last executing test programs:

299.830948ms ago: executing program 0 (id=1):
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000001158000000000000800000850000006d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={r0, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r4 = openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
writev(r4, &(0x7f0000000180)=[{0x0}], 0x1)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c61"])
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = dup(r5)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, 0x0, 0x0)
r7 = dup(r5)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x85, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x5, @empty, 0xb055}}, 0xff80, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xa8}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)

175.702742ms ago: executing program 3 (id=4):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
mkdir(&(0x7f0000000400)='./bus\x00', 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
mkdirat(r2, &(0x7f0000000480)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x2d)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)
listxattr(&(0x7f0000000100)='./bus\x00', &(0x7f0000001d00)=""/4096, 0x1000)
semctl$GETALL(0x0, 0x0, 0xd, 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x54b980)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000300)={0x8, {{0xa, 0x4e20, 0x6, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6a3c}}, {{0xa, 0x4e22, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}}, 0x104)
ioctl$CDROM_SEND_PACKET(0xffffffffffffffff, 0x5393, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000e, 0x50032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
socket(0x10, 0x803, 0x0)

99.089879ms ago: executing program 2 (id=3):
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000007000100"/20, @ANYRES32], 0x50)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000, 0x0, 0x0, 0x18, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac000000000055aaffff00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

42.796295ms ago: executing program 1 (id=2):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xb, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x35}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x80000e45}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socket(0x2, 0x4, 0x0)
write$tcp_mem(0xffffffffffffffff, &(0x7f0000000080)={0x7fff, 0x20, 0x0, 0x20, 0x9}, 0x48)
r1 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x100960)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, 0x0, 0x0)
r4 = dup(r3)
write$FUSE_BMAP(r4, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000000003318869a4b6909"], 0x0, 0x1a}, 0x28)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r5)
sendmsg$NFC_CMD_GET_SE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6, 0x325, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
r7 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(r7, 0x110, 0x1, &(0x7f00000000c0)='`\xdaL\xcc\x84\xcdN;2U\x81\xb1~\xf7^\xd7%C\x13\v\x96\xec>I\xc1\xcf\xfb\xf8\x19:z&`ZM\xa1\xb8_K[\n\xd3Y\n\xd5\xdd\x1ee\xeb\xd1\xef\x1d\x1a?=\vz\x8c\xd0\xfd\x16M\xb2A\x18(\x1f\x9f\xbc\xf1\xde\xc0\xd9\x8b{\x1d{\xa1:\xf1\xcd\x15t\xde\x0eh(\t\xf9\x9c\v?ag#FK\xd7Y\x91i\xe6H\xf6\xed\x81b\xdai\x1e{\xa0De\xf8\xc3-d\x7fO\x042\xbd\x1dT.\xcb\xa1\xfb{\x1b\t\x1dp5\xecrn%\xcd\xe3\xbe\xb7y\xd8\xbfW\x0fq\r\x99Vy\n\xbc\x8c\xda|@\xecV\xd5\xb8\xe4\xa1^f\xe6Q', 0xa9)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @vbi={0x9, 0x7, 0x1000, 0x59555956, [0xb, 0x81], [0x3, 0x36a4], 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019540)=""/102392, 0x18ff8)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r9, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r9, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000080)={r2, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}})

0s ago: executing program 2 (id=5):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
mount$tmpfs(0x0, 0x0, &(0x7f0000000080), 0x1f, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$igmp6(0xa, 0x3, 0x2)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x1})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000140)={'ip_vti0\x00', 0x0})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r8 = openat(0xffffffffffffff9c, 0x0, 0x2c41, 0x0)
flock(r8, 0x5)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000200)={0x200, 0x7, 0x2, 0xffffffff, 0x1000})
r9 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r9, 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:20975' (ED25519) to the list of known hosts.
[   48.277297][ T5966] cgroup: Unknown subsys name 'net'
[   48.389019][ T5966] cgroup: Unknown subsys name 'cpuset'
[   48.397220][ T5966] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.388144][ T5966] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.678801][ T5340] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.686473][ T5986] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.689067][ T5986] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.691517][ T5986] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.694498][ T5986] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.697233][ T5988] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.701372][ T5986] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   53.704483][ T5984] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.704842][ T5986] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   53.707451][ T5984] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.709185][ T5986] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.711568][ T5992] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   53.713590][ T5986] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.714328][ T5987] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.714614][ T5987] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.724191][   T63] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   53.726753][ T5986] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.726987][   T63] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   53.729501][ T5991] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.732287][   T63] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.030524][ T5977] chnl_net:caif_netlink_parms(): no params data found
[   54.077021][ T5989] chnl_net:caif_netlink_parms(): no params data found
[   54.089063][ T5982] chnl_net:caif_netlink_parms(): no params data found
[   54.148193][ T5981] chnl_net:caif_netlink_parms(): no params data found
[   54.191646][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.194462][ T5977] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.197050][ T5977] bridge_slave_0: entered allmulticast mode
[   54.200359][ T5977] bridge_slave_0: entered promiscuous mode
[   54.264332][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.267035][ T5977] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.269553][ T5977] bridge_slave_1: entered allmulticast mode
[   54.272350][ T5977] bridge_slave_1: entered promiscuous mode
[   54.356958][ T5982] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.359330][ T5982] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.361592][ T5982] bridge_slave_0: entered allmulticast mode
[   54.366762][ T5982] bridge_slave_0: entered promiscuous mode
[   54.400860][ T5977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.431239][ T5982] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.434338][ T5982] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.436893][ T5982] bridge_slave_1: entered allmulticast mode
[   54.439617][ T5982] bridge_slave_1: entered promiscuous mode
[   54.442072][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.444512][ T5989] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.446778][ T5989] bridge_slave_0: entered allmulticast mode
[   54.449343][ T5989] bridge_slave_0: entered promiscuous mode
[   54.453262][ T5977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.456392][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.458497][ T5981] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.461233][ T5981] bridge_slave_0: entered allmulticast mode
[   54.465683][ T5981] bridge_slave_0: entered promiscuous mode
[   54.499783][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.502077][ T5989] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.504491][ T5989] bridge_slave_1: entered allmulticast mode
[   54.507102][ T5989] bridge_slave_1: entered promiscuous mode
[   54.528518][ T5981] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.530847][ T5981] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.533090][ T5981] bridge_slave_1: entered allmulticast mode
[   54.536906][ T5981] bridge_slave_1: entered promiscuous mode
[   54.541400][ T5982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.631171][ T5982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.651035][ T5989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.656210][ T5977] team0: Port device team_slave_0 added
[   54.675361][ T5981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.695368][ T5989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.698926][ T5977] team0: Port device team_slave_1 added
[   54.702462][ T5981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.720648][ T5982] team0: Port device team_slave_0 added
[   54.781768][ T5982] team0: Port device team_slave_1 added
[   54.810993][ T5981] team0: Port device team_slave_0 added
[   54.828340][ T5989] team0: Port device team_slave_0 added
[   54.831096][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.833276][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.841348][ T5977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.847004][ T5981] team0: Port device team_slave_1 added
[   54.863364][ T5982] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.865609][ T5982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.873566][ T5982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.879066][ T5989] team0: Port device team_slave_1 added
[   54.882111][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.884657][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.892838][ T5977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.910790][ T5982] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.912995][ T5982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.922178][ T5982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.977908][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.980134][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.988506][ T5981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.992877][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.995117][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.002923][ T5981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.011345][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.013518][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.022653][ T5989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.072372][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.074864][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.082874][ T5989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.110433][ T5982] hsr_slave_0: entered promiscuous mode
[   55.112662][ T5982] hsr_slave_1: entered promiscuous mode
[   55.133419][ T5977] hsr_slave_0: entered promiscuous mode
[   55.136091][ T5977] hsr_slave_1: entered promiscuous mode
[   55.138692][ T5977] debugfs: 'hsr0' already exists in 'hsr'
[   55.140988][ T5977] Cannot create hsr debugfs directory
[   55.175414][ T5981] hsr_slave_0: entered promiscuous mode
[   55.177606][ T5981] hsr_slave_1: entered promiscuous mode
[   55.180593][ T5981] debugfs: 'hsr0' already exists in 'hsr'
[   55.182833][ T5981] Cannot create hsr debugfs directory
[   55.354355][ T5989] hsr_slave_0: entered promiscuous mode
[   55.356986][ T5989] hsr_slave_1: entered promiscuous mode
[   55.359467][ T5989] debugfs: 'hsr0' already exists in 'hsr'
[   55.361686][ T5989] Cannot create hsr debugfs directory
[   55.701089][ T5977] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.706599][ T5977] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.716423][ T5977] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.720628][ T5977] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.756870][ T5982] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   55.763791][ T5982] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   55.771475][ T5982] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   55.774755][ T5980] Bluetooth: hci0: command tx timeout
[   55.774822][ T5340] Bluetooth: hci3: command tx timeout
[   55.775032][ T5991] Bluetooth: hci2: command tx timeout
[   55.777436][   T63] Bluetooth: hci1: command tx timeout
[   55.782906][ T5982] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   55.835213][ T5981] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.851525][ T5981] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.866431][ T5981] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.876773][ T5981] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.907336][ T5989] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.915274][ T5977] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.928359][ T5989] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.940654][ T5989] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.950305][ T5989] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.968041][ T5977] 8021q: adding VLAN 0 to HW filter on device team0
[   55.992080][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.995414][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.012555][ T5982] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.025524][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.028307][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.063974][ T5982] 8021q: adding VLAN 0 to HW filter on device team0
[   56.105009][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.108125][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.129402][ T5981] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.133566][   T75] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.136731][   T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.172858][ T5981] 8021q: adding VLAN 0 to HW filter on device team0
[   56.191862][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.194981][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.211586][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.214760][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.227456][ T5989] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.268323][ T5989] 8021q: adding VLAN 0 to HW filter on device team0
[   56.288750][ T5981] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.300783][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.303937][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.319018][ T5977] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.323364][   T75] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.326469][   T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.391475][ T5977] veth0_vlan: entered promiscuous mode
[   56.401559][ T5982] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.409983][ T5977] veth1_vlan: entered promiscuous mode
[   56.443380][ T5977] veth0_macvtap: entered promiscuous mode
[   56.454490][ T5981] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.458778][ T5977] veth1_macvtap: entered promiscuous mode
[   56.470296][ T5982] veth0_vlan: entered promiscuous mode
[   56.479480][ T5982] veth1_vlan: entered promiscuous mode
[   56.489127][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.496497][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.510547][ T1254] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.515649][ T1254] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.529817][ T1254] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.533115][ T1254] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.547593][ T5981] veth0_vlan: entered promiscuous mode
[   56.569394][ T5982] veth0_macvtap: entered promiscuous mode
[   56.575117][ T5982] veth1_macvtap: entered promiscuous mode
[   56.579340][ T5989] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.582916][ T5981] veth1_vlan: entered promiscuous mode
[   56.589594][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.592593][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.599571][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.614138][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.624545][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.626987][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.626999][ T1140] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.632051][ T1140] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.643330][ T1140] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.646451][ T1140] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.658847][ T5981] veth0_macvtap: entered promiscuous mode
[   56.667203][ T5989] veth0_vlan: entered promiscuous mode
[   56.671302][ T5981] veth1_macvtap: entered promiscuous mode
[   56.679662][ T5977] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.690783][ T5989] veth1_vlan: entered promiscuous mode
[   56.699552][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.709345][ T6066] capability: warning: `syz.0.1' uses deprecated v2 capabilities in a way that may be insecure
[   56.712077][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.720620][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.723072][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.726760][  T806] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.729742][  T806] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.732787][  T806] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.749530][  T806] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.764122][ T5989] veth0_macvtap: entered promiscuous mode
[   56.768813][ T5989] veth1_macvtap: entered promiscuous mode
[   56.768910][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.774943][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.797506][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.808891][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.831420][  T806] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.835524][  T806] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.838936][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.842449][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.845088][  T806] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.850811][  T806] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.866960][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.869763][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.889756][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.894550][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.912682][ T6073] loop6: detected capacity change from 0 to 7
[   56.917246][ T6073] Dev loop6: unable to read RDB block 7
[   56.918929][ T6073]  loop6: unable to read partition table
[   56.920840][  T806] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.920929][ T6073] loop6: partition table beyond EOD, 
[   56.923302][  T806] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.929640][ T6073] truncated
[   56.933788][ T6073] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   56.947788][ T6074] overlay: ./file0 is not a directory
[   57.104384][ T6084] loop7: detected capacity change from 0 to 7
[   57.338956][    C0] ==================================================================
[   57.341466][    C0] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60
[   57.344087][    C0] Read of size 1 at addr ffff88805f02b818 by task kworker/0:1/10
[   57.347554][    C0] 
[   57.348573][    C0] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[   57.348586][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   57.348593][    C0] Workqueue: mld mld_dad_work
[   57.348606][    C0] Call Trace:
[   57.348611][    C0]  <IRQ>
[   57.348614][    C0]  dump_stack_lvl+0x116/0x1f0
[   57.348630][    C0]  print_report+0xcd/0x630
[   57.348643][    C0]  ? __virt_addr_valid+0x81/0x610
[   57.348655][    C0]  ? __phys_addr+0xe8/0x180
[   57.348667][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[   57.348679][    C0]  kasan_report+0xe0/0x110
[   57.348692][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[   57.348705][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[   57.348717][    C0]  __kasan_check_byte+0x36/0x50
[   57.348729][    C0]  lock_acquire+0xfc/0x350
[   57.348741][    C0]  ? __wake_up+0x3f/0x60
[   57.348753][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[   57.348765][    C0]  ? p9_req_put+0xaf/0x250
[   57.348779][    C0]  p9_req_put+0xaf/0x250
[   57.348792][    C0]  req_done+0x1dc/0x2e0
[   57.348804][    C0]  ? __pfx_req_done+0x10/0x10
[   57.348816][    C0]  ? __pfx_req_done+0x10/0x10
[   57.348827][    C0]  vring_interrupt+0x31b/0x400
[   57.348840][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[   57.348851][    C0]  __handle_irq_event_percpu+0x22c/0x7d0
[   57.348863][    C0]  handle_irq_event+0xab/0x1e0
[   57.348873][    C0]  handle_edge_irq+0x3ca/0x9e0
[   57.348883][    C0]  __common_interrupt+0xcd/0x2f0
[   57.348897][    C0]  common_interrupt+0xba/0xe0
[   57.348907][    C0]  </IRQ>
[   57.348910][    C0]  <TASK>
[   57.348914][    C0]  asm_common_interrupt+0x26/0x40
[   57.348924][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[   57.348938][    C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 e6 77 03 f6 48 89 df e8 ce cb 03 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 a5 c8 f3 f5 65 8b 05 fe 4b 42 08 85 c0 74 16 5b
[   57.348948][    C0] RSP: 0018:ffffc900001c72f8 EFLAGS: 00000246
[   57.348955][    C0] RAX: 0000000000000006 RBX: ffffffff9b03e760 RCX: 0000000000000002
[   57.348961][    C0] RDX: 0000000000000000 RSI: ffffffff8de4eb89 RDI: ffffffff8c163180
[   57.348967][    C0] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000001
[   57.348973][    C0] R10: ffffffff90aba297 R11: 0000000000000000 R12: dffffc0000000000
[   57.348978][    C0] R13: 0000000000000002 R14: 0000000000000002 R15: ffff88806920b000
[   57.348988][    C0]  debug_check_no_obj_freed+0x31f/0x600
[   57.349003][    C0]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[   57.349018][    C0]  kfree+0x28f/0x4d0
[   57.349027][    C0]  ? lock_acquire+0x179/0x350
[   57.349038][    C0]  ? skb_free_head+0x114/0x210
[   57.349053][    C0]  skb_free_head+0x114/0x210
[   57.349065][    C0]  skb_release_data+0x795/0x9e0
[   57.349079][    C0]  ? __pfx_sock_wfree+0x10/0x10
[   57.349093][    C0]  consume_skb+0xbf/0x100
[   57.349102][    C0]  nsim_start_xmit+0xc2/0xc50
[   57.349118][    C0]  dev_hard_start_xmit+0x94/0x740
[   57.349131][    C0]  sch_direct_xmit+0x1b2/0xcf0
[   57.349145][    C0]  ? lock_acquire+0x179/0x350
[   57.349157][    C0]  ? __pfx_sch_direct_xmit+0x10/0x10
[   57.349170][    C0]  ? do_raw_spin_lock+0x270/0x2b0
[   57.349186][    C0]  __dev_queue_xmit+0x144d/0x4490
[   57.349200][    C0]  ? ip6mr_fib_lookup+0x136/0x1a0
[   57.349214][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[   57.349226][    C0]  ? __lock_acquire+0x62e/0x1ce0
[   57.349239][    C0]  ? __lock_acquire+0xb97/0x1ce0
[   57.349254][    C0]  ? find_held_lock+0x2b/0x80
[   57.349264][    C0]  ip6_finish_output2+0xe98/0x2020
[   57.349280][    C0]  __ip6_finish_output+0x3cd/0x1010
[   57.349293][    C0]  ip6_output+0x1ca/0x3e0
[   57.349306][    C0]  mld_sendpack+0x9ea/0x1270
[   57.349322][    C0]  ? __pfx_mld_sendpack+0x10/0x10
[   57.349340][    C0]  mld_send_initial_cr+0x214/0x320
[   57.349350][    C0]  mld_dad_work+0x32/0x1f0
[   57.349358][    C0]  process_one_work+0x9cf/0x1b70
[   57.349375][    C0]  ? __pfx_mld_ifc_work+0x10/0x10
[   57.349389][    C0]  ? __pfx_process_one_work+0x10/0x10
[   57.349405][    C0]  ? assign_work+0x1a0/0x250
[   57.349419][    C0]  worker_thread+0x6c8/0xf10
[   57.349430][    C0]  ? __pfx_worker_thread+0x10/0x10
[   57.349438][    C0]  kthread+0x3c5/0x780
[   57.349452][    C0]  ? __pfx_kthread+0x10/0x10
[   57.349465][    C0]  ? rcu_is_watching+0x12/0xc0
[   57.349475][    C0]  ? __pfx_kthread+0x10/0x10
[   57.349489][    C0]  ret_from_fork+0x5d7/0x6f0
[   57.349503][    C0]  ? __pfx_kthread+0x10/0x10
[   57.349516][    C0]  ret_from_fork_asm+0x1a/0x30
[   57.349531][    C0]  </TASK>
[   57.349535][    C0] 
[   57.484590][    C0] Allocated by task 6081:
[   57.485953][    C0]  kasan_save_stack+0x33/0x60
[   57.487448][    C0]  kasan_save_track+0x14/0x30
[   57.488922][    C0]  __kasan_kmalloc+0xaa/0xb0
[   57.490383][    C0]  p9_client_create+0xc7/0x11c0
[   57.491907][    C0]  v9fs_session_init+0x1f7/0x1a80
[   57.493541][    C0]  v9fs_mount+0xc5/0xa90
[   57.494910][    C0]  legacy_get_tree+0x10c/0x220
[   57.496418][    C0]  vfs_get_tree+0x8b/0x340
[   57.497823][    C0]  path_mount+0x1513/0x2000
[   57.499282][    C0]  __ia32_sys_mount+0x28b/0x310
[   57.500759][    C0]  __do_fast_syscall_32+0x7c/0x3a0
[   57.502200][    C0]  do_fast_syscall_32+0x32/0x80
[   57.503730][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   57.505705][    C0] 
[   57.506478][    C0] Freed by task 6081:
[   57.507751][    C0]  kasan_save_stack+0x33/0x60
[   57.509242][    C0]  kasan_save_track+0x14/0x30
[   57.510732][    C0]  kasan_save_free_info+0x3b/0x60
[   57.512304][    C0]  __kasan_slab_free+0x60/0x70
[   57.513798][    C0]  kfree+0x2b4/0x4d0
[   57.515036][    C0]  p9_client_create+0xa28/0x11c0
[   57.516581][    C0]  v9fs_session_init+0x1f7/0x1a80
[   57.518162][    C0]  v9fs_mount+0xc5/0xa90
[   57.519513][    C0]  legacy_get_tree+0x10c/0x220
[   57.521006][    C0]  vfs_get_tree+0x8b/0x340
[   57.522409][    C0]  path_mount+0x1513/0x2000
[   57.523834][    C0]  __ia32_sys_mount+0x28b/0x310
[   57.525353][    C0]  __do_fast_syscall_32+0x7c/0x3a0
[   57.526974][    C0]  do_fast_syscall_32+0x32/0x80
[   57.528499][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   57.530485][    C0] 
[   57.531244][    C0] The buggy address belongs to the object at ffff88805f02b800
[   57.531244][    C0]  which belongs to the cache kmalloc-512 of size 512
[   57.535485][    C0] The buggy address is located 24 bytes inside of
[   57.535485][    C0]  freed 512-byte region [ffff88805f02b800, ffff88805f02ba00)
[   57.539713][    C0] 
[   57.540480][    C0] The buggy address belongs to the physical page:
[   57.542476][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f028
[   57.545160][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   57.547774][    C0] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   57.550137][    C0] page_type: f5(slab)
[   57.551387][    C0] raw: 04fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122
[   57.554029][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   57.556655][    C0] head: 04fff00000000040 ffff88801b842c80 dead000000000100 dead000000000122
[   57.559349][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   57.562014][    C0] head: 04fff00000000002 ffffea00017c0a01 00000000ffffffff 00000000ffffffff
[   57.564724][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   57.567359][    C0] page dumped because: kasan: bad access detected
[   57.569367][    C0] page_owner tracks the page as allocated
[   57.571040][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5977, tgid 5977 (syz-executor), ts 56667758463, free_ts 56656572805
[   57.577516][    C0]  post_alloc_hook+0x1c0/0x230
[   57.579051][    C0]  get_page_from_freelist+0x132b/0x38e0
[   57.580777][    C0]  __alloc_frozen_pages_noprof+0x261/0x23f0
[   57.582622][    C0]  new_slab+0x94/0x330
[   57.583901][    C0]  ___slab_alloc+0xcf2/0x1750
[   57.585367][    C0]  __slab_alloc.constprop.0+0x56/0xb0
[   57.587063][    C0]  __kmalloc_cache_node_noprof+0x100/0x420
[   57.588910][    C0]  alloc_fair_sched_group+0x20f/0x440
[   57.590594][    C0]  sched_create_group+0x2d/0x80
[   57.592127][    C0]  cpu_cgroup_css_alloc+0x15/0x30
[   57.593768][    C0]  cgroup_apply_control_enable+0x4b0/0xbb0
[   57.595599][    C0]  cgroup_mkdir+0x5e7/0x11f0
[   57.597058][    C0]  kernfs_iop_mkdir+0x10e/0x190
[   57.598658][    C0]  vfs_mkdir+0x590/0x8c0
[   57.599986][    C0]  do_mkdirat+0x304/0x3e0
[   57.601402][    C0]  __ia32_sys_mkdirat+0x82/0xb0
[   57.602946][    C0] page last free pid 5977 tgid 5977 stack trace:
[   57.604912][    C0]  __free_frozen_pages+0x7d5/0x10f0
[   57.606559][    C0]  stack_depot_save_flags+0x352/0x9c0
[   57.608250][    C0]  kasan_save_stack+0x42/0x60
[   57.609747][    C0]  kasan_save_track+0x14/0x30
[   57.611230][    C0]  __kasan_slab_alloc+0x89/0x90
[   57.612770][    C0]  kmem_cache_alloc_lru_noprof+0x1d0/0x3b0
[   57.614623][    C0]  shmem_alloc_inode+0x25/0x50
[   57.616144][    C0]  alloc_inode+0x61/0x240
[   57.617509][    C0]  new_inode+0x22/0x1c0
[   57.618839][    C0]  shmem_get_inode+0x19a/0xfb0
[   57.620415][    C0]  shmem_mknod+0x1a8/0x450
[   57.621853][    C0]  shmem_mkdir+0x31/0x80
[   57.623201][    C0]  vfs_mkdir+0x590/0x8c0
[   57.624538][    C0]  do_mkdirat+0x304/0x3e0
[   57.625906][    C0]  __ia32_sys_mkdirat+0x82/0xb0
[   57.627496][    C0]  __do_fast_syscall_32+0x7c/0x3a0
[   57.629122][    C0] 
[   57.629889][    C0] Memory state around the buggy address:
[   57.631641][    C0]  ffff88805f02b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.634202][    C0]  ffff88805f02b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.636699][    C0] >ffff88805f02b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.639266][    C0]                             ^
[   57.640800][    C0]  ffff88805f02b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.643303][    C0]  ffff88805f02b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.645791][    C0] ==================================================================
[   57.648261][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.650514][    C0] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[   57.653312][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   57.656615][    C0] Workqueue: mld mld_dad_work
[   57.658094][    C0] Call Trace:
[   57.659144][    C0]  <IRQ>
[   57.660056][    C0]  dump_stack_lvl+0x3d/0x1f0
[   57.661520][    C0]  vpanic+0x6e8/0x7a0
[   57.662835][    C0]  ? __pfx_vpanic+0x10/0x10
[   57.664270][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[   57.665785][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[   57.667259][    C0]  panic+0xca/0xd0
[   57.668375][    C0]  ? __pfx_panic+0x10/0x10
[   57.669807][    C0]  ? end_report+0x4c/0x170
[   57.671201][    C0]  ? rcu_is_watching+0x12/0xc0
[   57.672707][    C0]  ? lock_release+0x201/0x2f0
[   57.674192][    C0]  ? check_panic_on_warn+0x1f/0xb0
[   57.675798][    C0]  check_panic_on_warn+0xab/0xb0
[   57.677351][    C0]  end_report+0x107/0x170
[   57.678747][    C0]  kasan_report+0xee/0x110
[   57.680152][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[   57.681829][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[   57.683513][    C0]  __kasan_check_byte+0x36/0x50
[   57.685037][    C0]  lock_acquire+0xfc/0x350
[   57.686456][    C0]  ? __wake_up+0x3f/0x60
[   57.687801][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[   57.689429][    C0]  ? p9_req_put+0xaf/0x250
[   57.690833][    C0]  p9_req_put+0xaf/0x250
[   57.692161][    C0]  req_done+0x1dc/0x2e0
[   57.693466][    C0]  ? __pfx_req_done+0x10/0x10
[   57.694947][    C0]  ? __pfx_req_done+0x10/0x10
[   57.696422][    C0]  vring_interrupt+0x31b/0x400
[   57.697922][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[   57.699588][    C0]  __handle_irq_event_percpu+0x22c/0x7d0
[   57.701326][    C0]  handle_irq_event+0xab/0x1e0
[   57.702883][    C0]  handle_edge_irq+0x3ca/0x9e0
[   57.704434][    C0]  __common_interrupt+0xcd/0x2f0
[   57.706177][    C0]  common_interrupt+0xba/0xe0
[   57.707680][    C0]  </IRQ>
[   57.708636][    C0]  <TASK>
[   57.709575][    C0]  asm_common_interrupt+0x26/0x40
[   57.711150][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[   57.713135][    C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 e6 77 03 f6 48 89 df e8 ce cb 03 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 a5 c8 f3 f5 65 8b 05 fe 4b 42 08 85 c0 74 16 5b
[   57.719105][    C0] RSP: 0018:ffffc900001c72f8 EFLAGS: 00000246
[   57.720992][    C0] RAX: 0000000000000006 RBX: ffffffff9b03e760 RCX: 0000000000000002
[   57.723442][    C0] RDX: 0000000000000000 RSI: ffffffff8de4eb89 RDI: ffffffff8c163180
[   57.725905][    C0] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000001
[   57.728275][    C0] R10: ffffffff90aba297 R11: 0000000000000000 R12: dffffc0000000000
[   57.730747][    C0] R13: 0000000000000002 R14: 0000000000000002 R15: ffff88806920b000
[   57.733191][    C0]  debug_check_no_obj_freed+0x31f/0x600
[   57.734869][    C0]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[   57.736719][    C0]  kfree+0x28f/0x4d0
[   57.737900][    C0]  ? lock_acquire+0x179/0x350
[   57.739357][    C0]  ? skb_free_head+0x114/0x210
[   57.740863][    C0]  skb_free_head+0x114/0x210
[   57.742277][    C0]  skb_release_data+0x795/0x9e0
[   57.743749][    C0]  ? __pfx_sock_wfree+0x10/0x10
[   57.745253][    C0]  consume_skb+0xbf/0x100
[   57.746596][    C0]  nsim_start_xmit+0xc2/0xc50
[   57.748043][    C0]  dev_hard_start_xmit+0x94/0x740
[   57.749595][    C0]  sch_direct_xmit+0x1b2/0xcf0
[   57.751067][    C0]  ? lock_acquire+0x179/0x350
[   57.752531][    C0]  ? __pfx_sch_direct_xmit+0x10/0x10
[   57.754171][    C0]  ? do_raw_spin_lock+0x270/0x2b0
[   57.755752][    C0]  __dev_queue_xmit+0x144d/0x4490
[   57.757322][    C0]  ? ip6mr_fib_lookup+0x136/0x1a0
[   57.758916][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[   57.760581][    C0]  ? __lock_acquire+0x62e/0x1ce0
[   57.762131][    C0]  ? __lock_acquire+0xb97/0x1ce0
[   57.763676][    C0]  ? find_held_lock+0x2b/0x80
[   57.765135][    C0]  ip6_finish_output2+0xe98/0x2020
[   57.766867][    C0]  __ip6_finish_output+0x3cd/0x1010
[   57.768786][    C0]  ip6_output+0x1ca/0x3e0
[   57.770530][    C0]  mld_sendpack+0x9ea/0x1270
[   57.772400][    C0]  ? __pfx_mld_sendpack+0x10/0x10
[   57.774413][    C0]  mld_send_initial_cr+0x214/0x320
[   57.776451][    C0]  mld_dad_work+0x32/0x1f0
[   57.778145][    C0]  process_one_work+0x9cf/0x1b70
[   57.780139][    C0]  ? __pfx_mld_ifc_work+0x10/0x10
[   57.782169][    C0]  ? __pfx_process_one_work+0x10/0x10
[   57.784236][    C0]  ? assign_work+0x1a0/0x250
[   57.785722][    C0]  worker_thread+0x6c8/0xf10
[   57.787198][    C0]  ? __pfx_worker_thread+0x10/0x10
[   57.789149][    C0]  kthread+0x3c5/0x780
[   57.790604][    C0]  ? __pfx_kthread+0x10/0x10
[   57.792049][    C0]  ? rcu_is_watching+0x12/0xc0
[   57.793541][    C0]  ? __pfx_kthread+0x10/0x10
[   57.795003][    C0]  ret_from_fork+0x5d7/0x6f0
[   57.796459][    C0]  ? __pfx_kthread+0x10/0x10
[   57.797909][    C0]  ret_from_fork_asm+0x1a/0x30
[   57.799446][    C0]  </TASK>
[   57.800958][    C0] Kernel Offset: disabled
[   57.802664][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:46:06  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8561a2b5 RDI=ffffffff9b0ff700 RBP=ffffffff9b0ff6c0 RSP=ffffc90000007760
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000074 R14=ffffffff9b0ff6c0 R15=ffffffff8561a250
RIP=ffffffff8561a2df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974bd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000032805ffc CR3=000000006caa7000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81cb34df RDX=ffff888027b18000
RSI=ffffffff8c163100 RDI=ffffffff8c163140 RBP=00000000f70cf100 RSP=ffffc9000387f500
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffffff81a676b0 R13=ffffc9000387f638 R14=0000000000000000 R15=ffff888027b18000
RIP=ffffffff8b914380 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975bd000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000003270cffc CR3=000000006c4d1000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88806ca9be58 RCX=ffffc9000390fa24 RDX=0000000000000000
RSI=ffffffff8182bb94 RDI=ffff8880248aa884 RBP=0000000000000200 RSP=ffffc9000390fad8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000002
R12=0000000000000008 R13=ffff88801b885400 R14=0000000000000000 R15=ffff888024dd8b00
RIP=ffffffff81bb0b78 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976bd000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000080ddc000 CR3=000000006cabc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000002c00000012 0004000000080024 0000000000280030
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000d 0000001800000000 0000000000000000 0000000000000017
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 88030208000a0800 4a0800060070ce38 000005d600000012 0000000e00000002
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0102cc0004001980 080059800201c708 0008084bc6006f72 657a2f7665642f01
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff eb08598003100a80 0605100d8004050a 80020d8002058002
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 049a08000802749c 0000000000000000 0000000001ffffff ffffffffffe70805
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b80301080005b003 00080005a0030008 0005980300080005 900305d3ce080005
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c8030210000bb803 018008000bb00300 08000ba8030fffff ffff020ba0030010
ZMM25=3053ea6a3053ea6a 3053ea6a3053ea6a 3053ea6a3053ea6a 3053ea6a3053ea6a 3053ea6a3053ea6a 3053ea6a3053ea6a 3053ea6a3053ea6a 3053ea6a3053ea6a
ZMM26=05fe358905fe3589 05fe358905fe3589 05fe358905fe3589 05fe358905fe3589 05fe358905fe3589 05fe358905fe3589 05fe358905fe3589 05fe358905fe3589
ZMM27=1b794c721b794c72 1b794c721b794c72 1b794c721b794c72 1b794c721b794c72 1b794c721b794c72 1b794c721b794c72 1b794c721b794c72 1b794c721b794c72
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0102000001020000 0102000001020000 0102000001020000 0102000001020000 0102000001020000 0102000001020000 0102000001020000 0102000001020000
info registers vcpu 3

CPU#3
RAX=0000000000059479 RBX=ffff88801c338000 RCX=ffffffff81c2f06f RDX=0000000000000000
RSI=ffffffff8de4eb89 RDI=ffffffff8c163180 RBP=ffffc9000048fc20 RSP=ffffc9000048fbd8
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90aba297 R11=0000000000000000
R12=ffff88802b53a440 R13=ffff888024a78000 R14=ffff88802b43a440 R15=ffff88802b53b2b0
RIP=ffffffff8188a43a RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977bd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000080b6f000 CR3=000000006cabc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000