Warning: Permanently added '[localhost]:57674' (ECDSA) to the list of known hosts. 2025/01/19 02:00:38 fuzzer started 2025/01/19 02:00:39 dialing manager at localhost:44245 syzkaller login: [ 70.391021] cgroup: Unknown subsys name 'net' [ 70.517184] cgroup: Unknown subsys name 'cpuset' [ 70.555166] cgroup: Unknown subsys name 'rlimit' [ 76.811871] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/19 02:00:57 syscalls: 2217 2025/01/19 02:00:57 code coverage: enabled 2025/01/19 02:00:57 comparison tracing: enabled 2025/01/19 02:00:57 extra coverage: enabled 2025/01/19 02:00:57 setuid sandbox: enabled 2025/01/19 02:00:57 namespace sandbox: enabled 2025/01/19 02:00:57 Android sandbox: enabled 2025/01/19 02:00:57 fault injection: enabled 2025/01/19 02:00:57 leak checking: enabled 2025/01/19 02:00:57 net packet injection: enabled 2025/01/19 02:00:57 net device setup: enabled 2025/01/19 02:00:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/19 02:00:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/19 02:00:57 USB emulation: enabled 2025/01/19 02:00:57 hci packet injection: enabled 2025/01/19 02:00:57 wifi device emulation: enabled 2025/01/19 02:00:57 802.15.4 emulation: enabled 2025/01/19 02:00:57 fetching corpus: 0, signal 0/2000 (executing program) 2025/01/19 02:00:57 fetching corpus: 50, signal 22120/25287 (executing program) 2025/01/19 02:00:57 fetching corpus: 100, signal 34801/38847 (executing program) 2025/01/19 02:00:57 fetching corpus: 150, signal 43557/48278 (executing program) 2025/01/19 02:00:57 fetching corpus: 200, signal 48710/54131 (executing program) 2025/01/19 02:00:57 fetching corpus: 250, signal 54307/60207 (executing program) 2025/01/19 02:00:58 fetching corpus: 300, signal 59296/65501 (executing program) 2025/01/19 02:00:58 fetching corpus: 350, signal 63733/70215 (executing program) 2025/01/19 02:00:58 fetching corpus: 400, signal 66680/73483 (executing program) 2025/01/19 02:00:58 fetching corpus: 450, signal 69563/76582 (executing program) 2025/01/19 02:00:58 fetching corpus: 500, signal 73389/80349 (executing program) 2025/01/19 02:00:59 fetching corpus: 550, signal 76007/83025 (executing program) 2025/01/19 02:00:59 fetching corpus: 600, signal 79256/86081 (executing program) 2025/01/19 02:00:59 fetching corpus: 650, signal 81201/88050 (executing program) 2025/01/19 02:00:59 fetching corpus: 700, signal 83086/89873 (executing program) 2025/01/19 02:00:59 fetching corpus: 750, signal 84447/91283 (executing program) 2025/01/19 02:00:59 fetching corpus: 800, signal 86250/92975 (executing program) 2025/01/19 02:00:59 fetching corpus: 850, signal 87925/94418 (executing program) 2025/01/19 02:00:59 fetching corpus: 900, signal 89214/95570 (executing program) 2025/01/19 02:01:00 fetching corpus: 950, signal 92451/97932 (executing program) 2025/01/19 02:01:00 fetching corpus: 1000, signal 94516/99469 (executing program) 2025/01/19 02:01:00 fetching corpus: 1050, signal 95967/100550 (executing program) 2025/01/19 02:01:00 fetching corpus: 1100, signal 99686/102859 (executing program) 2025/01/19 02:01:00 fetching corpus: 1150, signal 101396/103908 (executing program) 2025/01/19 02:01:00 fetching corpus: 1200, signal 103257/104963 (executing program) 2025/01/19 02:01:00 fetching corpus: 1250, signal 104523/105679 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/105950 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/105998 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106039 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106080 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106117 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106158 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106196 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106236 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106260 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106298 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106332 (executing program) 2025/01/19 02:01:00 fetching corpus: 1275, signal 104999/106376 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106412 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106455 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106490 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106522 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106562 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106587 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106627 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106661 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106691 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106719 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106747 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106786 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106821 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106861 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106893 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106905 (executing program) 2025/01/19 02:01:01 fetching corpus: 1275, signal 104999/106905 (executing program) 2025/01/19 02:01:04 starting 8 fuzzer processes 02:01:04 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000000), 0x4) 02:01:04 executing program 3: io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) 02:01:04 executing program 1: r0 = memfd_create(&(0x7f0000000000)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLY\xb5Z\xe1\x12S\xf5G@\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x1a\x8e\"\xc5D\xcf\x88\xd4\x85\x8d\xea,qx\xa28\xbf\"\xc7e\x06L\xb06\xcb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8e\xd5\xb0r\xfb\xde\xe7\xa4\x9bI\xb7\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rb\xe3\xac6q\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xfe\xda\b\x80\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba|\xf0\x01\xcdl\x06\xfc\x15;qZ\xb1u\xc9\xd0\xd16~JEGm\xe4\x1e@\x9dG\xe4@\xdf\xba\'\x8b\x1cD\xc7\xec\xd1@}tR\xd9P\xf4N\xe3\xd8x\xa0\x91\x17\xc2}\x13\b\xca\t(S\xa3_\xa1\x90\x15T\x93\xe7%\x98\xa7\xfb\x8bp/eq\x93\xbf\x1f =|\xf3\xb1\xfcR\xd8\nM,\xcb%@\'\x15\x88\xd8\xad\f\x91|\x95\x8fq+\x98\x81W\xba\x9f\xe0elOt\xbd\by\r\x87\x1c\xba\xbd\x8e+S>\xb8\xe29\x91h^x\xfb`\x00\xdd/\xa6\xb1\x16=\xa1bw\xc5I\xb1\x00\x00\x00\x00\x00\x00\x00\x06\x00'/546, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x401c5820, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x7ffffffffeffffff}) 02:01:04 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) lseek(r0, 0x0, 0x3) 02:01:04 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={[{}]}) [ 95.817945] audit: type=1400 audit(1737252064.833:7): avc: denied { execmem } for pid=273 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 02:01:04 executing program 6: syz_mount_image$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000003fc0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, 0xffffffffffffffff, 0x0) r2 = getpid() prlimit64(r2, 0x0, 0x0, 0x0) 02:01:04 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) close(r1) dup3(r0, r1, 0x0) 02:01:04 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x40086602, 0x0) [ 97.130855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.134085] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.135489] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.138177] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.144177] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 97.145951] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.148278] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.158054] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.159222] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.162064] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.163437] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 97.164477] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.193540] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.197055] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.205343] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.210107] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.217130] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 97.220445] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.283343] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.287023] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.288458] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.290554] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.292378] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 97.293511] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.338086] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 97.339323] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 97.347016] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 97.351477] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 97.353512] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 97.354369] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 97.354558] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 97.357545] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 97.358719] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 97.364859] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 97.373704] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 97.374937] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 97.437620] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 97.443978] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 97.445335] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 97.451346] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 97.453364] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 97.454931] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 97.533774] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 97.569351] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 97.572443] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 97.598191] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 97.627265] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 97.635042] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 99.221249] Bluetooth: hci0: command tx timeout [ 99.221264] Bluetooth: hci1: command tx timeout [ 99.285106] Bluetooth: hci2: command tx timeout [ 99.350890] Bluetooth: hci3: command tx timeout [ 99.413128] Bluetooth: hci5: command tx timeout [ 99.413191] Bluetooth: hci4: command tx timeout [ 99.542593] Bluetooth: hci6: command tx timeout [ 99.732976] Bluetooth: hci7: command tx timeout [ 101.268922] Bluetooth: hci0: command tx timeout [ 101.270169] Bluetooth: hci1: command tx timeout [ 101.333173] Bluetooth: hci2: command tx timeout [ 101.398884] Bluetooth: hci3: command tx timeout [ 101.460943] Bluetooth: hci5: command tx timeout [ 101.461047] Bluetooth: hci4: command tx timeout [ 101.590319] Bluetooth: hci6: command tx timeout [ 101.782054] Bluetooth: hci7: command tx timeout [ 103.319849] Bluetooth: hci1: command tx timeout [ 103.319923] Bluetooth: hci0: command tx timeout [ 103.381061] Bluetooth: hci2: command tx timeout [ 103.444958] Bluetooth: hci3: command tx timeout [ 103.508882] Bluetooth: hci4: command tx timeout [ 103.509955] Bluetooth: hci5: command tx timeout [ 103.638279] Bluetooth: hci6: command tx timeout [ 103.828987] Bluetooth: hci7: command tx timeout [ 105.364861] Bluetooth: hci0: command tx timeout [ 105.364958] Bluetooth: hci1: command tx timeout [ 105.429891] Bluetooth: hci2: command tx timeout [ 105.493869] Bluetooth: hci3: command tx timeout [ 105.557917] Bluetooth: hci5: command tx timeout [ 105.557939] Bluetooth: hci4: command tx timeout [ 105.685941] Bluetooth: hci6: command tx timeout [ 105.876925] Bluetooth: hci7: command tx timeout [ 160.917622] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 160.921899] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 160.923426] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 160.933193] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 160.941379] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 160.943057] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 160.975287] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 160.992019] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 161.000725] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 161.001124] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 161.003816] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 161.005618] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 161.008142] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 161.009294] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 161.012993] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 161.014392] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 161.015854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 161.019635] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 161.021639] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 161.025169] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 161.026906] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 161.028114] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 161.029475] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 161.031155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 161.035602] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 161.046884] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 161.065034] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 161.068326] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 161.070235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 161.076109] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 161.081141] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 161.083999] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 161.085422] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 161.101265] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 161.114057] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 161.123842] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 161.126326] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 161.128341] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 161.135466] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 161.135950] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 161.161043] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 161.164143] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 161.166022] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 161.169361] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 161.175059] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 161.178428] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 161.180576] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 161.190121] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 163.029881] Bluetooth: hci0: command tx timeout [ 163.092937] Bluetooth: hci1: command tx timeout [ 163.093609] Bluetooth: hci5: command tx timeout [ 163.157878] Bluetooth: hci3: command tx timeout [ 163.221850] Bluetooth: hci2: command tx timeout [ 163.222485] Bluetooth: hci7: command tx timeout [ 163.222656] Bluetooth: hci4: command tx timeout [ 163.284944] Bluetooth: hci6: command tx timeout [ 165.076982] Bluetooth: hci0: command tx timeout [ 165.140970] Bluetooth: hci1: command tx timeout [ 165.141159] Bluetooth: hci5: command tx timeout [ 165.204858] Bluetooth: hci3: command tx timeout [ 165.270007] Bluetooth: hci4: command tx timeout [ 165.270249] Bluetooth: hci7: command tx timeout [ 165.270360] Bluetooth: hci2: command tx timeout [ 165.332860] Bluetooth: hci6: command tx timeout [ 167.126962] Bluetooth: hci0: command tx timeout [ 167.188968] Bluetooth: hci5: command tx timeout [ 167.188987] Bluetooth: hci1: command tx timeout [ 167.252844] Bluetooth: hci3: command tx timeout [ 167.317297] Bluetooth: hci4: command tx timeout [ 167.317337] Bluetooth: hci7: command tx timeout [ 167.317403] Bluetooth: hci2: command tx timeout [ 167.380868] Bluetooth: hci6: command tx timeout [ 169.173991] Bluetooth: hci0: command tx timeout [ 169.236868] Bluetooth: hci5: command tx timeout [ 169.237972] Bluetooth: hci1: command tx timeout [ 169.301869] Bluetooth: hci3: command tx timeout [ 169.365081] Bluetooth: hci4: command tx timeout [ 169.365859] Bluetooth: hci7: command tx timeout [ 169.365939] Bluetooth: hci2: command tx timeout [ 169.428895] Bluetooth: hci6: command tx timeout [ 220.847703] [ 220.847952] ====================================================== [ 220.848524] WARNING: possible circular locking dependency detected [ 220.849087] 6.13.0-rc7-next-20250117 #1 Not tainted [ 220.849557] ------------------------------------------------------ [ 220.851168] kworker/u8:0/11 is trying to acquire lock: [ 220.852033] ffffffff8621b968 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.853851] [ 220.853851] but task is already holding lock: [ 220.854610] ffff88803ba08768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 220.857839] [ 220.857839] which lock already depends on the new lock. [ 220.857839] [ 220.858564] [ 220.858564] the existing dependency chain (in reverse order) is: [ 220.859235] [ 220.859235] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 220.859866] __mutex_lock+0x13d/0xb50 [ 220.860307] wiphy_register+0x1b2e/0x25d0 [ 220.860777] ieee80211_register_hw+0x23a4/0x3d60 [ 220.861287] mac80211_hwsim_new_radio+0x2759/0x4d50 [ 220.861833] init_mac80211_hwsim+0x389/0x870 [ 220.862331] do_one_initcall+0xf9/0x640 [ 220.862791] kernel_init_freeable+0x53d/0x7a0 [ 220.863289] kernel_init+0x1e/0x2d0 [ 220.863684] ret_from_fork+0x48/0x80 [ 220.864092] ret_from_fork_asm+0x1a/0x30 [ 220.864555] [ 220.864555] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 220.865139] __lock_acquire+0x29fd/0x4580 [ 220.865621] lock_acquire+0x19b/0x520 [ 220.866043] __mutex_lock+0x13d/0xb50 [ 220.866477] unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.867060] unregister_netdevice_queue+0x224/0x2e0 [ 220.867592] _cfg80211_unregister_wdev+0x57b/0x700 [ 220.868123] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 220.868644] ieee80211_unregister_hw+0x55/0x3a0 [ 220.869137] hwsim_exit_net+0x3a0/0x730 [ 220.869588] ops_exit_list+0xb3/0x180 [ 220.870004] cleanup_net+0x546/0xad0 [ 220.870415] process_one_work+0x8ee/0x1a10 [ 220.870890] worker_thread+0x674/0xe70 [ 220.871337] kthread+0x3ab/0x720 [ 220.871737] ret_from_fork+0x48/0x80 [ 220.872142] ret_from_fork_asm+0x1a/0x30 [ 220.872610] [ 220.872610] other info that might help us debug this: [ 220.872610] [ 220.873322] Possible unsafe locking scenario: [ 220.873322] [ 220.873871] CPU0 CPU1 [ 220.874294] ---- ---- [ 220.874721] lock(&rdev->wiphy.mtx); [ 220.875106] lock(rtnl_mutex); [ 220.875658] lock(&rdev->wiphy.mtx); [ 220.876254] lock(rtnl_mutex); [ 220.876596] [ 220.876596] *** DEADLOCK *** [ 220.876596] [ 220.877139] 4 locks held by kworker/u8:0/11: [ 220.877564] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 220.878533] #1: ffff8880095dfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 220.879472] #2: ffffffff8620f810 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 220.880341] #3: ffff88803ba08768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 220.881302] [ 220.881302] stack backtrace: [ 220.881720] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-rc7-next-20250117 #1 [ 220.882471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 220.883208] Workqueue: netns cleanup_net [ 220.883605] Call Trace: [ 220.883843] [ 220.884055] dump_stack_lvl+0xca/0x120 [ 220.884452] print_circular_bug+0x47b/0x750 [ 220.884874] check_noncircular+0x2e9/0x3c0 [ 220.885278] ? srso_return_thunk+0x5/0x5f [ 220.885696] ? __pfx_check_noncircular+0x10/0x10 [ 220.886142] ? hlock_class+0x4e/0x130 [ 220.886498] ? mark_lock+0xac/0xed0 [ 220.886853] ? srso_return_thunk+0x5/0x5f [ 220.887263] ? dl_scaled_delta_exec+0xd4/0x2c0 [ 220.887705] ? lockdep_lock+0xba/0x1b0 [ 220.888099] ? __pfx_lockdep_lock+0x10/0x10 [ 220.888534] __lock_acquire+0x29fd/0x4580 [ 220.888948] ? __pfx___lock_acquire+0x10/0x10 [ 220.889390] ? lock_release+0x20f/0x6f0 [ 220.889779] ? __pfx_lock_release+0x10/0x10 [ 220.890198] lock_acquire+0x19b/0x520 [ 220.890571] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.891122] ? __pfx_lock_acquire+0x10/0x10 [ 220.891543] ? srso_return_thunk+0x5/0x5f [ 220.891960] ? lock_release+0x20f/0x6f0 [ 220.892346] ? srso_return_thunk+0x5/0x5f [ 220.892765] ? lock_is_held_type+0x9e/0x120 [ 220.893199] ? srso_return_thunk+0x5/0x5f [ 220.893623] __mutex_lock+0x13d/0xb50 [ 220.894012] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.894560] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.895107] ? srso_return_thunk+0x5/0x5f [ 220.895522] ? synchronize_rcu_expedited+0x38a/0x420 [ 220.896005] ? __pfx___mutex_lock+0x10/0x10 [ 220.896433] ? __pfx_autoremove_wake_function+0x10/0x10 [ 220.896945] ? srso_return_thunk+0x5/0x5f [ 220.897367] ? kasan_quarantine_put+0x84/0x1e0 [ 220.897837] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 220.898268] ? srso_return_thunk+0x5/0x5f [ 220.898683] unregister_netdevice_many_notify+0x1612/0x1c80 [ 220.899213] ? __virt_addr_valid+0x2e8/0x5d0 [ 220.899647] ? __pfx_lock_release+0x10/0x10 [ 220.900065] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 220.900623] ? find_held_lock+0x2c/0x110 [ 220.901034] ? srso_return_thunk+0x5/0x5f [ 220.901460] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 220.901950] ? srso_return_thunk+0x5/0x5f [ 220.902366] ? lock_release+0x20f/0x6f0 [ 220.902756] ? __pfx_lock_release+0x10/0x10 [ 220.903172] ? srso_return_thunk+0x5/0x5f [ 220.903589] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 220.904092] ? srso_return_thunk+0x5/0x5f [ 220.904511] unregister_netdevice_queue+0x224/0x2e0 [ 220.904985] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 220.905515] ? up_write+0x195/0x520 [ 220.905884] _cfg80211_unregister_wdev+0x57b/0x700 [ 220.906363] ? srso_return_thunk+0x5/0x5f [ 220.906780] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 220.907261] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 220.907776] ? srso_return_thunk+0x5/0x5f [ 220.908190] ? srso_return_thunk+0x5/0x5f [ 220.908606] ? synchronize_rcu+0x1ff/0x260 [ 220.909015] ieee80211_unregister_hw+0x55/0x3a0 [ 220.909469] hwsim_exit_net+0x3a0/0x730 [ 220.909857] ? __pfx_hwsim_exit_net+0x10/0x10 [ 220.910283] ? srso_return_thunk+0x5/0x5f [ 220.910699] ? netdev_run_todo+0x788/0x1040 [ 220.911124] ? srso_return_thunk+0x5/0x5f [ 220.911539] ? __pfx_hwsim_exit_net+0x10/0x10 [ 220.911972] ops_exit_list+0xb3/0x180 [ 220.912348] cleanup_net+0x546/0xad0 [ 220.912719] ? __pfx_cleanup_net+0x10/0x10 [ 220.913146] process_one_work+0x8ee/0x1a10 [ 220.913580] ? __pfx_lock_acquire+0x10/0x10 [ 220.913993] ? __pfx_process_one_work+0x10/0x10 [ 220.914462] ? srso_return_thunk+0x5/0x5f [ 220.914878] ? move_linked_works+0x172/0x270 [ 220.915307] ? srso_return_thunk+0x5/0x5f [ 220.915719] ? assign_work+0x196/0x240 [ 220.916115] worker_thread+0x674/0xe70 [ 220.916514] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 220.917016] ? __pfx_worker_thread+0x10/0x10 [ 220.917466] kthread+0x3ab/0x720 [ 220.917813] ? __pfx_kthread+0x10/0x10 [ 220.918196] ? srso_return_thunk+0x5/0x5f [ 220.918602] ? finish_task_switch.isra.0+0x206/0x840 [ 220.919084] ? __pfx_kthread+0x10/0x10 [ 220.919478] ret_from_fork+0x48/0x80 [ 220.919834] ? __pfx_kthread+0x10/0x10 [ 220.920224] ret_from_fork_asm+0x1a/0x30 [ 220.920642] [ 222.492532] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 222.495572] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 222.497389] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 222.503412] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 222.508611] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 222.510497] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 222.625281] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 222.627263] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 222.630242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 222.634147] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 222.639024] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 222.641193] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 222.697644] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 222.702288] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 222.705340] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 222.717669] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 222.721298] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 222.724054] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 222.770229] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 222.793181] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 222.796246] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 222.833202] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 222.837236] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 222.842464] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 222.844703] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 222.847130] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 222.849556] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 222.854394] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 222.863187] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 222.867120] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 222.872848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 222.884626] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 222.890127] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 222.891174] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 222.920846] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 222.922574] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 222.925188] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 222.936198] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 222.936576] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 222.956131] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 222.956491] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 222.984155] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 222.987640] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 222.999236] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 223.001317] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 223.025197] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 223.028092] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 223.030321] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 224.532809] Bluetooth: hci0: command tx timeout [ 224.661834] Bluetooth: hci1: command tx timeout [ 224.788812] Bluetooth: hci2: command tx timeout [ 224.918796] Bluetooth: hci3: command tx timeout [ 224.980840] Bluetooth: hci5: command tx timeout [ 225.044817] Bluetooth: hci4: command tx timeout [ 225.108898] Bluetooth: hci7: command tx timeout [ 225.109528] Bluetooth: hci6: command tx timeout [ 226.580987] Bluetooth: hci0: command tx timeout [ 226.709906] Bluetooth: hci1: command tx timeout [ 226.836867] Bluetooth: hci2: command tx timeout [ 226.965840] Bluetooth: hci3: command tx timeout [ 227.028846] Bluetooth: hci5: command tx timeout [ 227.092844] Bluetooth: hci4: command tx timeout [ 227.157834] Bluetooth: hci7: command tx timeout [ 227.159422] Bluetooth: hci6: command tx timeout [ 228.629030] Bluetooth: hci0: command tx timeout [ 228.756873] Bluetooth: hci1: command tx timeout [ 228.885797] Bluetooth: hci2: command tx timeout [ 229.012851] Bluetooth: hci3: command tx timeout [ 229.076852] Bluetooth: hci5: command tx timeout [ 229.142794] Bluetooth: hci4: command tx timeout [ 229.205070] Bluetooth: hci7: command tx timeout [ 229.206141] Bluetooth: hci6: command tx timeout [ 230.677112] Bluetooth: hci0: command tx timeout [ 230.804794] Bluetooth: hci1: command tx timeout VM DIAGNOSIS: 02:03:10 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffff88800f99c000 RCX=ffffffff81429a4a RDX=ffffed1001f33801 RSI=0000000000000008 RDI=ffff88800f99c000 RBP=0000000000200000 RSP=ffff88800f9dfdb8 R8 =0000000000000000 R9 =ffffed1001f33800 R10=ffff88800f99c007 R11=0000000000000001 R12=ffff88800703caf9 R13=ffff888013028250 R14=ffff88800f6ed340 R15=0000000000000086 RIP=ffffffff81429a4a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f211a0b3118 CR3=0000000015dcc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041840d7b40000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283cdc5 RDI=ffffffff886930a0 RBP=ffffffff88693060 RSP=ffff8880095deb28 R8 =0000000000000001 R9 =ffffed10012bbd55 R10=0000000000000038 R11=3038383866666666 R12=0000000000000038 R13=0000000000000001 R14=ffff888008fea049 R15=ffff8880095dee28 RIP=ffffffff8283ce1d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000556913e3f3e0 CR3=0000000015dcc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000004251993a75e10000 XMM02=00000000000000003fd9108ba92af20e XMM03=000000c000084420000000c0000f1e90 XMM04=000000c000086090000000c000086060 XMM05=000000c0000860f0000000c0000860c0 XMM06=000000c000086150000000c000086120 XMM07=000000c000085760000000c00005b4d0 XMM08=000000c0000864b0000000c000086480 XMM09=000000c000086510000000c0000864e0 XMM10=000000c000086540000000c00005b530 XMM11=000000c0000865a0000000c000086570 XMM12=000000c000086600000000c0000865d0 XMM13=000000c000086660000000c000086630 XMM14=000000c0000866c0000000c000086690 XMM15=000000c0000a1080000000c0000866f0