last executing test programs: 760.360779ms ago: executing program 0 (id=1074): syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x2b, 0x0, @loopback, @loopback, [], "1e520b4c951ee12e"}}}}}}}, 0x0) 630.096938ms ago: executing program 0 (id=1080): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 545.128807ms ago: executing program 2 (id=1081): iopl(0x3) 544.999168ms ago: executing program 3 (id=1082): syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00k', 0x18, 0x3a, 0xff, @empty, @local, {[], @ndisc_na={0x87, 0x0, 0x0, 0x0, '\x00', @local}}}}}}, 0x0) 448.204067ms ago: executing program 0 (id=1084): syz_emit_ethernet(0x2a, &(0x7f0000000000)={@broadcast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) 447.884222ms ago: executing program 3 (id=1086): fanotify_init(0x962fb416e2982c00, 0x0) 447.798587ms ago: executing program 2 (id=1087): syz_emit_ethernet(0x7e, &(0x7f0000001180)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x48, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private2, [@fragment={0x11, 0x0, 0xff, 0x0, 0x0, 0x4, 0x67}, @dstopts={0x32, 0x0, '\x00', [@pad1]}]}}}}}}}, 0x0) 447.730893ms ago: executing program 1 (id=1088): clock_getres(0xeaffffff, 0x0) 382.732328ms ago: executing program 3 (id=1089): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x8000000, 0xc8, 0x408}, 0x48) 382.492425ms ago: executing program 2 (id=1090): rename(&(0x7f0000000640)='.\x00', &(0x7f0000000680)='./file0\x00') 382.378279ms ago: executing program 0 (id=1091): syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @multicast1}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @multicast1}}}}}}, 0x0) 313.180343ms ago: executing program 1 (id=1092): syz_emit_ethernet(0x82, &(0x7f0000000140)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@rand_addr=0x64010184}, {@private}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0) 313.082203ms ago: executing program 3 (id=1093): syz_emit_ethernet(0x86, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa1a18ccacd4b98100000086dd60100000004c2f0000000000000000000000ffff7f000001ff02000000000000000000000000000100000800fcff"], 0x0) 248.612718ms ago: executing program 1 (id=1094): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x3, [@ptr={0x0, 0x0, 0x0, 0x2, 0x2}, @typedef={0x1, 0x0, 0x0, 0x8, 0x3}, @func={0x1}]}, {0x0, [0x5f]}}, 0x0, 0x3f}, 0x20) 243.44746ms ago: executing program 2 (id=1095): keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x972d6febd95d1ae6) 243.112179ms ago: executing program 3 (id=1096): syz_emit_ethernet(0x56, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "19f14d", 0x20, 0x3c, 0x0, @rand_addr=' \x01\x00', @mcast2, {[@hopopts={0x0, 0x0, '\x00', [@padn]}], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '8(}', 0x0, "1d00"}}}}}}}, 0x0) 242.999075ms ago: executing program 0 (id=1097): lsm_get_self_attr(0x66, &(0x7f0000000180)={0x0, 0x0, 0xa2, 0x82, ""/130}, &(0x7f0000000240)=0xa2, 0x1) 173.188063ms ago: executing program 1 (id=1098): syz_io_uring_setup(0x110, &(0x7f0000000a00)={0x0, 0x16c9, 0xc27, 0x1, 0x200}, 0x0, 0x0) 111.500451ms ago: executing program 1 (id=1099): syz_emit_ethernet(0x7e, &(0x7f0000000140)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @redirect={0xb, 0x3, 0x0, @broadcast, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @empty, @remote, {[@timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x0, [{@local}, {@private}, {@remote}]}, @timestamp_addr={0x44, 0x24, 0x0, 0x1, 0x0, [{@local}, {}, {@empty}, {@loopback}]}]}}}}}}}, 0x0) 68.631049ms ago: executing program 3 (id=1100): mount$9p_virtio(&(0x7f0000000640), &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x0, &(0x7f0000000740)={'trans=virtio,', {[{@noextend}]}}) 68.505371ms ago: executing program 0 (id=1101): keyctl$reject(0x14, 0x0, 0x1ffffffd, 0x8000000000000001, 0x0) 68.432524ms ago: executing program 2 (id=1102): mount_setattr(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x7000}, 0x20) 186.917µs ago: executing program 1 (id=1103): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f00000003c0)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 0s ago: executing program 2 (id=1104): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3000}, [@alu={0x7, 0x0, 0x2, 0x0, 0x0, 0xb, 0x2f22}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x90) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:2949' (ED25519) to the list of known hosts. [ 66.762404][ T5334] cgroup: Unknown subsys name 'net' [ 66.949448][ T5334] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.553365][ T5334] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.545124][ T4771] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.550792][ T4771] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.565175][ T4771] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.570005][ T4771] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.574319][ T4771] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.589227][ T4771] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.863895][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.874427][ T1380] ieee802154 phy1 wpan1: encryption failed: -22 [ 81.690224][ T4771] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.706470][ T4771] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.712647][ T5466] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.727063][ T5466] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.730505][ T5466] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.735390][ T5466] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.738772][ T5466] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.741662][ T5466] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.757861][ T4771] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.857376][ T4771] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.884812][ T4771] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.904810][ T4771] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.911115][ T5370] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.915667][ T4771] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.919286][ T5370] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.919722][ T4771] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.932902][ T5464] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.937726][ T5464] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.941565][ T5464] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.942881][ T5370] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.949584][ T5370] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.975559][ T5370] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.013279][ T5370] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 82.019840][ T5370] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.400908][ T5463] chnl_net:caif_netlink_parms(): no params data found [ 82.793327][ T5461] chnl_net:caif_netlink_parms(): no params data found [ 82.954015][ T5463] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.959358][ T5463] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.963945][ T5463] bridge_slave_0: entered allmulticast mode [ 82.970853][ T5463] bridge_slave_0: entered promiscuous mode [ 82.994758][ T5467] chnl_net:caif_netlink_parms(): no params data found [ 83.011641][ T5463] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.014683][ T5463] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.017684][ T5463] bridge_slave_1: entered allmulticast mode [ 83.021996][ T5463] bridge_slave_1: entered promiscuous mode [ 83.082801][ T5469] chnl_net:caif_netlink_parms(): no params data found [ 83.144822][ T5461] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.157424][ T5461] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.185292][ T5461] bridge_slave_0: entered allmulticast mode [ 83.189572][ T5461] bridge_slave_0: entered promiscuous mode [ 83.214925][ T5461] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.218351][ T5461] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.221729][ T5461] bridge_slave_1: entered allmulticast mode [ 83.231858][ T5461] bridge_slave_1: entered promiscuous mode [ 83.375603][ T5463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.447733][ T5463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.455001][ T5461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.462739][ T5461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.683971][ T5463] team0: Port device team_slave_0 added [ 83.747229][ T5467] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.750602][ T5467] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.753750][ T5467] bridge_slave_0: entered allmulticast mode [ 83.762147][ T5467] bridge_slave_0: entered promiscuous mode [ 83.768065][ T5463] team0: Port device team_slave_1 added [ 83.781371][ T5461] team0: Port device team_slave_0 added [ 83.787031][ T5461] team0: Port device team_slave_1 added [ 83.828401][ T5469] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.831623][ T5469] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.834774][ T5469] bridge_slave_0: entered allmulticast mode [ 83.838140][ T5469] bridge_slave_0: entered promiscuous mode [ 83.842447][ T5467] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.845282][ T5467] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.848307][ T5467] bridge_slave_1: entered allmulticast mode [ 83.852002][ T5467] bridge_slave_1: entered promiscuous mode [ 83.885621][ T5370] Bluetooth: hci1: command tx timeout [ 83.946192][ T5463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.949349][ T5463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.960076][ T5463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.964596][ T5370] Bluetooth: hci2: command tx timeout [ 83.968584][ T67] Bluetooth: hci0: command tx timeout [ 83.991876][ T5469] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.994698][ T5469] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.997156][ T5469] bridge_slave_1: entered allmulticast mode [ 84.000205][ T5469] bridge_slave_1: entered promiscuous mode [ 84.066517][ T5463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.069727][ T5463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.081172][ T5463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.134377][ T67] Bluetooth: hci3: command tx timeout [ 84.151504][ T5467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.159570][ T5467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.191537][ T5461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.194166][ T5461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.203559][ T5461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.211396][ T5469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.219666][ T5469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.393531][ T5461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.396729][ T5461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.409496][ T5461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.518184][ T5463] hsr_slave_0: entered promiscuous mode [ 84.522496][ T5463] hsr_slave_1: entered promiscuous mode [ 84.531844][ T5467] team0: Port device team_slave_0 added [ 84.540316][ T5467] team0: Port device team_slave_1 added [ 84.660537][ T5469] team0: Port device team_slave_0 added [ 84.667156][ T5469] team0: Port device team_slave_1 added [ 84.670702][ T5467] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.673628][ T5467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.684462][ T5467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.812424][ T5467] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.815792][ T5467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.827105][ T5467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.870953][ T5461] hsr_slave_0: entered promiscuous mode [ 84.873865][ T5461] hsr_slave_1: entered promiscuous mode [ 84.876895][ T5461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.880097][ T5461] Cannot create hsr debugfs directory [ 84.883248][ T5469] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.886466][ T5469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.898384][ T5469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.915302][ T5469] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.919018][ T5469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.932412][ T5469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.211132][ T5467] hsr_slave_0: entered promiscuous mode [ 85.239986][ T5467] hsr_slave_1: entered promiscuous mode [ 85.243799][ T5467] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.247183][ T5467] Cannot create hsr debugfs directory [ 85.437469][ T5469] hsr_slave_0: entered promiscuous mode [ 85.443167][ T5469] hsr_slave_1: entered promiscuous mode [ 85.449663][ T5469] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.453086][ T5469] Cannot create hsr debugfs directory [ 85.973498][ T67] Bluetooth: hci1: command tx timeout [ 86.044525][ T67] Bluetooth: hci2: command tx timeout [ 86.051560][ T67] Bluetooth: hci0: command tx timeout [ 86.052716][ T5463] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.097355][ T5463] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.131359][ T5463] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.143428][ T5463] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.158741][ T5469] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.189839][ T5469] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.196042][ T5469] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.208010][ T67] Bluetooth: hci3: command tx timeout [ 86.218278][ T5469] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.246472][ T5461] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.264398][ T5461] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.288288][ T5461] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.313805][ T5461] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.382300][ T5467] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.412965][ T5467] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.432459][ T5467] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.469358][ T5467] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.606414][ T5463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.690014][ T5469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.733323][ T5461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.779476][ T5469] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.822427][ T5463] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.864059][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.867277][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.876952][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.889081][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.907525][ T5461] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.922947][ T5467] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.958590][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.962009][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.976052][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.978850][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.989175][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.991781][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.014866][ T5467] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.082303][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.085494][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.099464][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.105856][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.148533][ T5461] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 87.159393][ T5461] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.189505][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.193463][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.291633][ T5467] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.379248][ T5463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.438292][ T5463] veth0_vlan: entered promiscuous mode [ 87.454266][ T5463] veth1_vlan: entered promiscuous mode [ 87.489372][ T5469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.542813][ T5463] veth0_macvtap: entered promiscuous mode [ 87.558349][ T5461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.563467][ T5463] veth1_macvtap: entered promiscuous mode [ 87.655055][ T5467] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.660678][ T5469] veth0_vlan: entered promiscuous mode [ 87.672552][ T5469] veth1_vlan: entered promiscuous mode [ 87.678801][ T5463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.689888][ T5461] veth0_vlan: entered promiscuous mode [ 87.694594][ T5463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.781783][ T5463] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.785567][ T5463] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.789057][ T5463] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.795701][ T5463] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.829491][ T5461] veth1_vlan: entered promiscuous mode [ 87.852575][ T5469] veth0_macvtap: entered promiscuous mode [ 87.860053][ T5469] veth1_macvtap: entered promiscuous mode [ 87.870991][ T5467] veth0_vlan: entered promiscuous mode [ 87.953402][ T5467] veth1_vlan: entered promiscuous mode [ 87.965232][ T5469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.970459][ T5469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.980163][ T5469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.017638][ T5469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.025240][ T5469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.031013][ T5469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.039245][ T5469] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.044998][ T5469] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.049463][ T5469] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.052243][ T67] Bluetooth: hci1: command tx timeout [ 88.059073][ T5469] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.125820][ T67] Bluetooth: hci0: command tx timeout [ 88.128301][ T67] Bluetooth: hci2: command tx timeout [ 88.181389][ T5461] veth0_macvtap: entered promiscuous mode [ 88.192505][ T5467] veth0_macvtap: entered promiscuous mode [ 88.238669][ T5467] veth1_macvtap: entered promiscuous mode [ 88.245527][ T5461] veth1_macvtap: entered promiscuous mode [ 88.294436][ T67] Bluetooth: hci3: command tx timeout [ 88.307552][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.310753][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.322630][ T5467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.327326][ T5467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.339325][ T5467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.343681][ T5467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.376942][ T5467] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.471535][ T5467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.476015][ T5467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.480055][ T5467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.486492][ T5467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.492208][ T5467] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.546875][ T5461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.566702][ T5461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.570797][ T5461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.589514][ T5461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.593077][ T5461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.602380][ T5461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.622876][ T5461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.631544][ T5467] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.637603][ T5467] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.640964][ T5467] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.643928][ T5467] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.655243][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.659915][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.665728][ T5461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.671344][ T5461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.676437][ T5461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.681429][ T5461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.685481][ T5461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.690982][ T5461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.700076][ T5461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.707458][ T5461] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.712928][ T5461] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.723139][ T5461] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.736225][ T5461] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.829091][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.832011][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.956672][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.959979][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.064466][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.067436][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.093316][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.096573][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.334155][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.349957][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.363175][ T1202] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.366414][ T1202] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.571656][ T5532] futex_wake_op: syz.2.76 tries to shift op by 32; fix this program [ 90.146683][ T67] Bluetooth: hci1: command tx timeout [ 90.223992][ T67] Bluetooth: hci2: command tx timeout [ 90.226881][ T67] Bluetooth: hci0: command tx timeout [ 90.585930][ T5585] dccp_v6_rcv: dropped packet with invalid checksum [ 91.082361][ T5596] tmpfs: Unknown parameter 'smackfshat' [ 92.258197][ T35] cfg80211: failed to load regulatory.db [ 99.997641][ T35] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 100.286341][ T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 100.295675][ T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 100.313207][ T35] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 22 [ 100.360888][ T35] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 100.367362][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 100.393192][ T35] usb 8-1: SerialNumber: syz [ 100.422546][ T6081] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 100.473343][ T6081] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 100.546479][ T35] cdc_acm 8-1:1.0: Control and data interfaces are not separated! [ 100.552064][ T35] cdc_acm 8-1:1.0: This needs exactly 3 endpoints [ 100.573248][ T35] cdc_acm 8-1:1.0: probe with driver cdc_acm failed with error -22 [ 100.716148][ T35] usb 8-1: USB disconnect, device number 2 [ 100.887674][ T6139] tmpfs: Unknown parameter 'smackfshat' [ 101.969009][ T67] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 101.976547][ T67] Bluetooth: hci3: Injecting HCI hardware error event [ 101.983639][ T5370] Bluetooth: hci3: hardware error 0x00 [ 104.099847][ T6357] dccp_invalid_packet: P.Data Offset(80) too large [ 104.124374][ T5370] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 104.408419][ T6380] futex_wake_op: syz.2.491 tries to shift op by -1; fix this program [ 105.658141][ T6437] bpf: Bad value for 'uid' [ 106.314321][ T5514] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 106.562609][ T5514] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 106.567953][ T5514] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 106.572718][ T5514] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 22 [ 106.585619][ T5514] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 106.623547][ T5514] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 106.631834][ T5514] usb 5-1: SerialNumber: syz [ 106.687673][ T6453] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 106.726561][ T6453] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 106.764432][ T5514] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 106.768090][ T5514] cdc_acm 5-1:1.0: This needs exactly 3 endpoints [ 106.771023][ T5514] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22 [ 107.013279][ T5569] usb 5-1: USB disconnect, device number 2 [ 107.509389][ T6539] bpf: Bad value for 'uid' [ 107.556738][ T6543] dccp_invalid_packet: invalid packet type [ 108.173659][ T6588] binder: Binderfs stats mode cannot be changed during a remount [ 108.528815][ T6609] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0003 with DS=0x7 [ 108.795753][ T40] audit: type=1326 audit(1724510514.673:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6624 comm="syz.2.615" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0 [ 109.414044][ T6674] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253 [ 109.417297][ T6674] PKCS7: Only support pkcs7_signedData type [ 109.908742][ T6708] 9pnet_fd: Insufficient options for proto=fd [ 115.173367][ T7023] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 115.840723][ T40] audit: type=1326 audit(1724511289.987:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.3.824" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x0 [ 115.945574][ T7067] 9pnet: Unknown protocol version 9p20\++} [ 117.460624][ T7178] IPv6: addrconf: prefix option has invalid lifetime [ 117.944774][ T7212] autofs: Unknown parameter 'no9 PG!8E8- ŖEeլ( Ir\u}ibT0;my[Gc#>QkbY&#w@/VVL~12lhOh'rK1\kU{!eܚ7 [ 117.944774][ T7212] Ue[%#s' [ 118.935695][ T7290] binder: Bad value for 'max' [ 119.100984][ T7305] syz.0.949 (7305): attempted to duplicate a private mapping with mremap. This is not supported. [ 121.072734][ T7363] could not allocate digest TFM handle rmd128-generic [ 123.670431][ T7556] dns_resolver: Unsupported server list version (0) [ 124.528371][ C0] ================================================================== [ 124.533150][ C0] BUG: KASAN: slab-use-after-free in __lock_acquire+0x2de0/0x3cb0 [ 124.539629][ C0] Read of size 8 at addr ffff888000cc9818 by task syz-executor/5467 [ 124.554932][ T67] Bluetooth: hci2: command 0x0406 tx timeout [ 124.565430][ C0] [ 124.565442][ C0] CPU: 0 UID: 0 PID: 5467 Comm: syz-executor Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 124.565463][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.565473][ C0] Call Trace: [ 124.565481][ C0] [ 124.565488][ C0] dump_stack_lvl+0x116/0x1f0 [ 124.565514][ C0] print_report+0xc3/0x620 [ 124.565533][ C0] ? __virt_addr_valid+0x5e/0x590 [ 124.565552][ C0] ? __phys_addr+0xc6/0x150 [ 124.565570][ C0] kasan_report+0xd9/0x110 [ 124.565588][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 124.565609][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 124.565630][ C0] __lock_acquire+0x2de0/0x3cb0 [ 124.565650][ C0] ? try_to_wake_up+0x5d7/0x13e0 [ 124.565672][ C0] ? __pfx_lock_release+0x10/0x10 [ 124.565696][ C0] ? rcu_is_watching+0x12/0xc0 [ 124.565718][ C0] ? __smp_call_single_queue+0x174/0x1e0 [ 124.565739][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 124.565758][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 124.565781][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 124.565802][ C0] lock_acquire+0x1b1/0x560 [ 124.565822][ C0] ? p9_req_put+0xaf/0x250 [ 124.565841][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 124.565859][ C0] ? __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 [ 124.565880][ C0] ? select_task_rq_fair+0x360/0x44b0 [ 124.565899][ C0] ? do_raw_spin_unlock+0x53/0x230 [ 124.565920][ C0] ? .slowpath+0x9/0x18 [ 124.565938][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 124.565956][ C0] ? p9_req_put+0xaf/0x250 [ 124.565970][ C0] p9_req_put+0xaf/0x250 [ 124.565987][ C0] req_done+0x1e7/0x2f0 [ 124.566012][ C0] ? __pfx_req_done+0x10/0x10 [ 124.566036][ C0] ? __pfx_req_done+0x10/0x10 [ 124.566059][ C0] vring_interrupt+0x31b/0x400 [ 124.566080][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 124.566097][ C0] __handle_irq_event_percpu+0x229/0x7c0 [ 124.566122][ C0] handle_irq_event+0xab/0x1e0 [ 124.566144][ C0] handle_edge_irq+0x263/0xd10 [ 124.566167][ C0] __common_interrupt+0xdf/0x250 [ 124.566188][ C0] common_interrupt+0xab/0xd0 [ 124.566210][ C0] [ 124.566215][ C0] [ 124.566222][ C0] asm_common_interrupt+0x26/0x40 [ 124.566246][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 124.566266][ C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 f6 27 61 f6 48 89 df e8 ee a4 61 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 c5 21 53 f6 65 8b 05 16 bd fb 74 85 c0 74 16 5b [ 124.566281][ C0] RSP: 0018:ffffc9000321fc10 EFLAGS: 00000246 [ 124.566297][ C0] RAX: 0000000000000002 RBX: ffff888023c5ae40 RCX: 1ffffffff2021fd9 [ 124.566308][ C0] RDX: 0000000000000000 RSI: ffffffff8b4cd020 RDI: ffffffff8bb055e0 [ 124.566317][ C0] RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000001 [ 124.566327][ C0] R10: ffffffff9011431f R11: ffff88802c328a40 R12: 1ffff92000643f8a [ 124.566338][ C0] R13: ffff888027e14000 R14: ffff888023c5a6f0 R15: ffff88802c33fb58 [ 124.566356][ C0] wake_up_new_task+0x7b5/0xd30 [ 124.566379][ C0] ? __pfx_wake_up_new_task+0x10/0x10 [ 124.566400][ C0] ? get_lruvec+0x9c/0x110 [ 124.566418][ C0] ? lru_gen_add_mm+0x32b/0x430 [ 124.566435][ C0] kernel_clone+0x5fd/0x960 [ 124.566455][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 124.566477][ C0] ? find_held_lock+0x59/0x110 [ 124.566494][ C0] __do_compat_sys_ia32_clone+0xb7/0x100 [ 124.566516][ C0] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 124.566541][ C0] __do_fast_syscall_32+0x73/0x120 [ 124.566561][ C0] do_fast_syscall_32+0x32/0x80 [ 124.566581][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 124.566598][ C0] RIP: 0023:0xf7f21579 [ 124.566611][ C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 124.566625][ C0] RSP: 002b:00000000ffca32fc EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 124.566639][ C0] RAX: ffffffffffffffda RBX: 0000000001200011 RCX: 0000000000000000 [ 124.566648][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000056a424a8 [ 124.566657][ C0] RBP: 00000000f73b0ff4 R08: 0000000000000000 R09: 0000000000000000 [ 124.566668][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 124.566683][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.566698][ C0] [ 124.566704][ C0] [ 124.566707][ C0] Allocated by task 7618: [ 124.566714][ C0] kasan_save_stack+0x33/0x60 [ 124.566729][ C0] kasan_save_track+0x14/0x30 [ 124.566744][ C0] __kasan_kmalloc+0xaa/0xb0 [ 124.566756][ C0] p9_client_create+0xcf/0x11b0 [ 124.566770][ C0] v9fs_session_init+0x1f8/0x1a80 [ 124.566790][ C0] v9fs_mount+0xc6/0xa50 [ 124.566804][ C0] legacy_get_tree+0x109/0x220 [ 124.566822][ C0] vfs_get_tree+0x8f/0x380 [ 124.566841][ C0] path_mount+0x6e1/0x1f10 [ 124.566860][ C0] __ia32_sys_mount+0x292/0x310 [ 124.566877][ C0] __do_fast_syscall_32+0x73/0x120 [ 124.566894][ C0] do_fast_syscall_32+0x32/0x80 [ 124.566912][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 124.566926][ C0] [ 124.566929][ C0] Freed by task 7618: [ 124.566936][ C0] kasan_save_stack+0x33/0x60 [ 124.566950][ C0] kasan_save_track+0x14/0x30 [ 124.566964][ C0] kasan_save_free_info+0x3b/0x60 [ 124.566982][ C0] poison_slab_object+0xf7/0x160 [ 124.566994][ C0] __kasan_slab_free+0x32/0x50 [ 124.567008][ C0] kfree+0x12a/0x3b0 [ 124.567028][ C0] p9_client_create+0x9ca/0x11b0 [ 124.567045][ C0] v9fs_session_init+0x1f8/0x1a80 [ 124.567064][ C0] v9fs_mount+0xc6/0xa50 [ 124.567078][ C0] legacy_get_tree+0x109/0x220 [ 124.567095][ C0] vfs_get_tree+0x8f/0x380 [ 124.567111][ C0] path_mount+0x6e1/0x1f10 [ 124.567130][ C0] __ia32_sys_mount+0x292/0x310 [ 124.567149][ C0] __do_fast_syscall_32+0x73/0x120 [ 124.567167][ C0] do_fast_syscall_32+0x32/0x80 [ 124.567185][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 124.567199][ C0] [ 124.567203][ C0] The buggy address belongs to the object at ffff888000cc9800 [ 124.567203][ C0] which belongs to the cache kmalloc-512 of size 512 [ 124.567213][ C0] The buggy address is located 24 bytes inside of [ 124.567213][ C0] freed 512-byte region [ffff888000cc9800, ffff888000cc9a00) [ 124.567227][ C0] [ 124.567231][ C0] The buggy address belongs to the physical page: [ 124.567236][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xcc8 [ 124.567250][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 124.567262][ C0] ksm flags: 0x7ff00000000040(head|node=0|zone=0|lastcpupid=0x7ff) [ 124.567277][ C0] page_type: 0xfdffffff(slab) [ 124.567292][ C0] raw: 007ff00000000040 ffff888015842c80 ffffea0000ad6700 dead000000000003 [ 124.567306][ C0] raw: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000 [ 124.567320][ C0] head: 007ff00000000040 ffff888015842c80 ffffea0000ad6700 dead000000000003 [ 124.567332][ C0] head: 0000000000000000 0000000080100010 00000001fdffffff 0000000000000000 [ 124.567346][ C0] head: 007ff00000000002 ffffea0000033201 ffffffffffffffff 0000000000000000 [ 124.567360][ C0] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 124.567368][ C0] page dumped because: kasan: bad access detected [ 124.567375][ C0] page_owner tracks the page as allocated [ 124.567380][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5463, tgid 5463 (syz-executor), ts 87800381473, free_ts 87597042558 [ 124.567407][ C0] post_alloc_hook+0x2d1/0x350 [ 124.567422][ C0] get_page_from_freelist+0x1351/0x2e50 [ 124.567437][ C0] __alloc_pages_noprof+0x22b/0x2460 [ 124.567453][ C0] alloc_slab_page+0x4e/0xf0 [ 124.567472][ C0] new_slab+0x84/0x260 [ 124.567485][ C0] ___slab_alloc+0xdac/0x1870 [ 124.567499][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 124.567514][ C0] __kmalloc_noprof+0x379/0x410 [ 124.567528][ C0] fib6_info_alloc+0x40/0x160 [ 124.567545][ C0] ip6_route_info_create+0x337/0x1aa0 [ 124.567557][ C0] ip6_route_add+0x26/0x1c0 [ 124.567569][ C0] addrconf_add_mroute+0x1de/0x350 [ 124.567585][ C0] addrconf_add_dev+0x14e/0x1c0 [ 124.567602][ C0] addrconf_init_auto_addrs+0x380/0x820 [ 124.567621][ C0] addrconf_notify+0xe9e/0x19d0 [ 124.567640][ C0] notifier_call_chain+0xb9/0x410 [ 124.567654][ C0] page last free pid 113 tgid 113 stack trace: [ 124.567661][ C0] free_unref_folios+0x9e9/0x1390 [ 124.567681][ C0] shrink_folio_list+0x3584/0x41e0 [ 124.567701][ C0] evict_folios+0x6e0/0x1b30 [ 124.567721][ C0] try_to_shrink_lruvec+0x612/0x9b0 [ 124.567742][ C0] shrink_one+0x3e3/0x7b0 [ 124.567761][ C0] lru_gen_shrink_node+0x69f/0x1510 [ 124.567775][ C0] balance_pgdat+0x110f/0x1950 [ 124.567786][ C0] kswapd+0x5ea/0xbf0 [ 124.567798][ C0] kthread+0x2c1/0x3a0 [ 124.567812][ C0] ret_from_fork+0x45/0x80 [ 124.567832][ C0] ret_from_fork_asm+0x1a/0x30 [ 124.567852][ C0] [ 124.567856][ C0] Memory state around the buggy address: [ 124.567862][ C0] ffff888000cc9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 124.567873][ C0] ffff888000cc9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 124.567882][ C0] >ffff888000cc9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.567888][ C0] ^ [ 124.567896][ C0] ffff888000cc9880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.567906][ C0] ffff888000cc9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.567914][ C0] ================================================================== [ 124.567922][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 124.567928][ C0] CPU: 0 UID: 0 PID: 5467 Comm: syz-executor Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 124.567946][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 124.567955][ C0] Call Trace: [ 124.567961][ C0] [ 124.567967][ C0] dump_stack_lvl+0x3d/0x1f0 [ 124.567990][ C0] panic+0x6dc/0x7c0 [ 124.568009][ C0] ? __pfx_panic+0x10/0x10 [ 124.568026][ C0] ? rcu_is_watching+0x12/0xc0 [ 124.568048][ C0] ? __pfx_lock_release+0x10/0x10 [ 124.568069][ C0] ? check_panic_on_warn+0x1f/0xb0 [ 124.568091][ C0] check_panic_on_warn+0xab/0xb0 [ 124.568110][ C0] end_report+0x117/0x180 [ 124.568125][ C0] kasan_report+0xe9/0x110 [ 124.568143][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 124.568163][ C0] ? __lock_acquire+0x2de0/0x3cb0 [ 124.568185][ C0] __lock_acquire+0x2de0/0x3cb0 [ 124.568205][ C0] ? try_to_wake_up+0x5d7/0x13e0 [ 124.568225][ C0] ? __pfx_lock_release+0x10/0x10 [ 124.568241][ C0] ? rcu_is_watching+0x12/0xc0 [ 124.568262][ C0] ? __smp_call_single_queue+0x174/0x1e0 [ 124.568286][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 124.568305][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 124.568349][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 124.568366][ C0] lock_acquire+0x1b1/0x560 [ 124.568386][ C0] ? p9_req_put+0xaf/0x250 [ 124.568404][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 124.568424][ C0] ? __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 [ 124.568445][ C0] ? select_task_rq_fair+0x360/0x44b0 [ 124.568463][ C0] ? do_raw_spin_unlock+0x53/0x230 [ 124.568481][ C0] ? .slowpath+0x9/0x18 [ 124.568500][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 124.568517][ C0] ? p9_req_put+0xaf/0x250 [ 124.568534][ C0] p9_req_put+0xaf/0x250 [ 124.568551][ C0] req_done+0x1e7/0x2f0 [ 124.568575][ C0] ? __pfx_req_done+0x10/0x10 [ 124.568596][ C0] ? __pfx_req_done+0x10/0x10 [ 124.568618][ C0] vring_interrupt+0x31b/0x400 [ 124.568636][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 124.568655][ C0] __handle_irq_event_percpu+0x229/0x7c0 [ 124.568684][ C0] handle_irq_event+0xab/0x1e0 [ 124.568705][ C0] handle_edge_irq+0x263/0xd10 [ 124.568725][ C0] __common_interrupt+0xdf/0x250 [ 124.568746][ C0] common_interrupt+0xab/0xd0 [ 124.568768][ C0] [ 124.568774][ C0] [ 124.568780][ C0] asm_common_interrupt+0x26/0x40 [ 124.568803][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 124.568819][ C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 f6 27 61 f6 48 89 df e8 ee a4 61 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 c5 21 53 f6 65 8b 05 16 bd fb 74 85 c0 74 16 5b [ 124.568833][ C0] RSP: 0018:ffffc9000321fc10 EFLAGS: 00000246 [ 124.568846][ C0] RAX: 0000000000000002 RBX: ffff888023c5ae40 RCX: 1ffffffff2021fd9 [ 124.568857][ C0] RDX: 0000000000000000 RSI: ffffffff8b4cd020 RDI: ffffffff8bb055e0 [ 124.568867][ C0] RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000001 [ 124.568877][ C0] R10: ffffffff9011431f R11: ffff88802c328a40 R12: 1ffff92000643f8a [ 124.568888][ C0] R13: ffff888027e14000 R14: ffff888023c5a6f0 R15: ffff88802c33fb58 [ 124.568905][ C0] wake_up_new_task+0x7b5/0xd30 [ 124.568925][ C0] ? __pfx_wake_up_new_task+0x10/0x10 [ 124.568944][ C0] ? get_lruvec+0x9c/0x110 [ 124.568964][ C0] ? lru_gen_add_mm+0x32b/0x430 [ 124.568981][ C0] kernel_clone+0x5fd/0x960 [ 124.569000][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 124.569021][ C0] ? find_held_lock+0x59/0x110 [ 124.569037][ C0] __do_compat_sys_ia32_clone+0xb7/0x100 [ 124.569056][ C0] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 124.569084][ C0] __do_fast_syscall_32+0x73/0x120 [ 124.569105][ C0] do_fast_syscall_32+0x32/0x80 [ 124.569125][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 124.569141][ C0] RIP: 0023:0xf7f21579 [ 124.569151][ C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 124.569164][ C0] RSP: 002b:00000000ffca32fc EFLAGS: 00000292 ORIG_RAX: 0000000000000078 [ 124.569178][ C0] RAX: ffffffffffffffda RBX: 0000000001200011 RCX: 0000000000000000 [ 124.569189][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000056a424a8 [ 124.569199][ C0] RBP: 00000000f73b0ff4 R08: 0000000000000000 R09: 0000000000000000 [ 124.569209][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 124.569218][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.569233][ C0] [ 124.576257][ C0] Kernel Offset: disabled VM DIAGNOSIS: 14:42:10 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff84fa6f20 RDI=ffffffff9511c240 RBP=ffffffff9511c200 RSP=ffffc900000075b8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3030303838386652 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff2a2389a R15=dffffc0000000000 RIP=ffffffff84fa6f47 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000003121dff8 CR3=000000005ae60000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffffffff901173f8 RBX=00000000f25d9535 RCX=00000000dc2e69cd RDX=0000000000000000 RSI=00000000162f2b68 RDI=ffffffff945b7528 RBP=ffffffff945f8fb0 RSP=ffffc900030ff3e8 R8 =0000000000000000 R9 =fffffbfff28b6ae0 R10=ffffffff945b5707 R11=0000000000000000 R12=dffffc0000000000 R13=ffff88801b66b038 R14=0000000000000002 R15=ffff88801b66a440 RIP=ffffffff816910f9 RFL=00000802 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802c100000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f7f455b8 CR3=0000000046132000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=1ffffffff2903e27 RBX=ffffffff94827fd8 RCX=1ffffffff278eaf8 RDX=00000000000003fd RSI=1ffffffff278ebf2 RDI=ffffffff9481f168 RBP=ffffffff947dba68 RSP=ffffc90002f0f1f0 R8 =0000000000000000 R9 =ffffffff945f7b90 R10=0000000000000065 R11=000000000000015e R12=ffffffff81684d00 R13=ffffffff947dba88 R14=dffffc0000000000 R15=ffffffff947dba58 RIP=ffffffff81689a18 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000003111fff8 CR3=000000000db7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffffc900005f0840 RCX=ffffffff813c9fe7 RDX=ffff8880167da440 RSI=ffffc900005f0f28 RDI=0000000000000006 RBP=ffffc900005f0f30 RSP=ffffc900005f07b8 R8 =0000000000000006 R9 =ffffc900005f0f28 R10=ffffc900005f0f30 R11=0000000000000000 R12=ffffc900005e9000 R13=ffffc900005f1000 R14=ffffc900005f0f38 R15=ffffc900005f0f28 RIP=ffffffff818b1cb0 RFL=00000083 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802c300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000031519ff8 CR3=000000000db7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000