140.000562] ? kasan_save_stack+0x34/0x50
[ 140.000907] ? kasan_save_stack+0x24/0x50
[ 140.001259] ? kasan_record_aux_stack+0x89/0xa0
[ 140.001643] ? __call_rcu_common.constprop.0+0x70/0x960
[ 140.002096] ? kmem_cache_free+0x15b/0x540
[ 140.002427] ? vms_complete_munmap_vmas+0x549/0x9f0
[ 140.002822] ? do_vmi_align_munmap+0x3db/0x550
[ 140.003192] ? do_vmi_munmap+0x1eb/0x3c0
[ 140.003516] ? __vm_munmap+0x190/0x370
[ 140.003819] ? __x64_sys_munmap+0x59/0x80
[ 140.004148] ? do_syscall_64+0xbf/0x360
[ 140.004461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 140.004874] ? kmem_cache_free+0x148/0x540
[ 140.005205] ? vms_complete_munmap_vmas+0x549/0x9f0
[ 140.005600] ? __lock_acquire+0x694/0x1b70
[ 140.005935] ? __lock_acquire+0x694/0x1b70
[ 140.006266] ? lock_acquire+0x15e/0x2f0
[ 140.006580] ? __virt_addr_valid+0x1c6/0x5d0
[ 140.006934] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 140.007394] ? __virt_addr_valid+0x2e8/0x5d0
[ 140.007749] ? perf_trace_run_bpf_submit+0xef/0x180
[ 140.008143] perf_trace_run_bpf_submit+0xef/0x180
[ 140.008525] perf_trace_preemptirq_template+0x259/0x430
[ 140.008943] ? trace_sched_set_need_resched_tp+0xd4/0x110
[ 140.009382] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 140.009835] ? __pfx___resched_curr+0x10/0x10
[ 140.010193] ? find_held_lock+0x2b/0x80
[ 140.010511] ? try_to_wake_up+0x8ae/0x11d0
[ 140.010846] ? _raw_spin_unlock_irqrestore+0x2c/0x50
[ 140.011255] trace_irq_enable.constprop.0+0xa6/0x100
[ 140.011649] trace_hardirqs_on+0x26/0x40
[ 140.011967] _raw_spin_unlock_irqrestore+0x2c/0x50
[ 140.012353] try_to_wake_up+0x8ae/0x11d0
[ 140.012677] ? __pfx_try_to_wake_up+0x10/0x10
[ 140.013033] ? plist_del+0x122/0x270
[ 140.013330] ? find_held_lock+0x2b/0x80
[ 140.013647] ? futex_wake+0x474/0x540
[ 140.013951] wake_up_q+0xa1/0x130
[ 140.014233] futex_wake+0x47e/0x540
[ 140.014525] ? __pfx_futex_wake+0x10/0x10
[ 140.014855] do_futex+0x26d/0x370
[ 140.015139] ? __pfx_do_futex+0x10/0x10
[ 140.015453] ? __vm_munmap+0x1ba/0x370
[ 140.015755] __x64_sys_futex+0x1c9/0x4d0
[ 140.016076] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 140.016529] ? __pfx___x64_sys_futex+0x10/0x10
[ 140.016889] ? xfd_validate_state+0x55/0x180
[ 140.017245] do_syscall_64+0xbf/0x360
[ 140.017544] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 140.017944] RIP: 0033:0x7f3b48895b19
[ 140.018232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 140.019624] RSP: 002b:00007f3b45e0b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 140.020205] RAX: ffffffffffffffda RBX: 00007f3b489a8f68 RCX: 00007f3b48895b19
[ 140.020778] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3b489a8f6c
[ 140.021336] RBP: 00007f3b489a8f60 R08: 000000000000000e R09: 0000000000000000
[ 140.021917] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b489a8f6c
[ 140.022512] R13: 00007ffe1dbf881f R14: 00007f3b45e0b300 R15: 0000000000022000
[ 140.023082]
[ 140.023269] Modules linked in:
[ 140.023541] ---[ end trace 0000000000000000 ]---
[ 140.023935] RIP: 0010:perf_tp_event+0x175/0xe70
[ 140.024332] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 140.025823] RSP: 0018:ffff88801d95f780 EFLAGS: 00010012
[ 140.026249] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90002ca0000
[ 140.026826] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 140.027410] RBP: ffff88801d95f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16618
[ 140.027991] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 140.028563] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 140.029144] FS: 00007f3b45e0b700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 140.029793] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 140.030263] CR2: 00007f9b9d531018 CR3: 00000000465b4000 CR4: 0000000000350ef0
[ 140.030844] note: syz-executor.6[4413] exited with irqs disabled
[ 140.031392] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000032: 0000 [#2] SMP KASAN NOPTI
[ 140.032293] KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]
[ 140.032898] CPU: 0 UID: 0 PID: 4413 Comm: syz-executor.6 Tainted: G D W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary)
[ 140.033834] Tainted: [D]=DIE, [W]=WARN
[ 140.034140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 140.034787] RIP: 0010:perf_tp_event+0x175/0xe70
[ 140.035170] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 140.036625] RSP: 0018:ffff88806ce08b80 EFLAGS: 00010012
[ 140.037036] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: 0000000000000002
[ 140.037580] RDX: ffff88801ca48000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 140.038129] RBP: ffff88806ce08df0 R08: ffff88806ce313e8 R09: ffffe8ffffc16618
[ 140.038676] R10: 0000000000000000 R11: ffff8880173f5c98 R12: dffffc0000000000
[ 140.039225] R13: 0000000000000014 R14: ffff88806ce313e8 R15: dffffc0000000000
[ 140.039773] FS: 00007f3b45e0b700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 140.040387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 140.040835] CR2: 00007f9b9d531018 CR3: 00000000465b4000 CR4: 0000000000350ef0
[ 140.041386] Call Trace:
[ 140.041590]
[ 140.041767] ? __pfx_perf_tp_event+0x10/0x10
[ 140.042119] ? enqueue_task_fair+0xded/0x1e00
[ 140.042474] ? check_preempt_wakeup_fair+0x6e/0x950
[ 140.042865] ? wakeup_preempt+0x140/0x2a0
[ 140.043196] ? lock_release+0x1c7/0x290
[ 140.043509] ? lock_release+0x1c7/0x290
[ 140.043822] ? do_raw_spin_unlock+0x53/0x220
[ 140.044171] ? _raw_spin_unlock_irqrestore+0x22/0x50
[ 140.044570] ? try_to_wake_up+0x8ae/0x11d0
[ 140.044907] ? do_raw_spin_lock+0x123/0x260
[ 140.045246] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 140.045617] ? perf_trace_run_bpf_submit+0xef/0x180
[ 140.046009] perf_trace_run_bpf_submit+0xef/0x180
[ 140.046392] perf_trace_preemptirq_template+0x259/0x430
[ 140.046804] ? read_tsc+0x9/0x20
[ 140.047086] ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[ 140.047538] ? clockevents_program_event+0x135/0x360
[ 140.047938] ? tick_program_event+0xac/0x140
[ 140.048284] ? handle_softirqs+0x16e/0x770
[ 140.048620] trace_irq_enable.constprop.0+0xa6/0x100
[ 140.049016] trace_hardirqs_on+0x26/0x40
[ 140.049334] handle_softirqs+0x16e/0x770
[ 140.049661] __irq_exit_rcu+0xc4/0x100
[ 140.049972] irq_exit_rcu+0x9/0x20
[ 140.050252] sysvec_apic_timer_interrupt+0x70/0x80
[ 140.050641]
[ 140.050821]
[ 140.051002] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 140.051408] RIP: 0010:make_task_dead+0xa2/0x3b0
[ 140.051775] Code: 38 00 85 db 0f 84 21 01 00 00 e8 09 a6 38 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 57 a1 38 00 48 85 db 0f 84 17 01 00 00 e9 a5 38 00 31 ff 65 8b 1d 60 2f 49 06 81 e3 ff ff ff 7f 89 de
[ 140.053163] RSP: 0018:ffff88801d95ff28 EFLAGS: 00000246
[ 140.053574] RAX: 0000000000000001 RBX: ffff88801ca48000 RCX: ffffffff817c3ab6
[ 140.054119] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff813b5234
[ 140.054664] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 140.055223] R10: ffffffff8643b457 R11: 0000000000000001 R12: ffff88801ca48000
[ 140.055772] R13: 0000000000000000 R14: dffffc0000000032 R15: 0000000000000000
[ 140.056320] ? trace_irq_enable.constprop.0+0x26/0x100
[ 140.056727] ? make_task_dead+0x214/0x3b0
[ 140.057055] ? make_task_dead+0x214/0x3b0
[ 140.057381] ? do_syscall_64+0xbf/0x360
[ 140.057694] rewind_stack_and_make_dead+0x16/0x20
[ 140.058086] RIP: 0033:0x7f3b48895b19
[ 140.058412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 140.060027] RSP: 002b:00007f3b45e0b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 140.060698] RAX: ffffffffffffffda RBX: 00007f3b489a8f68 RCX: 00007f3b48895b19
[ 140.061320] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3b489a8f6c
[ 140.061923] RBP: 00007f3b489a8f60 R08: 000000000000000e R09: 0000000000000000
[ 140.062548] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b489a8f6c
[ 140.063157] R13: 00007ffe1dbf881f R14: 00007f3b45e0b300 R15: 0000000000022000
[ 140.063788]
[ 140.064000] Modules linked in:
[ 140.064294] ---[ end trace 0000000000000000 ]---
[ 140.064716] RIP: 0010:perf_tp_event+0x175/0xe70
[ 140.065135] Code: ff df 48 89 85 a8 fd ff ff 48 c1 e8 03 4c 01 e0 48 89 85 c8 fd ff ff e8 c9 51 ea ff 48 8d bb f0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e c5 0b 00 00 44 8b ab f0 01
[ 140.066735] RSP: 0018:ffff88801d95f780 EFLAGS: 00010012
[ 140.067196] RAX: 0000000000000032 RBX: ffffffffffffffa1 RCX: ffffc90002ca0000
[ 140.067824] RDX: 0000000000040000 RSI: ffffffff8189a4e7 RDI: 0000000000000191
[ 140.068458] RBP: ffff88801d95f9f0 R08: ffff88806ce31340 R09: ffffe8ffffc16618
[ 140.069081] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
[ 140.069706] R13: 0000000000000014 R14: ffff88806ce31340 R15: dffffc0000000000
[ 140.070326] FS: 00007f3b45e0b700(0000) GS:ffff8880e55d8000(0000) knlGS:0000000000000000
[ 140.071023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 140.071529] CR2: 00007f9b9d531018 CR3: 00000000465b4000 CR4: 0000000000350ef0
[ 140.072146] Kernel panic - not syncing: Fatal exception in interrupt
[ 140.072806] Kernel Offset: disabled
[ 140.073129] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
VM DIAGNOSIS:
11:47:40 Registers:
info registers vcpu 0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff88801d95f118
R8 =0000000000000000 R9 =ffffed100141d046 R10=0000000000000020 R11=3a6465746e696154
R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0
RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f3b45e0b700 00000000 00000000
GS =0000 ffff8880e55d8000 00000000 00000000
LDT=0000 fffffe4400000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9b9d531018 CR3=00000000465b4000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f3b4897c7c000007f3b4897c7c8
XMM02=00007f3b4897c7e000007f3b4897c7c0 XMM03=00007f3b4897c7c800007f3b4897c7c0
XMM04=ffffffff0000ff00000000ff00000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffff88806ce3de20 RCX=ffffffff816880fc RDX=ffff888016203700
RSI=ffffffff816880d6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff8880194678d8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=1ffff1100d9e6bb1
R12=ffffed100d9c7bc5 R13=ffff88806ce3de28 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff816880d8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f554e0b88c0 00000000 00000000
GS =0000 ffff8880e56d8000 00000000 00000000
LDT=0000 fffffe7c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055788be87f88 CR3=000000000dd28000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000ff00000000000000ff
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055788be0e770000055788be30520
XMM06=00000000000000000000000300000000 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000020200000000000002020000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000