last executing test programs: 562.448865ms ago: executing program 1 (id=2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f00000001c0)="0f2299f0f69ae8f8467f66ba400066ed66b836018ee066bad104b05beeb9d00800000f32c74424008d000000c744240289000000c7442406000000000f0114243e360f209a0f015ca00066b850008ec8", 0x50}], 0xaaaaaaaaaaaabb4, 0x49, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 309.10605ms ago: executing program 0 (id=1): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800, &(0x7f0000002300)=ANY=[]) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x10003, 0x0, 0xd7c4, 0xfffffff9}, 0x10) write$FUSE_INIT(r1, &(0x7f0000001200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x0, 0x0, 0xc5ca, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) r3 = syz_open_procfs(0xffffffffffffffff, 0x0) pread64(r3, 0x0, 0x0, 0x8) r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd5d1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x7, 0x0, 0x0, 0xb, 0x14, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x5, 0x9]}}) chown(0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 185.028119ms ago: executing program 0 (id=5): sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x3337}) recvmmsg(0xffffffffffffffff, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000001a40)=""/217, 0xd9}, {0x0}, {0x0}], 0x4}, 0xe}], 0x1, 0x40000100, 0x0) 158.901188ms ago: executing program 1 (id=6): ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000001040)=0x9b18f72) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) syz_usb_connect(0x2, 0x7ad, 0x0, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000001080)) r0 = getpid() syz_open_procfs(r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='net/ip6_mr_cache\x00') r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) flock(0xffffffffffffffff, 0x1) r3 = open(0x0, 0x0, 0x0) flock(r3, 0x2) flock(0xffffffffffffffff, 0x2) flock(0xffffffffffffffff, 0x1) timer_create(0x1, 0x0, 0x0) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000340)=""/144, 0x90}], 0x1, 0x1, 0xe3d0) 74.358991ms ago: executing program 0 (id=7): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)={0x8e}, 0x8) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) 63.326434ms ago: executing program 2 (id=3): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) unshare(0x62040200) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10.678288ms ago: executing program 3 (id=4): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file1\x00', 0xe42, 0x1ff) 0s ago: executing program 0 (id=8): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0) syz_usb_disconnect(0xffffffffffffffff) r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x4, &(0x7f0000000680)=ANY=[]) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) readv(r1, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}], 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.156' (ED25519) to the list of known hosts. [ 52.878841][ T5846] cgroup: Unknown subsys name 'net' [ 52.985544][ T5846] cgroup: Unknown subsys name 'cpuset' [ 52.993670][ T5846] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 54.069716][ T5846] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.920519][ T5864] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 55.928514][ T5864] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 55.936702][ T5864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 55.944642][ T5864] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 55.952679][ T5874] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 55.960239][ T5874] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 55.963800][ T5871] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 55.977752][ T5872] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 55.986385][ T5872] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 55.992697][ T5873] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 55.994018][ T5872] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 56.008785][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 56.009546][ T5872] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.016987][ T5873] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 56.025104][ T5872] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.032028][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 56.048866][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 56.057198][ T5870] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 56.065710][ T5870] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 56.074161][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 56.347578][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 56.370450][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 56.437191][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 56.475335][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 56.501000][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.508416][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.515910][ T5861] bridge_slave_0: entered allmulticast mode [ 56.522466][ T5861] bridge_slave_0: entered promiscuous mode [ 56.548443][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.556072][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.563312][ T5861] bridge_slave_1: entered allmulticast mode [ 56.570723][ T5861] bridge_slave_1: entered promiscuous mode [ 56.606406][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.613876][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.621426][ T5858] bridge_slave_0: entered allmulticast mode [ 56.628835][ T5858] bridge_slave_0: entered promiscuous mode [ 56.651090][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.658480][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.665953][ T5858] bridge_slave_1: entered allmulticast mode [ 56.672462][ T5858] bridge_slave_1: entered promiscuous mode [ 56.681849][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.689364][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.696883][ T5860] bridge_slave_0: entered allmulticast mode [ 56.703475][ T5860] bridge_slave_0: entered promiscuous mode [ 56.712318][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.730897][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.738115][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.745599][ T5860] bridge_slave_1: entered allmulticast mode [ 56.752110][ T5860] bridge_slave_1: entered promiscuous mode [ 56.760167][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.801080][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.812695][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.834722][ T5861] team0: Port device team_slave_0 added [ 56.847496][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.854748][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.861914][ T5859] bridge_slave_0: entered allmulticast mode [ 56.869042][ T5859] bridge_slave_0: entered promiscuous mode [ 56.878050][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.888997][ T5861] team0: Port device team_slave_1 added [ 56.901371][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.909007][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.916491][ T5859] bridge_slave_1: entered allmulticast mode [ 56.923048][ T5859] bridge_slave_1: entered promiscuous mode [ 56.930736][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.947901][ T5858] team0: Port device team_slave_0 added [ 56.972074][ T5858] team0: Port device team_slave_1 added [ 56.990879][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.998621][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.025521][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.044431][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.055279][ T5860] team0: Port device team_slave_0 added [ 57.061635][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.069094][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.095252][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.112973][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.129501][ T5860] team0: Port device team_slave_1 added [ 57.139321][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.146643][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.174287][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.204813][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.211947][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.238671][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.250221][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.258769][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.286304][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.298317][ T5859] team0: Port device team_slave_0 added [ 57.305959][ T5859] team0: Port device team_slave_1 added [ 57.319808][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.327339][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.354334][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.398160][ T5861] hsr_slave_0: entered promiscuous mode [ 57.404736][ T5861] hsr_slave_1: entered promiscuous mode [ 57.418793][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.426255][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.453186][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.477165][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.484939][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.511924][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.540074][ T5860] hsr_slave_0: entered promiscuous mode [ 57.546820][ T5860] hsr_slave_1: entered promiscuous mode [ 57.553136][ T5860] debugfs: 'hsr0' already exists in 'hsr' [ 57.559438][ T5860] Cannot create hsr debugfs directory [ 57.574138][ T5858] hsr_slave_0: entered promiscuous mode [ 57.580582][ T5858] hsr_slave_1: entered promiscuous mode [ 57.587004][ T5858] debugfs: 'hsr0' already exists in 'hsr' [ 57.594242][ T5858] Cannot create hsr debugfs directory [ 57.684271][ T5859] hsr_slave_0: entered promiscuous mode [ 57.690524][ T5859] hsr_slave_1: entered promiscuous mode [ 57.697190][ T5859] debugfs: 'hsr0' already exists in 'hsr' [ 57.704181][ T5859] Cannot create hsr debugfs directory [ 57.859082][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 57.879502][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 57.892085][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 57.910598][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 57.947418][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.957478][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.975379][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.990730][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.019624][ T5859] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 58.036390][ T5859] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 58.043861][ T51] Bluetooth: hci0: command tx timeout [ 58.055947][ T5859] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 58.066535][ T5859] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 58.102079][ T5860] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 58.112118][ T5860] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 58.123814][ T51] Bluetooth: hci2: command tx timeout [ 58.123843][ T5873] Bluetooth: hci1: command tx timeout [ 58.129529][ T51] Bluetooth: hci3: command tx timeout [ 58.148656][ T5860] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 58.157973][ T5860] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 58.198484][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.241384][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.271278][ T3521] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.278595][ T3521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.295673][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.305751][ T3521] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.313500][ T3521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.341293][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.366662][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.388486][ T72] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.395761][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.410544][ T1093] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.418152][ T1093] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.430924][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.452012][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.459403][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.504132][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.511559][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.525665][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.572466][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.596925][ T72] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.604075][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.616598][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.623850][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.702935][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.777476][ T5861] veth0_vlan: entered promiscuous mode [ 58.827077][ T5861] veth1_vlan: entered promiscuous mode [ 58.847008][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.892161][ T5861] veth0_macvtap: entered promiscuous mode [ 58.911445][ T5861] veth1_macvtap: entered promiscuous mode [ 58.925873][ T5858] veth0_vlan: entered promiscuous mode [ 58.948074][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.960604][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.971262][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.982200][ T5858] veth1_vlan: entered promiscuous mode [ 59.002430][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.037001][ T1106] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.046219][ T1106] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.057898][ T1106] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.072785][ T5858] veth0_macvtap: entered promiscuous mode [ 59.084549][ T1106] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.098689][ T5858] veth1_macvtap: entered promiscuous mode [ 59.106908][ T5859] veth0_vlan: entered promiscuous mode [ 59.141099][ T5859] veth1_vlan: entered promiscuous mode [ 59.159605][ T5860] veth0_vlan: entered promiscuous mode [ 59.168477][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.185965][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.190290][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.206271][ T5860] veth1_vlan: entered promiscuous mode [ 59.213213][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.248218][ T1106] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.258263][ T1106] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.268007][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.278630][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.283861][ T1106] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.295157][ T1106] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.311030][ T5859] veth0_macvtap: entered promiscuous mode [ 59.328845][ T5859] veth1_macvtap: entered promiscuous mode [ 59.346231][ T5860] veth0_macvtap: entered promiscuous mode [ 59.359478][ T5860] veth1_macvtap: entered promiscuous mode [ 59.368664][ T5861] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 59.386173][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.407560][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.416567][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.431926][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.445391][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.467813][ T5946] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 59.490834][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.506425][ T1093] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.515840][ T1093] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.531306][ T3521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.544878][ T3521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.553323][ T1093] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.563360][ T1093] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.584822][ T1093] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.595255][ T1093] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.630606][ T1093] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.645561][ T1093] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.689971][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.706792][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.762085][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.785617][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.813043][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.830053][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.874131][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.902995][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.925183][ T5957] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 60.035099][ T5964] ------------[ cut here ]------------ [ 60.047600][ T5964] UBSAN: shift-out-of-bounds in fs/9p/vfs_super.c:57:22 [ 60.056916][ T5964] shift exponent 32 is too large for 32-bit type 'int' [ 60.064561][ T5964] CPU: 1 UID: 0 PID: 5964 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(full) [ 60.064584][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 60.064594][ T5964] Call Trace: [ 60.064600][ T5964] [ 60.064608][ T5964] dump_stack_lvl+0x189/0x250 [ 60.064636][ T5964] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.064659][ T5964] ? __pfx__printk+0x10/0x10 [ 60.064684][ T5964] ubsan_epilogue+0xa/0x40 [ 60.064701][ T5964] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 60.064723][ T5964] ? __pfx_v9fs_set_super+0x10/0x10 [ 60.064743][ T5964] v9fs_get_tree+0x957/0xa90 [ 60.064762][ T5964] ? __pfx_v9fs_get_tree+0x10/0x10 [ 60.064783][ T5964] vfs_get_tree+0x8f/0x2b0 [ 60.064801][ T5964] do_new_mount+0x2a2/0xa30 [ 60.064819][ T5964] ? ns_capable+0x8a/0xf0 [ 60.064836][ T5964] ? __pfx_do_new_mount+0x10/0x10 [ 60.064854][ T5964] ? path_mount+0x61c/0xfe0 [ 60.064870][ T5964] ? user_path_at+0x44/0x60 [ 60.064893][ T5964] __se_sys_mount+0x317/0x410 [ 60.064913][ T5964] ? __pfx___se_sys_mount+0x10/0x10 [ 60.064931][ T5964] ? rcu_is_watching+0x15/0xb0 [ 60.064945][ T5964] ? __x64_sys_mount+0x20/0xc0 [ 60.064962][ T5964] do_syscall_64+0xfa/0xfa0 [ 60.064984][ T5964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.064999][ T5964] ? clear_bhb_loop+0x60/0xb0 [ 60.065016][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.065033][ T5964] RIP: 0033:0x7fc5b518ebe9 [ 60.065066][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.065079][ T5964] RSP: 002b:00007fc5b5ff4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.065099][ T5964] RAX: ffffffffffffffda RBX: 00007fc5b53c5fa0 RCX: 00007fc5b518ebe9 [ 60.065112][ T5964] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000 [ 60.065134][ T5964] RBP: 00007fc5b5211e19 R08: 0000200000000780 R09: 0000000000000000 [ 60.065145][ T5964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.065155][ T5964] R13: 00007fc5b53c6038 R14: 00007fc5b53c5fa0 R15: 00007fff3e3f4ef8 [ 60.065173][ T5964] [ 60.065180][ T5964] ---[ end trace ]--- [ 60.128557][ T51] Bluetooth: hci0: command tx timeout [ 60.153872][ T5964] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 60.153892][ T5964] CPU: 1 UID: 0 PID: 5964 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(full) [ 60.153913][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 60.153925][ T5964] Call Trace: [ 60.153932][ T5964] [ 60.153940][ T5964] dump_stack_lvl+0x99/0x250 [ 60.153969][ T5964] ? __asan_memcpy+0x40/0x70 [ 60.153989][ T5964] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.154012][ T5964] ? __pfx__printk+0x10/0x10 [ 60.154040][ T5964] vpanic+0x281/0x750 [ 60.154061][ T5964] ? __pfx_vpanic+0x10/0x10 [ 60.154086][ T5964] panic+0xb9/0xc0 [ 60.154104][ T5964] ? __pfx_panic+0x10/0x10 [ 60.154123][ T5964] ? __pfx__printk+0x10/0x10 [ 60.154164][ T5964] check_panic_on_warn+0x89/0xb0 [ 60.154189][ T5964] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 60.154213][ T5964] ? __pfx_v9fs_set_super+0x10/0x10 [ 60.154234][ T5964] v9fs_get_tree+0x957/0xa90 [ 60.154255][ T5964] ? __pfx_v9fs_get_tree+0x10/0x10 [ 60.154277][ T5964] vfs_get_tree+0x8f/0x2b0 [ 60.154294][ T5964] do_new_mount+0x2a2/0xa30 [ 60.154314][ T5964] ? ns_capable+0x8a/0xf0 [ 60.154331][ T5964] ? __pfx_do_new_mount+0x10/0x10 [ 60.154349][ T5964] ? path_mount+0x61c/0xfe0 [ 60.154365][ T5964] ? user_path_at+0x44/0x60 [ 60.154388][ T5964] __se_sys_mount+0x317/0x410 [ 60.154409][ T5964] ? __pfx___se_sys_mount+0x10/0x10 [ 60.154426][ T5964] ? rcu_is_watching+0x15/0xb0 [ 60.154443][ T5964] ? __x64_sys_mount+0x20/0xc0 [ 60.154462][ T5964] do_syscall_64+0xfa/0xfa0 [ 60.154485][ T5964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.154502][ T5964] ? clear_bhb_loop+0x60/0xb0 [ 60.154520][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.154537][ T5964] RIP: 0033:0x7fc5b518ebe9 [ 60.154553][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.154568][ T5964] RSP: 002b:00007fc5b5ff4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.154587][ T5964] RAX: ffffffffffffffda RBX: 00007fc5b53c5fa0 RCX: 00007fc5b518ebe9 [ 60.154599][ T5964] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000 [ 60.154611][ T5964] RBP: 00007fc5b5211e19 R08: 0000200000000780 R09: 0000000000000000 [ 60.154623][ T5964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.154646][ T5964] R13: 00007fc5b53c6038 R14: 00007fc5b53c5fa0 R15: 00007fff3e3f4ef8 [ 60.154666][ T5964] [ 60.158644][ T5964] Kernel Offset: disabled