last executing test programs:

468.712468ms ago: executing program 1 (id=2):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000001240)={0x50, 0x0, r1, {0x7, 0x2b, 0xfff, 0x83120, 0x3, 0x107, 0x1ff, 0x9, 0x0, 0x0, 0x0, 0x8}}, 0x50)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
ioctl(r2, 0x2201, &(0x7f0000000000))

69.243503ms ago: executing program 3 (id=4):
syz_emit_vhci(&(0x7f00000017c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x0, 0x2043}}}, 0x7)

0s ago: executing program 3 (id=5):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f0000000400))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f00000001c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x82400, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts.
[   68.145920][ T5848] cgroup: Unknown subsys name 'net'
[   68.272878][ T5848] cgroup: Unknown subsys name 'cpuset'
[   68.280897][ T5848] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   69.553962][ T5848] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.592086][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[   71.598438][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[   72.858325][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.865831][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.873595][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.890924][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.898388][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.928657][ T5860] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.947002][ T5868] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   72.954250][ T5868] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.989396][ T5869] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.989728][ T5873] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   73.000898][ T5869] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   73.010791][ T5869] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   73.011722][ T5873] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   73.018257][ T5868] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   73.032556][ T5868] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   73.040051][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   73.040894][ T5868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   73.054137][ T5869] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   73.062373][ T5868] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   73.069786][ T5869] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   73.249905][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   73.313688][ T5863] chnl_net:caif_netlink_parms(): no params data found
[   73.368029][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.375524][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.383190][ T5857] bridge_slave_0: entered allmulticast mode
[   73.389860][ T5857] bridge_slave_0: entered promiscuous mode
[   73.397496][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.405181][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.412619][ T5857] bridge_slave_1: entered allmulticast mode
[   73.419203][ T5857] bridge_slave_1: entered promiscuous mode
[   73.475610][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.488970][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.498629][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.505877][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.513320][ T5863] bridge_slave_0: entered allmulticast mode
[   73.520063][ T5863] bridge_slave_0: entered promiscuous mode
[   73.548201][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.555449][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.562823][ T5863] bridge_slave_1: entered allmulticast mode
[   73.569525][ T5863] bridge_slave_1: entered promiscuous mode
[   73.629223][ T5857] team0: Port device team_slave_0 added
[   73.641111][ T5857] team0: Port device team_slave_1 added
[   73.680921][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.692021][ T5861] chnl_net:caif_netlink_parms(): no params data found
[   73.705527][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.712670][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.739129][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.752484][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.782679][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.789656][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.816596][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.834613][ T5862] chnl_net:caif_netlink_parms(): no params data found
[   73.844700][ T5863] team0: Port device team_slave_0 added
[   73.866158][ T5863] team0: Port device team_slave_1 added
[   73.918899][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.926072][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.952033][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.966054][ T5857] hsr_slave_0: entered promiscuous mode
[   73.972497][ T5857] hsr_slave_1: entered promiscuous mode
[   73.989457][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.996453][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.023103][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.065684][ T5863] hsr_slave_0: entered promiscuous mode
[   74.072320][ T5863] hsr_slave_1: entered promiscuous mode
[   74.078238][ T5863] debugfs: 'hsr0' already exists in 'hsr'
[   74.084027][ T5863] Cannot create hsr debugfs directory
[   74.089682][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.097539][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.104742][ T5861] bridge_slave_0: entered allmulticast mode
[   74.111705][ T5861] bridge_slave_0: entered promiscuous mode
[   74.145318][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.153927][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.161224][ T5861] bridge_slave_1: entered allmulticast mode
[   74.167876][ T5861] bridge_slave_1: entered promiscuous mode
[   74.207610][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.215054][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.222364][ T5862] bridge_slave_0: entered allmulticast mode
[   74.229003][ T5862] bridge_slave_0: entered promiscuous mode
[   74.236573][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.243898][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.251263][ T5862] bridge_slave_1: entered allmulticast mode
[   74.257865][ T5862] bridge_slave_1: entered promiscuous mode
[   74.273167][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.314616][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.325561][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.337117][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.396278][ T5861] team0: Port device team_slave_0 added
[   74.403372][ T5862] team0: Port device team_slave_0 added
[   74.410853][ T5861] team0: Port device team_slave_1 added
[   74.427677][ T5862] team0: Port device team_slave_1 added
[   74.469569][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.477098][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.503391][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.522582][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.529643][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.556043][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.567393][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.574645][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.600641][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.625793][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.632870][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.658866][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.727492][ T5861] hsr_slave_0: entered promiscuous mode
[   74.733964][ T5861] hsr_slave_1: entered promiscuous mode
[   74.739947][ T5861] debugfs: 'hsr0' already exists in 'hsr'
[   74.745918][ T5861] Cannot create hsr debugfs directory
[   74.768110][ T5862] hsr_slave_0: entered promiscuous mode
[   74.774588][ T5862] hsr_slave_1: entered promiscuous mode
[   74.781369][ T5862] debugfs: 'hsr0' already exists in 'hsr'
[   74.787146][ T5862] Cannot create hsr debugfs directory
[   74.856917][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   74.866301][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   74.879267][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   74.904305][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.950316][ T5860] Bluetooth: hci0: command tx timeout
[   74.957989][ T5863] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   74.977644][ T5863] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   74.988818][ T5863] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.017716][ T5863] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.068013][ T5861] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.079040][ T5861] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.088895][ T5861] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.100881][ T5861] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.110361][ T5860] Bluetooth: hci2: command tx timeout
[   75.115794][ T5860] Bluetooth: hci1: command tx timeout
[   75.121326][   T51] Bluetooth: hci3: command tx timeout
[   75.168547][ T5862] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   75.187997][ T5862] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   75.202398][ T5862] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   75.213481][ T5862] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   75.285710][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.301550][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.336591][ T5863] 8021q: adding VLAN 0 to HW filter on device team0
[   75.353534][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.360717][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.379450][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   75.392892][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.411846][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.418967][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.430927][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.438047][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.451500][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.482759][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.489874][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.513415][ T5862] 8021q: adding VLAN 0 to HW filter on device team0
[   75.525943][ T5861] 8021q: adding VLAN 0 to HW filter on device team0
[   75.552042][ T4351] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.559198][ T4351] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.581769][ T4351] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.588928][ T4351] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.611596][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.618738][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.648645][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.655919][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.727172][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.831637][ T5863] veth0_vlan: entered promiscuous mode
[   75.859771][ T5863] veth1_vlan: entered promiscuous mode
[   75.921381][ T5863] veth0_macvtap: entered promiscuous mode
[   75.956065][ T5863] veth1_macvtap: entered promiscuous mode
[   75.987281][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.009470][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.032631][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.046275][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.058016][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.074558][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.084089][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.102165][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.109175][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.197845][ T5857] veth0_vlan: entered promiscuous mode
[   76.211259][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.219112][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.234507][ T5862] veth0_vlan: entered promiscuous mode
[   76.249381][ T5857] veth1_vlan: entered promiscuous mode
[   76.270095][ T5862] veth1_vlan: entered promiscuous mode
[   76.282297][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.290562][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.317856][ T5861] veth0_vlan: entered promiscuous mode
[   76.335781][ T5862] veth0_macvtap: entered promiscuous mode
[   76.345765][ T5862] veth1_macvtap: entered promiscuous mode
[   76.356851][ T5863] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   76.361230][ T5861] veth1_vlan: entered promiscuous mode
[   76.382687][ T5857] veth0_macvtap: entered promiscuous mode
[   76.412571][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.424596][ T5857] veth1_macvtap: entered promiscuous mode
[   76.441691][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.469292][   T60] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.478369][   T60] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.494104][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.501662][ T4351] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.511715][   T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.527680][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.544743][ T5861] veth0_macvtap: entered promiscuous mode
[   76.559192][ T1155] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.577601][ T1155] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.586648][ T1155] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.596361][ T5861] veth1_macvtap: entered promiscuous mode
[   76.606404][ T1155] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.638257][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.653083][ T4351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.662953][ T4351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.676787][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.689363][ T4351] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.704942][ T4351] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.715270][ T4351] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.729850][ T4351] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.745231][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.753813][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.789356][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.807193][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.869010][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.898803][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.910168][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.916920][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.951814][ T5954] ------------[ cut here ]------------
[   76.957484][ T5954] UBSAN: shift-out-of-bounds in fs/9p/vfs_super.c:57:22
[   76.966332][ T5954] shift exponent 32 is too large for 32-bit type 'int'
[   76.974904][ T5954] CPU: 0 UID: 0 PID: 5954 Comm: syz.3.5 Not tainted syzkaller #0 PREEMPT(full) 
[   76.974936][ T5954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   76.974949][ T5954] Call Trace:
[   76.974957][ T5954]  <TASK>
[   76.974965][ T5954]  dump_stack_lvl+0x189/0x250
[   76.975002][ T5954]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.975031][ T5954]  ? __pfx__printk+0x10/0x10
[   76.975064][ T5954]  ubsan_epilogue+0xa/0x40
[   76.975086][ T5954]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   76.975114][ T5954]  ? __pfx_v9fs_set_super+0x10/0x10
[   76.975138][ T5954]  v9fs_get_tree+0x957/0xa90
[   76.975163][ T5954]  ? __pfx_v9fs_get_tree+0x10/0x10
[   76.975190][ T5954]  vfs_get_tree+0x8f/0x2b0
[   76.975211][ T5954]  do_new_mount+0x2a2/0xa30
[   76.975236][ T5954]  ? ns_capable+0x8a/0xf0
[   76.975257][ T5954]  ? __pfx_do_new_mount+0x10/0x10
[   76.975278][ T5954]  ? path_mount+0x61c/0xfe0
[   76.975298][ T5954]  ? user_path_at+0x44/0x60
[   76.975330][ T5954]  __se_sys_mount+0x317/0x410
[   76.975355][ T5954]  ? __pfx___se_sys_mount+0x10/0x10
[   76.975379][ T5954]  ? rcu_is_watching+0x15/0xb0
[   76.975400][ T5954]  ? __x64_sys_mount+0x20/0xc0
[   76.975423][ T5954]  do_syscall_64+0xfa/0xfa0
[   76.975450][ T5954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.975470][ T5954]  ? clear_bhb_loop+0x60/0xb0
[   76.975492][ T5954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.975510][ T5954] RIP: 0033:0x7ff08e98ebe9
[   76.975540][ T5954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.975557][ T5954] RSP: 002b:00007ff08f855038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   76.975578][ T5954] RAX: ffffffffffffffda RBX: 00007ff08ebc5fa0 RCX: 00007ff08e98ebe9
[   76.975592][ T5954] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000
[   76.975605][ T5954] RBP: 00007ff08ea11e19 R08: 0000200000000580 R09: 0000000000000000
[   76.975618][ T5954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.975630][ T5954] R13: 00007ff08ebc6038 R14: 00007ff08ebc5fa0 R15: 00007fff69608498
[   76.975652][ T5954]  </TASK>
[   76.975659][ T5954] ---[ end trace ]---
[   77.002658][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.031279][ T5860] Bluetooth: hci0: command tx timeout
[   77.048028][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.097995][ T5954] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   77.098021][ T5954] CPU: 0 UID: 0 PID: 5954 Comm: syz.3.5 Not tainted syzkaller #0 PREEMPT(full) 
[   77.098049][ T5954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   77.098063][ T5954] Call Trace:
[   77.098073][ T5954]  <TASK>
[   77.098085][ T5954]  dump_stack_lvl+0x99/0x250
[   77.098126][ T5954]  ? __asan_memcpy+0x40/0x70
[   77.098156][ T5954]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.098192][ T5954]  ? __pfx__printk+0x10/0x10
[   77.098233][ T5954]  vpanic+0x281/0x750
[   77.098264][ T5954]  ? __pfx_vpanic+0x10/0x10
[   77.098299][ T5954]  panic+0xb9/0xc0
[   77.098326][ T5954]  ? __pfx_panic+0x10/0x10
[   77.098355][ T5954]  ? __pfx__printk+0x10/0x10
[   77.098392][ T5954]  check_panic_on_warn+0x89/0xb0
[   77.098429][ T5954]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   77.098463][ T5954]  ? __pfx_v9fs_set_super+0x10/0x10
[   77.098493][ T5954]  v9fs_get_tree+0x957/0xa90
[   77.098522][ T5954]  ? __pfx_v9fs_get_tree+0x10/0x10
[   77.098554][ T5954]  vfs_get_tree+0x8f/0x2b0
[   77.098580][ T5954]  do_new_mount+0x2a2/0xa30
[   77.098608][ T5954]  ? ns_capable+0x8a/0xf0
[   77.098632][ T5954]  ? __pfx_do_new_mount+0x10/0x10
[   77.098662][ T5954]  ? path_mount+0x61c/0xfe0
[   77.098686][ T5954]  ? user_path_at+0x44/0x60
[   77.098724][ T5954]  __se_sys_mount+0x317/0x410
[   77.098754][ T5954]  ? __pfx___se_sys_mount+0x10/0x10
[   77.098784][ T5954]  ? rcu_is_watching+0x15/0xb0
[   77.098810][ T5954]  ? __x64_sys_mount+0x20/0xc0
[   77.098838][ T5954]  do_syscall_64+0xfa/0xfa0
[   77.098870][ T5954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.098894][ T5954]  ? clear_bhb_loop+0x60/0xb0
[   77.098927][ T5954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.098951][ T5954] RIP: 0033:0x7ff08e98ebe9
[   77.098971][ T5954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.098992][ T5954] RSP: 002b:00007ff08f855038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   77.099018][ T5954] RAX: ffffffffffffffda RBX: 00007ff08ebc5fa0 RCX: 00007ff08e98ebe9
[   77.099036][ T5954] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000
[   77.099052][ T5954] RBP: 00007ff08ea11e19 R08: 0000200000000580 R09: 0000000000000000
[   77.099068][ T5954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.099082][ T5954] R13: 00007ff08ebc6038 R14: 00007ff08ebc5fa0 R15: 00007fff69608498
[   77.099108][ T5954]  </TASK>
[   77.101164][ T5954] Kernel Offset: disabled